DOKK Library

Abstract Algebra (Annual Edition 2014)

Authors Thomas W. Judson

License GFDL-1.2-no-invariants-or-later

Plaintext
 Abstract Algebra
Theory and Applications

       Thomas W. Judson
Stephen F. Austin State University

         August 15, 2014
ii




Copyright 1997-2014 by Thomas W. Judson.

Permission is granted to copy, distribute and/or modify this document under
the terms of the GNU Free Documentation License, Version 1.2 or any later
version published by the Free Software Foundation; with no Invariant Sections,
no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is
included in the appendix entitled “GNU Free Documentation License”.

A current version can always be found via abstract.pugetsound.edu.
                               Preface



This text is intended for a one- or two-semester undergraduate course in
abstract algebra. Traditionally, these courses have covered the theoretical
aspects of groups, rings, and fields. However, with the development of
computing in the last several decades, applications that involve abstract
algebra and discrete mathematics have become increasingly important, and
many science, engineering, and computer science students are now electing
to minor in mathematics. Though theory still occupies a central role in the
subject of abstract algebra and no student should go through such a course
without a good notion of what a proof is, the importance of applications
such as coding theory and cryptography has grown significantly.
    Until recently most abstract algebra texts included few if any applications.
However, one of the major problems in teaching an abstract algebra course
is that for many students it is their first encounter with an environment that
requires them to do rigorous proofs. Such students often find it hard to see
the use of learning to prove theorems and propositions; applied examples
help the instructor provide motivation.
    This text contains more material than can possibly be covered in a single
semester. Certainly there is adequate material for a two-semester course, and
perhaps more; however, for a one-semester course it would be quite easy to
omit selected chapters and still have a useful text. The order of presentation
of topics is standard: groups, then rings, and finally fields. Emphasis can be
placed either on theory or on applications. A typical one-semester course
might cover groups and rings while briefly touching on field theory, using
Chapters 1 through 6, 9, 10, 11, 13 (the first part), 16, 17, 18 (the first
part), 20, and 21. Parts of these chapters could be deleted and applications
substituted according to the interests of the students and the instructor. A
two-semester course emphasizing theory might cover Chapters 1 through 6,
9, 10, 11, 13 through 18, 20, 21, 22 (the first part), and 23. On the other


                                      iii
iv                                                                  PREFACE

hand, if applications are to be emphasized, the course might cover Chapters
1 through 14, and 16 through 22. In an applied course, some of the more
theoretical results could be assumed or omitted. A chapter dependency chart
appears below. (A broken line indicates a partial dependency.)

                          Chapters 1–6


          Chapter 8         Chapter 9        Chapter 7


                           Chapter 10


                           Chapter 11


         Chapter 13        Chapter 16        Chapter 12       Chapter 14


                           Chapter 17                         Chapter 15


         Chapter 18        Chapter 20        Chapter 19


                           Chapter 21


                           Chapter 22


                           Chapter 23


    Though there are no specific prerequisites for a course in abstract algebra,
students who have had other higher-level courses in mathematics will generally
be more prepared than those who have not, because they will possess a bit
more mathematical sophistication. Occasionally, we shall assume some basic
linear algebra; that is, we shall take for granted an elementary knowledge
of matrices and determinants. This should present no great problem, since
most students taking a course in abstract algebra have been introduced to
matrices and determinants elsewhere in their career, if they have not already
taken a sophomore- or junior-level course in linear algebra.
PREFACE                                                                       v

     Exercise sections are the heart of any mathematics text. An exercise set
appears at the end of each chapter. The nature of the exercises ranges over
several categories; computational, conceptual, and theoretical problems are
included. A section presenting hints and solutions to many of the exercises
appears at the end of the text. Often in the solutions a proof is only sketched,
and it is up to the student to provide the details. The exercises range in
difficulty from very easy to very challenging. Many of the more substantial
problems require careful thought, so the student should not be discouraged
if the solution is not forthcoming after a few minutes of work.
     There are additional exercises or computer projects at the ends of many
of the chapters. The computer projects usually require a knowledge of
programming. All of these exercises and projects are more substantial in
nature and allow the exploration of new results and theory.
     Sage (sagemath.org) is a free, open source, software system for ad-
vanced mathematics, which is ideal for assisting with a study of abstract
algebra. Comprehensive discussion about Sage, and a selection of relevant
exercises, are provided in an electronic format that may be used with the
Sage Notebook in a web browser, either on your own computer, or at a public
server such as sagenb.org. Look for this supplement at the book’s website:
abstract.pugetsound.edu. In printed versions of the book, we include a
brief description of Sage’s capabilities at the end of each chapter, right after
the references.
     The open source version of this book has received support from the
National Science Foundation (Award # 1020957).


Acknowledgements
I would like to acknowledge the following reviewers for their helpful comments
and suggestions.

   • David Anderson, University of Tennessee, Knoxville

   • Robert Beezer, University of Puget Sound

   • Myron Hood, California Polytechnic State University

   • Herbert Kasube, Bradley University

   • John Kurtzke, University of Portland

   • Inessa Levi, University of Louisville
vi                                                                PREFACE

     • Geoffrey Mason, University of California, Santa Cruz

     • Bruce Mericle, Mankato State University

     • Kimmo Rosenthal, Union College

     • Mark Teply, University of Wisconsin

I would also like to thank Steve Quigley, Marnie Pommett, Cathie Griffin,
Kelle Karshick, and the rest of the staff at PWS for their guidance throughout
this project. It has been a pleasure to work with them.

                                                         Thomas W. Judson
                            Contents




Preface                                                                   iii

1 Preliminaries                                                            1
  1.1 A Short Note on Proofs . . . . . . . . . . . . . . . . . . . . .     1
  1.2 Sets and Equivalence Relations . . . . . . . . . . . . . . . . .     4

2 The Integers                                                         23
  2.1 Mathematical Induction . . . . . . . . . . . . . . . . . . . . . 23
  2.2 The Division Algorithm . . . . . . . . . . . . . . . . . . . . . 27

3 Groups                                                                  37
  3.1 Integer Equivalence Classes and Symmetries . . . . . . . . . . 37
  3.2 Definitions and Examples . . . . . . . . . . . . . . . . . . . . 42
  3.3 Subgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

4 Cyclic Groups                                                          59
  4.1 Cyclic Subgroups . . . . . . . . . . . . . . . . . . . . . . . . . 59
  4.2 Multiplicative Group of Complex Numbers . . . . . . . . . . 63
  4.3 The Method of Repeated Squares . . . . . . . . . . . . . . . . 68

5 Permutation Groups                                                     76
  5.1 Definitions and Notation . . . . . . . . . . . . . . . . . . . . . 77
  5.2 Dihedral Groups . . . . . . . . . . . . . . . . . . . . . . . . . 85

6 Cosets and Lagrange’s Theorem                                            94
  6.1 Cosets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
  6.2 Lagrange’s Theorem . . . . . . . . . . . . . . . . . . . . . . . 97
  6.3 Fermat’s and Euler’s Theorems . . . . . . . . . . . . . . . . . 99


                                     vii
viii                                                                              CONTENTS

7 Introduction to Cryptography                                         103
  7.1 Private Key Cryptography . . . . . . . . . . . . . . . . . . . . 104
  7.2 Public Key Cryptography . . . . . . . . . . . . . . . . . . . . 107

8 Algebraic Coding Theory                                                                             115
  8.1 Error-Detecting and Correcting Codes        .   .   .   .   .   .   .   .   .   .   .   .   .   115
  8.2 Linear Codes . . . . . . . . . . . . . .    .   .   .   .   .   .   .   .   .   .   .   .   .   124
  8.3 Parity-Check and Generator Matrices         .   .   .   .   .   .   .   .   .   .   .   .   .   128
  8.4 Efficient Decoding . . . . . . . . . . .    .   .   .   .   .   .   .   .   .   .   .   .   .   135

9 Isomorphisms                                                            144
  9.1 Definition and Examples . . . . . . . . . . . . . . . . . . . . . 144
  9.2 Direct Products . . . . . . . . . . . . . . . . . . . . . . . . . . 149

10 Normal Subgroups and Factor Groups                                   159
   10.1 Factor Groups and Normal Subgroups . . . . . . . . . . . . . 159
   10.2 The Simplicity of the Alternating Group . . . . . . . . . . . . 162

11 Homomorphisms                                                       169
   11.1 Group Homomorphisms . . . . . . . . . . . . . . . . . . . . . 169
   11.2 The Isomorphism Theorems . . . . . . . . . . . . . . . . . . . 172

12 Matrix Groups and Symmetry                                              179
   12.1 Matrix Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 179
   12.2 Symmetry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

13 The Structure of Groups                                                200
   13.1 Finite Abelian Groups . . . . . . . . . . . . . . . . . . . . . . 200
   13.2 Solvable Groups . . . . . . . . . . . . . . . . . . . . . . . . . 205

14 Group Actions                                                                                      213
   14.1 Groups Acting on Sets . . . . . . . . . . . . . . . . . . . . . .                             213
   14.2 The Class Equation . . . . . . . . . . . . . . . . . . . . . . .                              217
   14.3 Burnside’s Counting Theorem . . . . . . . . . . . . . . . . . .                               219

15 The Sylow Theorems                                                    231
   15.1 The Sylow Theorems . . . . . . . . . . . . . . . . . . . . . . . 231
   15.2 Examples and Applications . . . . . . . . . . . . . . . . . . . 235
CONTENTS                                                                                                     ix

16 Rings                                                                                                    243
   16.1 Rings . . . . . . . . . . . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   243
   16.2 Integral Domains and Fields . . . .     .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   248
   16.3 Ring Homomorphisms and Ideals .         .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   250
   16.4 Maximal and Prime Ideals . . . . .      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   254
   16.5 An Application to Software Design       .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   257

17 Polynomials                                                                                              268
   17.1 Polynomial Rings . . . . . . . . . . . . . . . . . . . . . . . . .                                  269
   17.2 The Division Algorithm . . . . . . . . . . . . . . . . . . . . .                                    273
   17.3 Irreducible Polynomials . . . . . . . . . . . . . . . . . . . . .                                   277

18 Integral Domains                                                         288
   18.1 Fields of Fractions . . . . . . . . . . . . . . . . . . . . . . . . 288
   18.2 Factorization in Integral Domains . . . . . . . . . . . . . . . . 292

19 Lattices and Boolean Algebras                                                                            306
   19.1 Lattices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                306
   19.2 Boolean Algebras . . . . . . . . . . . . . . . . . . . . . . . . .                                   311
   19.3 The Algebra of Electrical Circuits . . . . . . . . . . . . . . . .                                  317

20 Vector Spaces                                                            324
   20.1 Definitions and Examples . . . . . . . . . . . . . . . . . . . . 324
   20.2 Subspaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
   20.3 Linear Independence . . . . . . . . . . . . . . . . . . . . . . . 327

21 Fields                                                                                                   334
   21.1 Extension Fields . . . . . . . . . . . . . . . . . . . . . . . . .                                  334
   21.2 Splitting Fields . . . . . . . . . . . . . . . . . . . . . . . . . .                                345
   21.3 Geometric Constructions . . . . . . . . . . . . . . . . . . . . .                                   348

22 Finite Fields                                                            358
   22.1 Structure of a Finite Field . . . . . . . . . . . . . . . . . . . . 358
   22.2 Polynomial Codes . . . . . . . . . . . . . . . . . . . . . . . . 363

23 Galois Theory                                                             376
   23.1 Field Automorphisms . . . . . . . . . . . . . . . . . . . . . . 376
   23.2 The Fundamental Theorem . . . . . . . . . . . . . . . . . . . 382
   23.3 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

Hints and Solutions                                                                                         401
x                                CONTENTS

GNU Free Documentation License        416

Notation                              424

Index                                 428
                                    1
                     Preliminaries



A certain amount of mathematical maturity is necessary to find and study
applications of abstract algebra. A basic knowledge of set theory, mathe-
matical induction, equivalence relations, and matrices is a must. Even more
important is the ability to read and understand mathematical proofs. In
this chapter we will outline the background needed for a course in abstract
algebra.


1.1    A Short Note on Proofs
Abstract mathematics is different from other sciences. In laboratory sciences
such as chemistry and physics, scientists perform experiments to discover
new principles and verify theories. Although mathematics is often motivated
by physical experimentation or by computer simulations, it is made rigorous
through the use of logical arguments. In studying abstract mathematics, we
take what is called an axiomatic approach; that is, we take a collection of
objects S and assume some rules about their structure. These rules are called
axioms. Using the axioms for S, we wish to derive other information about
S by using logical arguments. We require that our axioms be consistent; that
is, they should not contradict one another. We also demand that there not
be too many axioms. If a system of axioms is too restrictive, there will be
few examples of the mathematical structure.
     A statement in logic or mathematics is an assertion that is either true
or false. Consider the following examples:

   • 3 + 56 − 13 + 8/2.

   • All cats are black.

   • 2 + 3 = 5.

                                     1
2                                         CHAPTER 1       PRELIMINARIES

    • 2x = 6 exactly when x = 4.

    • If ax2 + bx + c = 0 and a 6= 0, then
                                         √
                                   −b ± b2 − 4ac
                              x=                 .
                                           2a

    • x3 − 4x2 + 5x − 6.
All but the first and last examples are statements, and must be either true
or false.
    A mathematical proof is nothing more than a convincing argument
about the accuracy of a statement. Such an argument should contain enough
detail to convince the audience; for instance, we can see that the statement
“2x = 6 exactly when x = 4” is false by evaluating 2 · 4 and noting that
6 6= 8, an argument that would satisfy anyone. Of course, audiences may
vary widely: proofs can be addressed to another student, to a professor, or
to the reader of a text. If more detail than needed is presented in the proof,
then the explanation will be either long-winded or poorly written. If too
much detail is omitted, then the proof may not be convincing. Again it
is important to keep the audience in mind. High school students require
much more detail than do graduate students. A good rule of thumb for an
argument in an introductory abstract algebra course is that it should be
written to convince one’s peers, whether those peers be other students or
other readers of the text.
    Let us examine different types of statements. A statement could be as
simple as “10/5 = 2”; however, mathematicians are usually interested in
more complex statements such as “If p, then q,” where p and q are both
statements. If certain statements are known or assumed to be true, we
wish to know what we can say about other statements. Here p is called
the hypothesis and q is known as the conclusion. Consider the following
statement: If ax2 + bx + c = 0 and a 6= 0, then
                                       √
                                 −b ± b2 − 4ac
                             x=                  .
                                        2a
The hypothesis is ax2 + bx + c = 0 and a 6= 0; the conclusion is
                                    √
                               −b ± b2 − 4ac
                           x=                   .
                                     2a
Notice that the statement says nothing about whether or not the hypothesis
is true. However, if this entire statement is true and we can show that
1.1    A SHORT NOTE ON PROOFS                                                3

ax2 + bx + c = 0 with a 6= 0 is true, then the conclusion must be true. A
proof of this statement might simply be a series of equations:

                          ax2 + bx + c = 0
                                    b        c
                              x2 + x = −
                                    a       a
                                2  2
                         b        b          b      c
                     x2 + x +          =          −
                         a       2a         2a      a
                                   2     2
                                  b      b − 4ac
                            x+         =
                                 2a          4a2
                                            √
                                     b   ± b2 − 4ac
                               x+      =
                                    2a         2a
                                                √
                                         −b ± b2 − 4ac
                                      x=               .
                                                 2a
    If we can prove a statement true, then that statement is called a propo-
sition. A proposition of major importance is called a theorem. Sometimes
instead of proving a theorem or proposition all at once, we break the proof
down into modules; that is, we prove several supporting propositions, which
are called lemmas, and use the results of these propositions to prove the
main result. If we can prove a proposition or a theorem, we will often,
with very little effort, be able to derive other related propositions called
corollaries.

Some Cautions and Suggestions
There are several different strategies for proving propositions. In addition to
using different methods of proof, students often make some common mistakes
when they are first learning how to prove theorems. To aid students who
are studying abstract mathematics for the first time, we list here some of
the difficulties that they may encounter and some of the strategies of proof
available to them. It is a good idea to keep referring back to this list as a
reminder. (Other techniques of proof will become apparent throughout this
chapter and the remainder of the text.)

      • A theorem cannot be proved by example; however, the standard way to
        show that a statement is not a theorem is to provide a counterexample.

      • Quantifiers are important. Words and phrases such as only, for all, for
        every, and for some possess different meanings.
4                                               CHAPTER 1    PRELIMINARIES

    • Never assume any hypothesis that is not explicitly stated in the theorem.
      You cannot take things for granted.
    • Suppose you wish to show that an object exists and is unique. First
      show that there actually is such an object. To show that it is unique,
      assume that there are two such objects, say r and s, and then show
      that r = s.
    • Sometimes it is easier to prove the contrapositive of a statement.
      Proving the statement “If p, then q” is exactly the same as proving the
      statement “If not q, then not p.”
    • Although it is usually better to find a direct proof of a theorem, this
      task can sometimes be difficult. It may be easier to assume that the
      theorem that you are trying to prove is false, and to hope that in the
      course of your argument you are forced to make some statement that
      cannot possibly be true.
    Remember that one of the main objectives of higher mathematics is
proving theorems. Theorems are tools that make new and productive ap-
plications of mathematics possible. We use examples to give insight into
existing theorems and to foster intuitions as to what new theorems might be
true. Applications, examples, and proofs are tightly interconnected—much
more so than they may seem at first appearance.


1.2     Sets and Equivalence Relations
Set Theory
A set is a well-defined collection of objects; that is, it is defined in such
a manner that we can determine for any given object x whether or not x
belongs to the set. The objects that belong to a set are called its elements
or members. We will denote sets by capital letters, such as A or X; if a is
an element of the set A, we write a ∈ A.
    A set is usually specified either by listing all of its elements inside a pair
of braces or by stating the property that determines whether or not an object
x belongs to the set. We might write

                               X = {x1 , x2 , . . . , xn }

for a set containing elements x1 , x2 , . . . , xn or

                              X = {x : x satisfies P}
1.2   SETS AND EQUIVALENCE RELATIONS                                         5

if each x in X satisfies a certain property P. For example, if E is the set of
even positive integers, we can describe E by writing either

      E = {2, 4, 6, . . .} or    E = {x : x is an even integer and x > 0}.

We write 2 ∈ E when we want to say that 2 is in the set E, and −3 ∈ / E to
say that −3 is not in the set E.
   Some of the more important sets that we will consider are the following:

               N = {n : n is a natural number} = {1, 2, 3, . . .};
               Z = {n : n is an integer} = {. . . , −1, 0, 1, 2, . . .};
      Q = {r : r is a rational number} = {p/q : p, q ∈ Z where q 6= 0};
                          R = {x : x is a real number};
                       C = {z : z is a complex number}.

    We find various relations between sets and can perform operations on
sets. A set A is a subset of B, written A ⊂ B or B ⊃ A, if every element of
A is also an element of B. For example,

                         {4, 5, 8} ⊂ {2, 3, 4, 5, 6, 7, 8, 9}

and
                                N ⊂ Z ⊂ Q ⊂ R ⊂ C.
Trivially, every set is a subset of itself. A set B is a proper subset of a
set A if B ⊂ A but B 6= A. If A is not a subset of B, we write A 6⊂ B; for
example, {4, 7, 9} 6⊂ {2, 4, 5, 8, 9}. Two sets are equal, written A = B, if we
can show that A ⊂ B and B ⊂ A.
    It is convenient to have a set with no elements in it. This set is called
the empty set and is denoted by ∅. Note that the empty set is a subset of
every set.
    To construct new sets out of old sets, we can perform certain operations:
the union A ∪ B of two sets A and B is defined as

                         A ∪ B = {x : x ∈ A or x ∈ B};

the intersection of A and B is defined by

                        A ∩ B = {x : x ∈ A and x ∈ B}.

If A = {1, 3, 5} and B = {1, 2, 3, 9}, then

                A ∪ B = {1, 2, 3, 5, 9}     and A ∩ B = {1, 3}.
6                                           CHAPTER 1     PRELIMINARIES

We can consider the union and the intersection of more than two sets. In
this case we write
                         n
                         [
                            Ai = A1 ∪ . . . ∪ An
                           i=1

and
                           n
                           \
                                 Ai = A1 ∩ . . . ∩ An
                           i=1

for the union and intersection, respectively, of the sets A1 , . . . , An .
    When two sets have no elements in common, they are said to be disjoint;
for example, if E is the set of even integers and O is the set of odd integers,
then E and O are disjoint. Two sets A and B are disjoint exactly when
A ∩ B = ∅.
    Sometimes we will work within one fixed set U , called the universal set.
For any set A ⊂ U , we define the complement of A, denoted by A0 , to be
the set
                        A0 = {x : x ∈ U and x ∈  / A}.
    We define the difference of two sets A and B to be

                 A \ B = A ∩ B 0 = {x : x ∈ A and x ∈
                                                    / B}.


Example 1. Let R be the universal set and suppose that

         A = {x ∈ R : 0 < x ≤ 3}      and B = {x ∈ R : 2 ≤ x < 4}.

Then

                     A ∩ B = {x ∈ R : 2 ≤ x ≤ 3}
                     A ∪ B = {x ∈ R : 0 < x < 4}
                     A \ B = {x ∈ R : 0 < x < 2}
                         A0 = {x ∈ R : x ≤ 0 or x > 3}.

                                                                            

Proposition 1.1 Let A, B, and C be sets. Then

    1. A ∪ A = A, A ∩ A = A, and A \ A = ∅;

    2. A ∪ ∅ = A and A ∩ ∅ = ∅;
1.2   SETS AND EQUIVALENCE RELATIONS                                      7

  3. A ∪ (B ∪ C) = (A ∪ B) ∪ C and A ∩ (B ∩ C) = (A ∩ B) ∩ C;

  4. A ∪ B = B ∪ A and A ∩ B = B ∩ A;

  5. A ∪ (B ∩ C) = (A ∪ B) ∩ (A ∪ C);

  6. A ∩ (B ∪ C) = (A ∩ B) ∪ (A ∩ C).

Proof. We will prove (1) and (3) and leave the remaining results to be
proven in the exercises.
   (1) Observe that

                       A ∪ A = {x : x ∈ A or x ∈ A}
                               = {x : x ∈ A}
                               =A

and

                      A ∩ A = {x : x ∈ A and x ∈ A}
                              = {x : x ∈ A}
                              = A.

Also, A \ A = A ∩ A0 = ∅.
   (3) For sets A, B, and C,

              A ∪ (B ∪ C) = A ∪ {x : x ∈ B or x ∈ C}
                             = {x : x ∈ A or x ∈ B, or x ∈ C}
                             = {x : x ∈ A or x ∈ B} ∪ C
                             = (A ∪ B) ∪ C.

A similar argument proves that A ∩ (B ∩ C) = (A ∩ B) ∩ C.                

Theorem 1.2 (De Morgan’s Laws) Let A and B be sets. Then

  1. (A ∪ B)0 = A0 ∩ B 0 ;

  2. (A ∩ B)0 = A0 ∪ B 0 .

Proof. (1) We must show that (A ∪ B)0 ⊂ A0 ∩ B 0 and (A ∪ B)0 ⊃ A0 ∩ B 0 .
Let x ∈ (A ∪ B)0 . Then x ∈  / A ∪ B. So x is neither in A nor in B, by the
definition of the union of sets. By the definition of the complement, x ∈ A0
and x ∈ B 0 . Therefore, x ∈ A0 ∩ B 0 and we have (A ∪ B)0 ⊂ A0 ∩ B 0 .
8                                                CHAPTER 1          PRELIMINARIES

   To show the reverse inclusion, suppose that x ∈ A0 ∩ B 0 . Then x ∈ A0
and x ∈ B 0 , and so x ∈/ A and x ∈           / A ∪ B and so x ∈ (A ∪ B)0 .
                                  / B. Thus x ∈
Hence, (A ∪ B) ⊃ A ∩ B and so (A ∪ B) = A0 ∩ B 0 .
                0     0    0                0

   The proof of (2) is left as an exercise.                            

Example 2. Other relations between sets often hold true. For example,

                              (A \ B) ∩ (B \ A) = ∅.

To see that this is true, observe that

                   (A \ B) ∩ (B \ A) = (A ∩ B 0 ) ∩ (B ∩ A0 )
                                          = A ∩ A0 ∩ B ∩ B 0
                                          = ∅.

                                                                                   


Cartesian Products and Mappings
Given sets A and B, we can define a new set A × B, called the Cartesian
product of A and B, as a set of ordered pairs. That is,

                      A × B = {(a, b) : a ∈ A and b ∈ B}.


Example 3. If A = {x, y}, B = {1, 2, 3}, and C = ∅, then A × B is the set

                    {(x, 1), (x, 2), (x, 3), (y, 1), (y, 2), (y, 3)}

and
                                      A × C = ∅.
                                                                                   
    We define the Cartesian product of n sets to be

          A1 × · · · × An = {(a1 , . . . , an ) : ai ∈ Ai for i = 1, . . . , n}.

If A = A1 = A2 = · · · = An , we often write An for A × · · · × A (where A
would be written n times). For example, the set R3 consists of all of 3-tuples
of real numbers.
    Subsets of A × B are called relations. We will define a mapping or
function f ⊂ A × B from a set A to a set B to be the special type of
1.2   SETS AND EQUIVALENCE RELATIONS                                          9

relation in which for each element a ∈ A there is a unique element b ∈ B
such that (a, b) ∈ f ; another way of saying this is that for every element in
                                                                          f
A, f assigns a unique element in B. We usually write f : A → B or A → B.
Instead of writing down ordered pairs (a, b) ∈ A × B, we write f (a) = b or
f : a 7→ b. The set A is called the domain of f and
                           f (A) = {f (a) : a ∈ A} ⊂ B
is called the range or image of f . We can think of the elements in the
function’s domain as input values and the elements in the function’s range
as output values.

                       A                     B
                                       f
                             1                    a

                             2                    b
                             3                    c



                       A                g    B
                             1                    a

                             2                    b
                             3                    c


                    Figure 1.1. Mappings and relations



Example 4. Suppose A = {1, 2, 3} and B = {a, b, c}. In Figure 1.1 we
define relations f and g from A to B. The relation f is a mapping, but g is
not because 1 ∈ A is not assigned to a unique element in B; that is, g(1) = a
and g(1) = b.                                                              
    Given a function f : A → B, it is often possible to write a list describing
what the function does to each specific element in the domain. However, not
all functions can be described in this manner. For example, the function
f : R → R that sends each real number to its cube is a mapping that must
be described by writing f (x) = x3 or f : x 7→ x3 .
10                                          CHAPTER 1         PRELIMINARIES

    Consider the relation f : Q → Z given by f (p/q) = p. We know that
1/2 = 2/4, but is f (1/2) = 1 or 2? This relation cannot be a mapping
because it is not well-defined. A relation is well-defined if each element in
the domain is assigned to a unique element in the range.
    If f : A → B is a map and the image of f is B, i.e., f (A) = B, then f
is said to be onto or surjective. In other words, if there exists an a ∈ A
for each b ∈ B such that f (a) = b, then f is onto. A map is one-to-one
or injective if a1 6= a2 implies f (a1 ) 6= f (a2 ). Equivalently, a function is
one-to-one if f (a1 ) = f (a2 ) implies a1 = a2 . A map that is both one-to-one
and onto is called bijective.

Example 5. Let f : Z → Q be defined by f (n) = n/1. Then f is one-to-one
but not onto. Define g : Q → Z by g(p/q) = p where p/q is a rational number
expressed in its lowest terms with a positive denominator. The function g is
onto but not one-to-one.                                                  
    Given two functions, we can construct a new function by using the range
of the first function as the domain of the second function. Let f : A → B
and g : B → C be mappings. Define a new map, the composition of f and
g from A to C, by (g ◦ f )(x) = g(f (x)).

               A                  B                  C
                             f                  g
                    1                  a                 X
                    2                  b                  Y
                    3                  c                  Z



                        A                   C
                                      g◦f
                              1                 X
                              2                 Y
                              3                 Z


                     Figure 1.2. Composition of maps
1.2   SETS AND EQUIVALENCE RELATIONS                                        11

Example 6. Consider the functions f : A → B and g : B → C that are
defined in Figure 1.2 (top). The composition of these functions, g ◦f : A → C,
is defined in Figure 1.2 (bottom).                                          

Example 7. Let f (x) = x2 and g(x) = 2x + 5. Then

             (f ◦ g)(x) = f (g(x)) = (2x + 5)2 = 4x2 + 20x + 25

and
                       (g ◦ f )(x) = g(f (x)) = 2x2 + 5.
In general, order makes a difference; that is, in most cases f ◦ g 6= g ◦ f . 

Example 8. Sometimes it is the case that f ◦ g = g ◦ f . Let f (x) = x3 and
       √
g(x) = 3 x. Then
                                         √         √
              (f ◦ g)(x) = f (g(x)) = f ( 3 x ) = ( 3 x )3 = x

and                                                   √
                                                      3
                  (g ◦ f )(x) = g(f (x)) = g(x3 ) =     x3 = x.
                                                                             

Example 9. Given a 2 × 2 matrix
                                        
                                    a b
                                A=         ,
                                     c d

we can define a map TA : R2 → R2 by

                        TA (x, y) = (ax + by, cx + dy)

for (x, y) in R2 . This is actually matrix multiplication; that is,
                                               
                            a b     x       ax + by
                                        =             .
                             c d    y       cx + dy

Maps from Rn to Rm given by matrices are called linear maps or linear
transformations.                                                    

Example 10. Suppose that S = {1, 2, 3}. Define a map π : S → S by

                    π(1) = 2,      π(2) = 1,      π(3) = 3.
12                                             CHAPTER 1         PRELIMINARIES

This is a bijective map. An alternative way to write π is
                                                  
                        1    2      3        1 2 3
                                         =             .
                      π(1) π(2) π(3)         2 1 3

For any set S, a one-to-one and onto mapping π : S → S is called a
permutation of S.                                               

Theorem 1.3 Let f : A → B, g : B → C, and h : C → D. Then

     1. The composition of mappings is associative; that is, (h◦g)◦f = h◦(g◦f );

     2. If f and g are both one-to-one, then the mapping g ◦ f is one-to-one;

     3. If f and g are both onto, then the mapping g ◦ f is onto;

     4. If f and g are bijective, then so is g ◦ f .

Proof. We will prove (1) and (3). Part (2) is left as an exercise. Part (4)
follows directly from (2) and (3).
    (1) We must show that

                              h ◦ (g ◦ f ) = (h ◦ g) ◦ f.

For a ∈ A we have

                        (h ◦ (g ◦ f ))(a) = h((g ◦ f )(a))
                                          = h(g(f (a)))
                                          = (h ◦ g)(f (a))
                                          = ((h ◦ g) ◦ f )(a).

    (3) Assume that f and g are both onto functions. Given c ∈ C, we must
show that there exists an a ∈ A such that (g ◦ f )(a) = g(f (a)) = c. However,
since g is onto, there is a b ∈ B such that g(b) = c. Similarly, there is an
a ∈ A such that f (a) = b. Accordingly,

                         (g ◦ f )(a) = g(f (a)) = g(b) = c.

                                                                             
    If S is any set, we will use idS or id to denote the identity mapping
from S to itself. Define this map by id(s) = s for all s ∈ S. A map g : B → A
is an inverse mapping of f : A → B if g ◦ f = idA and f ◦ g = idB ; in
1.2   SETS AND EQUIVALENCE RELATIONS                                         13

other words, the inverse function of a function simply “undoes” the function.
A map is said to be invertible if it has an inverse. We usually write f −1
for the inverse of f .
                                                                  √
Example 11. The function f (x) = x3 has inverse f −1 (x) =        3
                                                                      x by Exam-
ple 8.                                                                        

Example 12. The natural logarithm and the exponential functions, f (x) =
ln x and f −1 (x) = ex , are inverses of each other provided that we are careful
about choosing domains. Observe that

                       f (f −1 (x)) = f (ex ) = ln ex = x

and
                      f −1 (f (x)) = f −1 (ln x) = eln x = x
whenever composition makes sense.                                             

Example 13. Suppose that
                                              
                                           3 1
                                  A=             .
                                           5 2

Then A defines a map from R2 to R2 by

                           TA (x, y) = (3x + y, 5x + 2y).

We can find an inverse map of TA by simply inverting the matrix A; that is,
TA−1 = TA−1 . In this example,
                                          
                              −1    2 −1
                            A =              ;
                                   −5 3

hence, the inverse map is given by

                       TA−1 (x, y) = (2x − y, −5x + 3y).

It is easy to check that

                  TA−1 ◦ TA (x, y) = TA ◦ TA−1 (x, y) = (x, y).

Not every map has an inverse. If we consider the map

                                TB (x, y) = (3x, 0)
14                                          CHAPTER 1        PRELIMINARIES

given by the matrix                     
                                     3 0
                                 B=        ,
                                     0 0
then an inverse map would have to be of the form

                        TB−1 (x, y) = (ax + by, cx + dy)

and
                    (x, y) = T ◦ TB−1 (x, y) = (3ax + 3by, 0)
for all x and y. Clearly this is impossible because y might not be 0.           

Example 14. Given the permutation
                                    
                               1 2 3
                         π=
                               2 3 1

on S = {1, 2, 3}, it is easy to see that the permutation defined by
                                               
                                 −1     1 2 3
                               π =
                                        3 1 2

is the inverse of π. In fact, any bijective mapping possesses an inverse, as we
will see in the next theorem.                                                

Theorem 1.4 A mapping is invertible if and only if it is both one-to-one
and onto.

Proof. Suppose first that f : A → B is invertible with inverse g : B → A.
Then g ◦ f = idA is the identity map; that is, g(f (a)) = a. If a1 , a2 ∈ A
with f (a1 ) = f (a2 ), then a1 = g(f (a1 )) = g(f (a2 )) = a2 . Consequently, f is
one-to-one. Now suppose that b ∈ B. To show that f is onto, it is necessary
to find an a ∈ A such that f (a) = b, but f (g(b)) = b with g(b) ∈ A. Let
a = g(b).
    Now assume the converse; that is, let f be bijective. Let b ∈ B. Since f
is onto, there exists an a ∈ A such that f (a) = b. Because f is one-to-one, a
must be unique. Define g by letting g(b) = a. We have now constructed the
inverse of f .                                                                   
1.2    SETS AND EQUIVALENCE RELATIONS                                           15

Equivalence Relations and Partitions
A fundamental notion in mathematics is that of equality. We can generalize
equality with the introduction of equivalence relations and equivalence classes.
An equivalence relation on a set X is a relation R ⊂ X × X such that

      • (x, x) ∈ R for all x ∈ X (reflexive property );

      • (x, y) ∈ R implies (y, x) ∈ R (symmetric property );

      • (x, y) and (y, z) ∈ R imply (x, z) ∈ R (transitive property ).

Given an equivalence relation R on a set X, we usually write x ∼ y instead
of (x, y) ∈ R. If the equivalence relation already has an associated notation
such as =, ≡, or ∼ =, we will use that notation.

Example 15. Let p, q, r, and s be integers, where q and s are nonzero.
Define p/q ∼ r/s if ps = qr. Clearly ∼ is reflexive and symmetric. To show
that it is also transitive, suppose that p/q ∼ r/s and r/s ∼ t/u, with q, s,
and u all nonzero. Then ps = qr and ru = st. Therefore,

                                psu = qru = qst.

Since s 6= 0, pu = qt. Consequently, p/q ∼ t/u.                                  

Example 16. Suppose that f and g are differentiable functions on R. We
can define an equivalence relation on such functions by letting f (x) ∼ g(x)
if f 0 (x) = g 0 (x). It is clear that ∼ is both reflexive and symmetric. To
demonstrate transitivity, suppose that f (x) ∼ g(x) and g(x) ∼ h(x). From
calculus we know that f (x) − g(x) = c1 and g(x) − h(x) = c2 , where c1 and
c2 are both constants. Hence,

             f (x) − h(x) = (f (x) − g(x)) + (g(x) − h(x)) = c1 − c2

and f 0 (x) − h0 (x) = 0. Therefore, f (x) ∼ h(x).                               

Example 17. For (x1 , y1 ) and (x2 , y2 ) in R2 , define (x1 , y1 ) ∼ (x2 , y2 ) if
x21 + y12 = x22 + y22 . Then ∼ is an equivalence relation on R2 .                

Example 18. Let A and B be 2×2 matrices with entries in the real numbers.
We can define an equivalence relation on the set of 2 × 2 matrices, by saying
16                                           CHAPTER 1      PRELIMINARIES

A ∼ B if there exists an invertible matrix P such that P AP −1 = B. For
example, if                                       
                        1 2                   −18 33
                A=                and B =              ,
                       −1 1                   −11 20
then A ∼ B since P AP −1 = B for
                                             
                                          2 5
                                P =             .
                                          1 3

Let I be the 2 × 2 identity matrix; that is,
                                         
                                      1 0
                               I=            .
                                      0 1

Then IAI −1 = IAI = A; therefore, the relation is reflexive. To show
symmetry, suppose that A ∼ B. Then there exists an invertible matrix P
such that P AP −1 = B. So

                       A = P −1 BP = P −1 B(P −1 )−1 .

Finally, suppose that A ∼ B and B ∼ C. Then there exist invertible matrices
P and Q such that P AP −1 = B and QBQ−1 = C. Since

              C = QBQ−1 = QP AP −1 Q−1 = (QP )A(QP )−1 ,

the relation is transitive. Two matrices that are equivalent in this manner
are said to be similar .                                                 
    A partition P of a set X is a collection
                                       S        of nonempty sets X1 , X2 , . . .
such that Xi ∩ Xj = ∅ for i 6= j and k Xk = X. Let ∼ be an equivalence
relation on a set X and let x ∈ X. Then [x] = {y ∈ X : y ∼ x} is called the
equivalence class of x. We will see that an equivalence relation gives rise
to a partition via equivalence classes. Also, whenever a partition of a set
exists, there is some natural underlying equivalence relation, as the following
theorem demonstrates.

Theorem 1.5 Given an equivalence relation ∼ on a set X, the equivalence
classes of X form a partition of X. Conversely, if P = {Xi } is a partition of
a set X, then there is an equivalence relation on X with equivalence classes
Xi .
1.2   SETS AND EQUIVALENCE RELATIONS                                          17

Proof. Suppose there exists an equivalence relation ∼ on the set X. For
any x ∈ X, theSreflexive property shows that x ∈ [x] and so [x] is nonempty.
Clearly X = x∈X [x]. Now let x, y ∈ X. We need to show that either
[x] = [y] or [x] ∩ [y] = ∅. Suppose that the intersection of [x] and [y] is not
empty and that z ∈ [x] ∩ [y]. Then z ∼ x and z ∼ y. By symmetry and
transitivity x ∼ y; hence, [x] ⊂ [y]. Similarly, [y] ⊂ [x] and so [x] = [y].
Therefore, any two equivalence classes are either disjoint or exactly the same.
     Conversely, suppose that P = {Xi } is a partition of a set X. Let two
elements be equivalent if they are in the same partition. Clearly, the relation
is reflexive. If x is in the same partition as y, then y is in the same partition
as x, so x ∼ y implies y ∼ x. Finally, if x is in the same partition as y and y
is in the same partition as z, then x must be in the same partition as z, and
transitivity holds.                                                             

Corollary 1.6 Two equivalence classes of an equivalence relation are either
disjoint or equal.

   Let us examine some of the partitions given by the equivalence classes in
the last set of examples.

Example 19. In the equivalence relation in Example 15, two pairs of
integers, (p, q) and (r, s), are in the same equivalence class when they reduce
to the same fraction in its lowest terms.                                    

Example 20. In the equivalence relation in Example 16, two functions f (x)
and g(x) are in the same partition when they differ by a constant.      

Example 21. We defined an equivalence class on R2 by (x1 , y1 ) ∼ (x2 , y2 )
if x21 + y12 = x22 + y22 . Two pairs of real numbers are in the same partition
when they lie on the same circle about the origin.                           

Example 22. Let r and s be two integers and suppose that n ∈ N. We say
that r is congruent to s modulo n, or r is congruent to s mod n, if r − s
is evenly divisible by n; that is, r − s = nk for some k ∈ Z. In this case we
write r ≡ s (mod n). For example, 41 ≡ 17 (mod 8) since 41 − 17 = 24 is
divisible by 8. We claim that congruence modulo n forms an equivalence
relation of Z. Certainly any integer r is equivalent to itself since r − r = 0 is
divisible by n. We will now show that the relation is symmetric. If r ≡ s
(mod n), then r − s = −(s − r) is divisible by n. So s − r is divisible by n and
18                                                 CHAPTER 1        PRELIMINARIES

s ≡ r (mod n). Now suppose that r ≡ s (mod n) and s ≡ t (mod n). Then
there exist integers k and l such that r − s = kn and s − t = ln. To show
transitivity, it is necessary to prove that r − t is divisible by n. However,

                     r − t = r − s + s − t = kn + ln = (k + l)n,

and so r − t is divisible by n.
    If we consider the equivalence relation established by the integers modulo
3, then

                              [0] = {. . . , −3, 0, 3, 6, . . .},
                              [1] = {. . . , −2, 1, 4, 7, . . .},
                              [2] = {. . . , −1, 2, 5, 8, . . .}.

Notice that [0] ∪ [1] ∪ [2] = Z and also that the sets are disjoint. The sets [0],
[1], and [2] form a partition of the integers.
     The integers modulo n are a very important example in the study of
abstract algebra and will become quite useful in our investigation of various
algebraic structures such as groups and rings. In our discussion of the integers
modulo n we have actually assumed a result known as the division algorithm,
which will be stated and proved in Chapter 2.                                  


Exercises
     1. Suppose that

                          A = {x : x ∈ N and x is even},
                          B = {x : x ∈ N and x is prime},
                          C = {x : x ∈ N and x is a multiple of 5}.

        Describe each of the following sets.

         (a) A ∩ B                                    (c) A ∪ B
         (b) B ∩ C                                    (d) A ∩ (B ∪ C)

     2. If A = {a, b, c}, B = {1, 2, 3}, C = {x}, and D = ∅, list all of the elements in
        each of the following sets.
EXERCISES                                                                      19

       (a) A × B                                (c) A × B × C
       (b) B × A                                (d) A × D

  3. Find an example of two nonempty sets A and B for which A × B = B × A is
     true.
  4. Prove A ∪ ∅ = A and A ∩ ∅ = ∅.
  5. Prove A ∪ B = B ∪ A and A ∩ B = B ∩ A.
  6. Prove A ∪ (B ∩ C) = (A ∪ B) ∩ (A ∪ C).
  7. Prove A ∩ (B ∪ C) = (A ∩ B) ∪ (A ∩ C).
  8. Prove A ⊂ B if and only if A ∩ B = A.
  9. Prove (A ∩ B)0 = A0 ∪ B 0 .
 10. Prove A ∪ B = (A ∩ B) ∪ (A \ B) ∪ (B \ A).
 11. Prove (A ∪ B) × C = (A × C) ∪ (B × C).
 12. Prove (A ∩ B) \ B = ∅.
 13. Prove (A ∪ B) \ B = A \ B.
 14. Prove A \ (B ∪ C) = (A \ B) ∩ (A \ C).
 15. Prove A ∩ (B \ C) = (A ∩ B) \ (A ∩ C).
 16. Prove (A \ B) ∪ (B \ A) = (A ∪ B) \ (A ∩ B).
 17. Which of the following relations f : Q → Q define a mapping? In each case,
     supply a reason why f is or is not a mapping.
                       p+1                                      p+q
       (a) f (p/q) =                            (c) f (p/q) =
                       p−2                                       q2
                       3p                                       3p2    p
       (b) f (p/q) =                            (d) f (p/q) =      2
                                                                     −
                       3q                                       7q     q

 18. Determine which of the following functions are one-to-one and which are onto.
     If the function is not onto, determine its range.
       (a) f : R → R defined by f (x) = ex
       (b) f : Z → Z defined by f (n) = n2 + 3
       (c) f : R → R defined by f (x) = sin x
       (d) f : Z → Z defined by f (x) = x2
 19. Let f : A → B and g : B → C be invertible mappings; that is, mappings such
     that f −1 and g −1 exist. Show that (g ◦ f )−1 = f −1 ◦ g −1 .
 20.   (a) Define a function f : N → N that is one-to-one but not onto.
20                                                CHAPTER 1         PRELIMINARIES

       (b) Define a function f : N → N that is onto but not one-to-one.
 21. Prove the relation defined on R2 by (x1 , y1 ) ∼ (x2 , y2 ) if x21 + y12 = x22 + y22 is
     an equivalence relation.
 22. Let f : A → B and g : B → C be maps.
       (a) If f and g are both one-to-one functions, show that g ◦ f is one-to-one.
       (b) If g ◦ f is onto, show that g is onto.
       (c) If g ◦ f is one-to-one, show that f is one-to-one.
       (d) If g ◦ f is one-to-one and f is onto, show that g is one-to-one.
       (e) If g ◦ f is onto and g is one-to-one, show that f is onto.
 23. Define a function on the real numbers by
                                                  x+1
                                        f (x) =       .
                                                  x−1
     What are the domain and range of f ? What is the inverse of f ? Compute
     f ◦ f −1 and f −1 ◦ f .
 24. Let f : X → Y be a map with A1 , A2 ⊂ X and B1 , B2 ⊂ Y .
       (a) Prove f (A1 ∪ A2 ) = f (A1 ) ∪ f (A2 ).
       (b) Prove f (A1 ∩ A2 ) ⊂ f (A1 ) ∩ f (A2 ). Give an example in which equality
           fails.
       (c) Prove f −1 (B1 ∪ B2 ) = f −1 (B1 ) ∪ f −1 (B2 ), where

                                  f −1 (B) = {x ∈ X : f (x) ∈ B}.

       (d) Prove f −1 (B1 ∩ B2 ) = f −1 (B1 ) ∩ f −1 (B2 ).
       (e) Prove f −1 (Y \ B1 ) = X \ f −1 (B1 ).
 25. Determine whether or not the following relations are equivalence relations on
     the given set. If the relation is an equivalence relation, describe the partition
     given by it. If the relation is not an equivalence relation, state why it fails to
     be one.

       (a) x ∼ y in R if x ≥ y                      (c) x ∼ y in R if |x − y| ≤ 4
       (b) m ∼ n in Z if mn > 0                    (d) m ∼ n in Z if m ≡ n (mod 6)

 26. Define a relation ∼ on R2 by stating that (a, b) ∼ (c, d) if and only if
     a2 + b2 ≤ c2 + d2 . Show that ∼ is reflexive and transitive but not symmetric.
 27. Show that an m × n matrix gives rise to a well-defined map from Rn to Rm .
EXERCISES                                                                                21

  28. Find the error in the following argument by providing a counterexample.
      “The reflexive property is redundant in the axioms for an equivalence relation.
       If x ∼ y, then y ∼ x by the symmetric property. Using the transitive property,
      we can deduce that x ∼ x.”
  29. Projective Real Line. Define a relation on R2 \ (0, 0) by letting (x1 , y1 ) ∼
      (x2 , y2 ) if there exists a nonzero real number λ such that (x1 , y1 ) = (λx2 , λy2 ).
      Prove that ∼ defines an equivalence relation on R2 \ (0, 0). What are the
      corresponding equivalence classes? This equivalence relation defines the
      projective line, denoted by P(R), which is very important in geometry.

References and Suggested Readings
The following list contains references suitable for further reading. With the exception
of [8] and [9] and perhaps [1] and [3], all of these books are more or less at the same
level as this text. Interesting applications of algebra can be found in [2], [5], [10],
and [11].
  [1] Artin, M. Abstract Algebra. 2nd ed. Pearson, Upper Saddle River, NJ, 2011.
  [2] Childs, L. A Concrete Introduction to Higher Algebra. 2nd ed. Springer-Verlag,
      New York, 1995.
  [3] Dummit, D. and Foote, R. Abstract Algebra. 3rd ed. Wiley, New York, 2003.
  [4] Fraleigh, J. B. A First Course in Abstract Algebra. 7th ed. Pearson, Upper
      Saddle River, NJ, 2003.
  [5] Gallian, J. A. Contemporary Abstract Algebra. 7th ed. Brooks/Cole, Belmont,
      CA, 2009.
  [6] Halmos, P. Naive Set Theory. Springer, New York, 1991. One of the best
      references for set theory.
  [7] Herstein, I. N. Abstract Algebra. 3rd ed. Wiley, New York, 1996.
  [8] Hungerford, T. W. Algebra. Springer, New York, 1974. One of the standard
      graduate algebra texts.
  [9] Lang, S. Algebra. 3rd ed. Springer, New York, 2002. Another standard
      graduate text.
 [10] Lidl, R. and Pilz, G. Applied Abstract Algebra. 2nd ed. Springer, New York,
      1998.
 [11] Mackiw, G. Applications of Abstract Algebra. Wiley, New York, 1985.
 [12] Nickelson, W. K. Introduction to Abstract Algebra. 3rd ed. Wiley, New York,
      2006.
 [13] Solow, D. How to Read and Do Proofs. 5th ed. Wiley, New York, 2009.
22                                       CHAPTER 1       PRELIMINARIES

[14] van der Waerden, B. L. A History of Algebra. Springer-Verlag, New York,
     1985. An account of the historical development of algebra.
Sage Sage is free, open source, mathematical software, which has very
impressive capabilities for the study of abstract algebra. See the Preface
for more information about obtaining Sage and the supplementary material
describing how to use Sage in the study of abstract algebra. At the end of
chapter, we will have a brief explanation of Sage’s capabilities relevant to
that chapter.
                                      2
                      The Integers



The integers are the building blocks of mathematics. In this chapter we
will investigate the fundamental properties of the integers, including mathe-
matical induction, the division algorithm, and the Fundamental Theorem of
Arithmetic.


2.1     Mathematical Induction
Suppose we wish to show that
                                               n(n + 1)
                          1 + 2 + ··· + n =
                                                  2
for any natural number n. This formula is easily verified for small numbers
such as n = 1, 2, 3, or 4, but it is impossible to verify for all natural numbers
on a case-by-case basis. To prove the formula true in general, a more generic
method is required.
    Suppose we have verified the equation for the first n cases. We will
attempt to show that we can generate the formula for the (n + 1)th case
from this knowledge. The formula is true for n = 1 since
                                      1(1 + 1)
                                 1=            .
                                          2
If we have verified the first n cases, then
                                              n(n + 1)
              1 + 2 + · · · + n + (n + 1) =            +n+1
                                                  2
                                              n2 + 3n + 2
                                            =
                                                    2
                                              (n + 1)[(n + 1) + 1]
                                            =                      .
                                                       2

                                       23
24                                          CHAPTER 2        THE INTEGERS

This is exactly the formula for the (n + 1)th case.
    This method of proof is known as mathematical induction. Instead of
attempting to verify a statement about some subset S of the positive integers
N on a case-by-case basis, an impossible task if S is an infinite set, we give a
specific proof for the smallest integer being considered, followed by a generic
argument showing that if the statement holds for a given case, then it must
also hold for the next case in the sequence. We summarize mathematical
induction in the following axiom.
First Principle of Mathematical Induction. Let S(n) be a statement
about integers for n ∈ N and suppose S(n0 ) is true for some integer n0 . If
for all integers k with k ≥ n0 S(k) implies that S(k + 1) is true, then S(n)
is true for all integers n greater than or equal to n0 .

Example 1. For all integers n ≥ 3, 2n > n + 4. Since

                               8 = 23 > 3 + 4 = 7,

the statement is true for n0 = 3. Assume that 2k > k + 4 for k ≥ 3. Then
2k+1 = 2 · 2k > 2(k + 4). But

                     2(k + 4) = 2k + 8 > k + 5 = (k + 1) + 4

since k is positive. Hence, by induction, the statement holds for all integers
n ≥ 3.                                                                      

Example 2. Every integer 10n+1 + 3 · 10n + 5 is divisible by 9 for n ∈ N.
For n = 1,
                  101+1 + 3 · 10 + 5 = 135 = 9 · 15
is divisible by 9. Suppose that 10k+1 + 3 · 10k + 5 is divisible by 9 for k ≥ 1.
Then

           10(k+1)+1 + 3 · 10k+1 + 5 = 10k+2 + 3 · 10k+1 + 50 − 45
                                      = 10(10k+1 + 3 · 10k + 5) − 45

is divisible by 9.                                                            

Example 3. We will prove the binomial theorem using mathematical
induction; that is,
                              n  
                           n
                              X  n k n−k
                    (a + b) =       a b    ,
                                 k
                                      k=0
2.1   MATHEMATICAL INDUCTION                                              25

where a and b are real numbers, n ∈ N, and
                            
                             n         n!
                                 =
                             k     k!(n − k)!
is the binomial coefficient. We first show that
                                             
                          n+1          n        n
                                  =       +         .
                             k         k      k−1
This result follows from
                       
              n        n          n!              n!
                  +         =            +
              k       k−1     k!(n − k)! (k − 1)!(n − k + 1)!
                                 (n + 1)!
                            =
                              k!(n + 1 − k)!
                                    
                                n+1
                            =          .
                                  k
If n = 1, the binomial theorem is easy to verify. Now assume that the result
is true for n greater than or equal to 1. Then

  (a + b)n+1 = (a + b)(a + b)n
                          n  
                                          !
                         X     n k n−k
             = (a + b)             a b
                               k
                         k=0
                n                     n  
               X    n k+1 n−k X n k n+1−k
             =          a b         +          a b
                     k                     k
               k=0                    k=0
                        n                        n  
                n+1
                       X        n      k n+1−k
                                                  X    n k n+1−k
             =a     +                a b       +          a b    + bn+1
                             k−1                       k
                       k=1                        k=1
                        n            
                       X         n         n
             = an+1 +                   +       ak bn+1−k + bn+1
                              k−1          k
                       k=1
               n+1
               X n + 1
                   
             =               ak bn+1−k .
                       k
                k=0

                                                                          
    We have an equivalent statement of the Principle of Mathematical Induc-
tion that is often very useful.
Second Principle of Mathematical Induction. Let S(n) be a statement
about integers for n ∈ N and suppose S(n0 ) is true for some integer n0 . If
26                                               CHAPTER 2          THE INTEGERS

S(n0 ), S(n0 + 1), . . . , S(k) imply that S(k + 1) for k ≥ n0 , then the statement
S(n) is true for all integers n ≥ n0 .
   A nonempty subset S of Z is well-ordered if S contains a least element.
Notice that the set Z is not well-ordered since it does not contain a smallest
element. However, the natural numbers are well-ordered.
Principle of Well-Ordering. Every nonempty subset of the natural num-
bers is well-ordered.
   The Principle of Well-Ordering is equivalent to the Principle of Mathe-
matical Induction.

Lemma 2.1 The Principle of Mathematical Induction implies that 1 is the
least positive natural number.

Proof. Let S = {n ∈ N : n ≥ 1}. Then 1 ∈ S. Now assume that n ∈ S;
that is, n ≥ 1. Since n + 1 ≥ 1, n + 1 ∈ S; hence, by induction, every natural
number is greater than or equal to 1.                                       

Theorem 2.2 The Principle of Mathematical Induction implies the Princi-
ple of Well-Ordering. That is, every nonempty subset of N contains a least
element.

Proof. We must show that if S is a nonempty subset of the natural numbers,
then S contains a least element. If S contains 1, then the theorem is true by
Lemma 2.1. Assume that if S contains an integer k such that 1 ≤ k ≤ n, then
S contains a least element. We will show that if a set S contains an integer
less than or equal to n + 1, then S has a least element. If S does not contain
an integer less than n + 1, then n + 1 is the smallest integer in S. Otherwise,
since S is nonempty, S must contain an integer less than or equal to n. In
this case, by induction, S contains a least element.                        
   Induction can also be very useful in formulating definitions. For instance,
there are two ways to define n!, the factorial of a positive integer n.

     • The explicit definition: n! = 1 · 2 · 3 · · · (n − 1) · n.

     • The inductive or recursive definition: 1! = 1 and n! = n(n − 1)! for
       n > 1.

Every good mathematician or computer scientist knows that looking at prob-
lems recursively, as opposed to explicitly, often results in better understanding
of complex issues.
2.2   THE DIVISION ALGORITHM                                                27

2.2     The Division Algorithm
An application of the Principle of Well-Ordering that we will use often is the
division algorithm.

Theorem 2.3 (Division Algorithm) Let a and b be integers, with b > 0.
Then there exist unique integers q and r such that

                                  a = bq + r

where 0 ≤ r < b.

Proof. This is a perfect example of the existence-and-uniqueness type of
proof. We must first prove that the numbers q and r actually exist. Then
we must show that if q 0 and r0 are two other such numbers, then q = q 0 and
r = r0 .
   Existence of q and r. Let

                    S = {a − bk : k ∈ Z and a − bk ≥ 0}.

If 0 ∈ S, then b divides a, and we can let q = a/b and r = 0. If 0 ∈/ S, we
can use the Well-Ordering Principle. We must first show that S is nonempty.
If a > 0, then a − b · 0 ∈ S. If a < 0, then a − b(2a) = a(1 − 2b) ∈ S. In
              6 ∅. By the Well-Ordering Principle, S must have a smallest
either case S =
member, say r = a − bq. Therefore, a = bq + r, r ≥ 0. We now show that
r < b. Suppose that r > b. Then

                   a − b(q + 1) = a − bq − b = r − b > 0.

In this case we would have a − b(q + 1) in the set S. But then a − b(q + 1) <
a−bq, which would contradict the fact that r = a−bq is the smallest member
of S. So r ≤ b. Since 0 ∈/ S, r 6= b and so r < b.
    Uniqueness of q and r. Suppose there exist integers r, r0 , q, and q 0 such
that
          a = bq + r, 0 ≤ r < b      and     a = bq 0 + r0 , 0 ≤ r0 < b.
Then bq + r = bq 0 + r0 . Assume that r0 ≥ r. From the last equation we have
b(q − q 0 ) = r0 − r; therefore, b must divide r0 − r and 0 ≤ r0 − r ≤ r0 < b.
This is possible only if r0 − r = 0. Hence, r = r0 and q = q 0 .           
    Let a and b be integers. If b = ak for some integer k, we write a | b. An
integer d is called a common divisor of a and b if d | a and d | b. The
greatest common divisor of integers a and b is a positive integer d such
28                                         CHAPTER 2        THE INTEGERS

that d is a common divisor of a and b and if d0 is any other common divisor
of a and b, then d0 | d. We write d = gcd(a, b); for example, gcd(24, 36) = 12
and gcd(120, 102) = 6. We say that two integers a and b are relatively
prime if gcd(a, b) = 1.

Theorem 2.4 Let a and b be nonzero integers. Then there exist integers r
and s such that
                        gcd(a, b) = ar + bs.
Furthermore, the greatest common divisor of a and b is unique.

Proof. Let

                S = {am + bn : m, n ∈ Z and am + bn > 0}.

Clearly, the set S is nonempty; hence, by the Well-Ordering Principle S
must have a smallest member, say d = ar + bs. We claim that d = gcd(a, b).
Write a = dq + r0 where 0 ≤ r0 < d . If r0 > 0, then

                          r0 = a − dq
                             = a − (ar + bs)q
                             = a − arq − bsq
                             = a(1 − rq) + b(−sq),

which is in S. But this would contradict the fact that d is the smallest
member of S. Hence, r0 = 0 and d divides a. A similar argument shows that
d divides b. Therefore, d is a common divisor of a and b.
    Suppose that d0 is another common divisor of a and b, and we want to
show that d0 | d. If we let a = d0 h and b = d0 k, then

                  d = ar + bs = d0 hr + d0 ks = d0 (hr + ks).

So d0 must divide d. Hence, d must be the unique greatest common divisor
of a and b.                                                           

Corollary 2.5 Let a and b be two integers that are relatively prime. Then
there exist integers r and s such that ar + bs = 1.
2.2   THE DIVISION ALGORITHM                                            29

The Euclidean Algorithm
Among other things, Theorem 2.4 allows us to compute the greatest common
divisor of two integers.

Example 4. Let us compute the greatest common divisor of 945 and 2415.
First observe that

                           2415 = 945 · 2 + 525
                            945 = 525 · 1 + 420
                            525 = 420 · 1 + 105
                            420 = 105 · 4 + 0.

Reversing our steps, 105 divides 420, 105 divides 525, 105 divides 945, and
105 divides 2415. Hence, 105 divides both 945 and 2415. If d were another
common divisor of 945 and 2415, then d would also have to divide 105.
Therefore, gcd(945, 2415) = 105.
    If we work backward through the above sequence of equations, we can
also obtain numbers r and s such that 945r + 2415s = 105. Observe that

                 105 = 525 + (−1) · 420
                     = 525 + (−1) · [945 + (−1) · 525]
                     = 2 · 525 + (−1) · 945
                     = 2 · [2415 + (−2) · 945] + (−1) · 945
                     = 2 · 2415 + (−5) · 945.

So r = −5 and s = 2. Notice that r and s are not unique, since r = 41 and
s = −16 would also work.                                                
   To compute gcd(a, b) = d, we are using repeated divisions to obtain a
decreasing sequence of positive integers r1 > r2 > · · · > rn = d; that is,

                               b = aq1 + r1
                               a = r1 q2 + r2
                              r1 = r2 q3 + r3
                                ..
                                 .
                           rn−2 = rn−1 qn + rn
                           rn−1 = rn qn+1 .
30                                                CHAPTER 2         THE INTEGERS

To find r and s such that ar + bs = d, we begin with this last equation and
substitute results obtained from the previous equations:

                         d = rn
                           = rn−2 − rn−1 qn
                           = rn−2 − qn (rn−3 − qn−1 rn−2 )
                            = −qn rn−3 + (1 + qn qn−1 )rn−2
                          ..
                           .
                           = ra + sb.

The algorithm that we have just used to find the greatest common divisor d
of two integers a and b and to write d as the linear combination of a and b is
known as the Euclidean algorithm.

Prime Numbers
Let p be an integer such that p > 1. We say that p is a prime number , or
simply p is prime, if the only positive numbers that divide p are 1 and p
itself. An integer n > 1 that is not prime is said to be composite.

Lemma 2.6 (Euclid) Let a and b be integers and p be a prime number. If
p | ab, then either p | a or p | b.

Proof. Suppose that p does not divide a. We must show that p | b. Since
gcd(a, p) = 1, there exist integers r and s such that ar + ps = 1. So

                          b = b(ar + ps) = (ab)r + p(bs).

Since p divides both ab and itself, p must divide b = (ab)r + p(bs).                   

Theorem 2.7 (Euclid) There exist an infinite number of primes.

Proof. We will prove this theorem by contradiction. Suppose that there
are only a finite number of primes, say p1 , p2 , . . . , pn . Let P = p1 p2 · · · pn + 1.
Then P must be divisible by some pi for 1 ≤ i ≤ n. In this case, pi must
divide P − p1 p2 · · · pn = 1, which is a contradiction. Hence, either P is prime
or there exists an additional prime number p 6= pi that divides P .                    

Theorem 2.8 (Fundamental Theorem of Arithmetic) Let n be an in-
teger such that n > 1. Then

                                   n = p1 p2 · · · pk ,
2.2   THE DIVISION ALGORITHM                                                             31

where p1 , . . . , pk are primes (not necessarily distinct). Furthermore, this
factorization is unique; that is, if

                                      n = q1 q2 · · · ql ,

then k = l and the qi ’s are just the pi ’s rearranged.

Proof. Uniqueness. To show uniqueness we will use induction on n. The
theorem is certainly true for n = 2 since in this case n is prime. Now assume
that the result holds for all integers m such that 1 ≤ m < n, and

                             n = p 1 p 2 · · · p k = q1 q2 · · · ql ,

where p1 ≤ p2 ≤ · · · ≤ pk and q1 ≤ q2 ≤ · · · ≤ ql . By Lemma 2.6, p1 | qi for
some i = 1, . . . , l and q1 | pj for some j = 1, . . . , k. Since all of the pi ’s and qi ’s
are prime, p1 = qi and q1 = pj . Hence, p1 = q1 since p1 ≤ pj = q1 ≤ qi = p1 .
By the induction hypothesis,

                                n0 = p2 · · · pk = q2 · · · ql

has a unique factorization. Hence, k = l and qi = pi for i = 1, . . . , k.
    Existence. To show existence, suppose that there is some integer that
cannot be written as the product of primes. Let S be the set of all such
numbers. By the Principle of Well-Ordering, S has a smallest number, say
a. If the only positive factors of a are a and 1, then a is prime, which is a
contradiction. Hence, a = a1 a2 where 1 < a1 < a and 1 < a2 < a. Neither
a1 ∈ S nor a2 ∈ S, since a is the smallest element in S. So

                                       a1 = p1 · · · pr
                                       a2 = q1 · · · qs .

Therefore,
                             a = a1 a2 = p1 · · · pr q1 · · · qs .
So a ∈
     / S, which is a contradiction.                                                       

                                    Historical Note
32                                                    CHAPTER 2           THE INTEGERS

Prime numbers were first studied by the ancient Greeks. Two important results
from antiquity are Euclid’s proof that an infinite number of primes exist and the
Sieve of Eratosthenes, a method of computing all of the prime numbers less than a
fixed positive integer n. One problem in number theory is to find a function f such
that f (n) is prime for each integer n. Pierre Fermat (1601?–1665) conjectured that
   n
22 + 1 was prime for all n, but later it was shown by Leonhard Euler (1707–1783)
that                             5
                               22 + 1 = 4,294,967,297
is a composite number. One of the many unproven conjectures about prime numbers
is Goldbach’s Conjecture. In a letter to Euler in 1742, Christian Goldbach stated
the conjecture that every even integer with the exception of 2 seemed to be the sum
of two primes: 4 = 2 + 2, 6 = 3 + 3, 8 = 3 + 5, . . .. Although the conjecture has been
verified for the numbers up through 100 million, it has yet to be proven in general.
Since prime numbers play an important role in public key cryptography, there is
currently a great deal of interest in determining whether or not a large number is
prime.

Exercises
     1. Prove that
                                                       n(n + 1)(2n + 1)
                            12 + 22 + · · · + n2 =
                                                              6
        for n ∈ N.
     2. Prove that
                                                            n2 (n + 1)2
                                13 + 23 + · · · + n3 =
                                                                 4
        for n ∈ N.
     3. Prove that n! > 2n for n ≥ 4.
     4. Prove that
                                                                  n(3n − 1)x
                         x + 4x + 7x + · · · + (3n − 2)x =
                                                                      2
        for n ∈ N.
     5. Prove that 10n+1 + 10n + 1 is divisible by 3 for n ∈ N.
     6. Prove that 4 · 102n + 9 · 102n−1 + 5 is divisible by 99 for n ∈ N.
     7. Show that
                                                             n
                                    √                      1X
                                    n
                                        a1 a2 · · · an ≤      ak .
                                                           n
                                                            k=1

     8. Prove the Leibniz rule for f (n) (x), where f (n) is the nth derivative of f ; that
        is, show that
                                            n  
                                           X    n (k)
                           (f g)(n) (x) =          f (x)g (n−k) (x).
                                                k
                                            k=0
EXERCISES                                                                        33

  9. Use induction to prove that 1 + 2 + 22 + · · · + 2n = 2n+1 − 1 for n ∈ N.
 10. Prove that
                            1 1           1        n
                             + + ··· +          =
                            2 6        n(n + 1)   n+1
     for n ∈ N.
 11. If x is a nonnegative real number, then show that (1 + x)n − 1 ≥ nx for
     n = 0, 1, 2, . . ..
 12. Power Sets. Let X be a set. Define the power set of X, denoted P(X),
     to be the set of all subsets of X. For example,

                            P({a, b}) = {∅, {a}, {b}, {a, b}}.

     For every positive integer n, show that a set with exactly n elements has a
     power set with exactly 2n elements.
 13. Prove that the two principles of mathematical induction stated in Section 2.1
     are equivalent.
 14. Show that the Principle of Well-Ordering for the natural numbers implies that
     1 is the smallest natural number. Use this result to show that the Principle of
     Well-Ordering implies the Principle of Mathematical Induction; that is, show
     that if S ⊂ N such that 1 ∈ S and n + 1 ∈ S whenever n ∈ S, then S = N.
 15. For each of the following pairs of numbers a and b, calculate gcd(a, b) and
     find integers r and s such that gcd(a, b) = ra + sb.

      (a) 14 and 39                                 (d) 471 and 562
      (b) 234 and 165                                (e) 23,771 and 19,945
      (c) 1739 and 9923                              (f) −4357 and 3754

 16. Let a and b be nonzero integers. If there exist integers r and s such that
     ar + bs = 1, show that a and b are relatively prime.
 17. Fibonacci Numbers. The Fibonacci numbers are

                                 1, 1, 2, 3, 5, 8, 13, 21, . . . .

     We can define them inductively by f1 = 1, f2 = 1, and fn+2 = fn+1 + fn for
     n ∈ N.
      (a) Prove that fn < 2n .
      (b) Prove that fn+1 fn−1 = fn2 + (−1)n , n ≥ 2.
                               √              √       √
      (c) Prove that fn = [(1 + 5 )n − (1 − 5 )n ]/2n 5.
                                         √
      (d) Show that limn→∞ fn /fn+1 = ( 5 − 1)/2.
      (e) Prove that fn and fn+1 are relatively prime.
34                                              CHAPTER 2           THE INTEGERS

 18. Let a and b be integers such that gcd(a, b) = 1. Let r and s be integers such
     that ar + bs = 1. Prove that

                           gcd(a, s) = gcd(r, b) = gcd(r, s) = 1.

 19. Let x, y ∈ N be relatively prime. If xy is a perfect square, prove that x and y
     must both be perfect squares.
 20. Using the division algorithm, show that every perfect square is of the form
     4k or 4k + 1 for some nonnegative integer k.
 21. Suppose that a, b, r, s are pairwise relatively prime and that

                                       a 2 + b2 = r 2
                                       a 2 − b2 = s 2 .

     Prove that a, r, and s are odd and b is even.
 22. Let n ∈ N. Use the division algorithm to prove that every integer is congruent
     mod n to precisely one of the integers 0, 1, . . . , n − 1. Conclude that if r is
     an integer, then there is exactly one s in Z such that 0 ≤ s < n and [r] = [s].
     Hence, the integers are indeed partitioned by congruence mod n.
 23. Define the least common multiple of two nonzero integers a and b, denoted
     by lcm(a, b), to be the nonnegative integer m such that both a and b divide
     m, and if a and b divide any other integer n, then m also divides n. Prove
     that any two integers a and b have a unique least common multiple.
 24. If d = gcd(a, b) and m = lcm(a, b), prove that dm = |ab|.
 25. Show that lcm(a, b) = ab if and only if gcd(a, b) = 1.
 26. Prove that gcd(a, c) = gcd(b, c) = 1 if and only if gcd(ab, c) = 1 for integers
     a, b, and c.
 27. Let a, b, c ∈ Z. Prove that if gcd(a, b) = 1 and a | bc, then a | c.
 28. Let p ≥ 2. Prove that if 2p − 1 is prime, then p must also be prime.
 29. Prove that there are an infinite number of primes of the form 6n + 1.
 30. Prove that there are an infinite number of primes of the form 4n − 1.
 31. Using the fact that 2 is prime, show that there do √
                                                        not exist integers p and
     q such that p2 = 2q 2 . Demonstrate that therefore 2 cannot be a rational
     number.
EXERCISES                                                                           35

Programming Exercises
   1. The Sieve of Eratosthenes. One method of computing all of the prime
      numbers less than a certain fixed positive integer N is to list all of the numbers
      n such that 1 < n < N . Begin by eliminating all of the multiples of 2. Next
      eliminate all of the multiples of 3. Now eliminate all of the multiples of
      5. Notice that 4 has already been crossed out. Continue in this manner,       √
      noticing that we do not have to go all the way to N ; it suffices to stop at N .
      Using this method, compute all of the prime numbers less than N = 250.
      We can also use this method to find all of the integers that are relatively
      prime to an integer N . Simply eliminate the prime factors of N and all of
      their multiples. Using this method, find all of the numbers that are relatively
      prime to N = 120. Using the Sieve of Eratosthenes, write a program that will
      compute all of the primes less than an integer N .
   2. Let N0 = N ∪ {0}. Ackermann’s function is the function A : N0 × N0 → N0
      defined by the equations

                                    A(0, y) = y + 1,
                                A(x + 1, 0) = A(x, 1),
                           A(x + 1, y + 1) = A(x, A(x + 1, y)).

      Use this definition to compute A(3, 1). Write a program to evaluate Acker-
      mann’s function. Modify the program to count the number of statements
      executed in the program when Ackermann’s function is evaluated. How many
      statements are executed in the evaluation of A(4, 1)? What about A(5, 1)?
   3. Write a computer program that will implement the Euclidean algorithm. The
      program should accept two positive integers a and b as input and should
      output gcd(a, b) as well as integers r and s such that

                                    gcd(a, b) = ra + sb.

References and Suggested Readings
References [2], [3], and [4] are good sources for elementary number theory.
  [1] Brookshear, J. G. Theory of Computation: Formal Languages, Automata,
      and Complexity. Benjamin/Cummings, Redwood City, CA, 1989. Shows the
      relationships of the theoretical aspects of computer science to set theory and
      the integers.
  [2] Hardy, G. H. and Wright, E. M. An Introduction to the Theory of Numbers.
      6th ed. Oxford University Press, New York, 2008.
  [3] Niven, I. and Zuckerman, H. S. An Introduction to the Theory of Numbers.
      5th ed. Wiley, New York, 1991.
36                                        CHAPTER 2       THE INTEGERS

  [4] Vanden Eynden, C. Elementary Number Theory. 2nd ed. Waveland Press,
      Long Grove IL, 2001.
Sage Sage’s original purpose was to support research in number theory, so
it is perfect for the types of computations with the integers that we have in
this chapter.
                                     3
                             Groups



We begin our study of algebraic structures by investigating sets associated
with single operations that satisfy certain reasonable axioms; that is, we want
to define an operation on a set in a way that will generalize such familiar
structures as the integers Z together with the single operation of addition,
or invertible 2 × 2 matrices together with the single operation of matrix
multiplication. The integers and the 2 × 2 matrices, together with their
respective single operations, are examples of algebraic structures known as
groups.
    The theory of groups occupies a central position in mathematics. Modern
group theory arose from an attempt to find the roots of a polynomial in
terms of its coefficients. Groups now play a central role in such areas as
coding theory, counting, and the study of symmetries; many areas of biology,
chemistry, and physics have benefited from group theory.


3.1     Integer Equivalence Classes and Symmetries
Let us now investigate some mathematical structures that can be viewed as
sets with single operations.

The Integers mod n
The integers mod n have become indispensable in the theory and applications
of algebra. In mathematics they are used in cryptography, coding theory,
and the detection of errors in identification codes.
    We have already seen that two integers a and b are equivalent mod n if n
divides a − b. The integers mod n also partition Z into n different equivalence
classes; we will denote the set of these equivalence classes by Zn . Consider



                                      37
38                                                           CHAPTER 3     GROUPS

the integers modulo 12 and the corresponding partition of the integers:

                          [0] = {. . . , −12, 0, 12, 24, . . .},
                          [1] = {. . . , −11, 1, 13, 25, . . .},
                             ..
                              .
                        [11] = {. . . , −1, 11, 23, 35, . . .}.

When no confusion can arise, we will use 0, 1, . . . , 11 to indicate the equiva-
lence classes [0], [1], . . . , [11] respectively. We can do arithmetic on Zn . For
two integers a and b, define addition modulo n to be (a + b) (mod n); that is,
the remainder when a + b is divided by n. Similarly, multiplication modulo
n is defined as (ab) (mod n), the remainder when ab is divided by n.

                    Table 3.1. Multiplication table for Z8
                         ·   0    1   2    3    4   5    6    7
                         0   0    0   0    0    0   0    0    0
                         1   0    1   2    3    4   5    6    7
                         2   0    2   4    6    0   2    4    6
                         3   0    3   6    1    4   7    2    5
                         4   0    4   0    4    0   4    0    4
                         5   0    5   2    7    4   1    6    3
                         6   0    6   4    2    0   6    4    2
                         7   0    7   6    5    4   3    2    1



Example 1. The following examples illustrate integer arithmetic modulo n:

      7 + 4 ≡ 1 (mod 5)                              7 · 3 ≡ 1 (mod 5)

      3 + 5 ≡ 0 (mod 8)                              3 · 5 ≡ 7 (mod 8)

      3 + 4 ≡ 7 (mod 12)                             3 · 4 ≡ 0 (mod 12).

   In particular, notice that it is possible that the product of two nonzero
numbers modulo n can be equivalent to 0 modulo n.                         

Example 2. Most, but not all, of the usual laws of arithmetic hold for
addition and multiplication in Zn . For instance, it is not necessarily true
that there is a multiplicative inverse. Consider the multiplication table for
Z8 in Table 3.1. Notice that 2, 4, and 6 do not have multiplicative inverses;
3.1   INTEGER EQUIVALENCE CLASSES AND SYMMETRIES                            39

that is, for n = 2, 4, or 6, there is no integer k such that kn ≡ 1 (mod 8).
                                                                         

Proposition 3.1 Let Zn be the set of equivalence classes of the integers
mod n and a, b, c ∈ Zn .

  1. Addition and multiplication are commutative:

                             a + b ≡ b + a (mod n)
                                ab ≡ ba (mod n).

  2. Addition and multiplication are associative:

                       (a + b) + c ≡ a + (b + c)    (mod n)
                             (ab)c ≡ a(bc)   (mod n).

  3. There are both an additive and a multiplicative identity:

                               a + 0 ≡ a (mod n)
                                a · 1 ≡ a (mod n).

  4. Multiplication distributes over addition:

                          a(b + c) ≡ ab + ac (mod n).

  5. For every integer a there is an additive inverse −a:

                             a + (−a) ≡ 0    (mod n).

  6. Let a be a nonzero integer. Then gcd(a, n) = 1 if and only if there exists
     a multiplicative inverse b for a (mod n); that is, a nonzero integer b
     such that
                                ab ≡ 1 (mod n).

Proof. We will prove (1) and (6) and leave the remaining properties to be
proven in the exercises.
   (1) Addition and multiplication are commutative modulo n since the
remainder of a + b divided by n is the same as the remainder of b + a divided
by n.
40                                                     CHAPTER 3      GROUPS

   (6) Suppose that gcd(a, n) = 1. Then there exist integers r and s such
that ar + ns = 1. Since ns = 1 − ar, ra ≡ 1 (mod n). Letting b be the
equivalence class of r, ab ≡ 1 (mod n).
   Conversely, suppose that there exists a b such that ab ≡ 1 (mod n).
Then n divides ab − 1, so there is an integer k such that ab − nk = 1. Let
d = gcd(a, n). Since d divides ab − nk, d must also divide 1; hence, d = 1.
                                                                        

Symmetries


                  Figure 3.1. Rigid motions of a rectangle

              A                B                   A            B
                                     identity

              D                C                   D            C


              A                B                   C            D
                                       180◦
                                     rotation
              D                C                   B            A


              A                B                   B            A
                                    reflection
                                   vertical axis
              D                C                   C            D


              A                B                   D            C
                                    reflection
                               horizontal axis
              D                C             A                  B


    A symmetry of a geometric figure is a rearrangement of the figure
preserving the arrangement of its sides and vertices as well as its distances
and angles. A map from the plane to itself preserving the symmetry of an
object is called a rigid motion. For example, if we look at the rectangle in
Figure 3.1, it is easy to see that a rotation of 180◦ or 360◦ returns a rectangle
in the plane with the same orientation as the original rectangle and the same
3.1   INTEGER EQUIVALENCE CLASSES AND SYMMETRIES                         41

relationship among the vertices. A reflection of the rectangle across either
the vertical axis or the horizontal axis can also be seen to be a symmetry.
However, a 90◦ rotation in either direction cannot be a symmetry unless the
rectangle is a square.

                  Figure 3.2. Symmetries of a triangle

                 B                 B
                       identity
                                                       
                                                  A B C
                                            id =
                                                  A B C
            A          C    A           C
                 B                 A                        
                       rotation                    A B C
                                            ρ1 =
                                                   B C A
            A          C    C           B
                 B                 C                        
                       rotation                    A B C
                                            ρ2 =
                                                   C A B
            A          C    B           A
                 B                 C
                      reflection
                                                       
                                                  A B C
                                            µ1 =
                                                  A C B
            A          C    A           B
                 B                 B
                      reflection
                                                              
                                                       A B C
                                            µ2 =
                                                       C B A
            A          C    C           A
                 B                 A
                      reflection
                                                              
                                                       A B C
                                            µ3 =
                                                       B A C
            A          C    B           C


    Let us find the symmetries of the equilateral triangle 4ABC. To find a
symmetry of 4ABC, we must first examine the permutations of the vertices
A, B, and C and then ask if a permutation extends to a symmetry of the
triangle. Recall that a permutation of a set S is a one-to-one and onto
map π : S → S. The three vertices have 3! = 6 permutations, so the triangle
42                                                  CHAPTER 3        GROUPS

has at most six symmetries. To see that there are six permutations, observe
there are three different possibilities for the first vertex, and two for the
second, and the remaining vertex is determined by the placement of the first
two. So we have 3 · 2 · 1 = 3! = 6 different arrangements. To denote the
permutation of the vertices of an equilateral triangle that sends A to B, B
to C, and C to A, we write the array
                                           
                                 A B C
                                              .
                                 B C A
Notice that this particular permutation corresponds to the rigid motion
of rotating the triangle by 120◦ in a clockwise direction. In fact, every
permutation gives rise to a symmetry of the triangle. All of these symmetries
are shown in Figure 3.2.
     A natural question to ask is what happens if one motion of the triangle
4ABC is followed by another. Which symmetry is µ1 ρ1 ; that is, what
happens when we do the permutation ρ1 and then the permutation µ1 ?
Remember that we are composing functions here. Although we usually multiply
left to right, we compose functions right to left. We have
                    (µ1 ρ1 )(A) = µ1 (ρ1 (A)) = µ1 (B) = C
                    (µ1 ρ1 )(B) = µ1 (ρ1 (B)) = µ1 (C) = B
                    (µ1 ρ1 )(C) = µ1 (ρ1 (C)) = µ1 (A) = A.
This is the same symmetry as µ2 . Suppose we do these motions in the
opposite order, ρ1 then µ1 . It is easy to determine that this is the same
as the symmetry µ3 ; hence, ρ1 µ1 6= µ1 ρ1 . A multiplication table for the
symmetries of an equilateral triangle 4ABC is given in Table 3.2.
    Notice that in the multiplication table for the symmetries of an equilateral
triangle, for every motion of the triangle α there is another motion α0 such
that αα0 = id; that is, for every motion there is another motion that takes
the triangle back to its original orientation.


3.2     Definitions and Examples
The integers mod n and the symmetries of a triangle or a rectangle are both
examples of groups. A binary operation or law of composition on a set
G is a function G × G → G that assigns to each pair (a, b) ∈ G × G a unique
element a ◦ b, or ab in G, called the composition of a and b. A group (G, ◦)
is a set G together with a law of composition (a, b) 7→ a ◦ b that satisfies the
following axioms.
3.2    DEFINITIONS AND EXAMPLES                                              43


                Table 3.2. Symmetries of an equilateral triangle
                            ◦   id     ρ1   ρ2    µ1   µ2    µ3
                           id   id     ρ1   ρ2    µ1   µ2    µ3
                           ρ1   ρ1     ρ2   id    µ3   µ1    µ2
                           ρ2   ρ2     id   ρ1    µ2   µ3    µ1
                           µ1   µ1     µ2   µ3    id   ρ1    ρ2
                           µ2   µ2     µ3   µ1    ρ2   id    ρ1
                           µ3   µ3     µ1   µ2    ρ1   ρ2    id



      • The law of composition is associative. That is,

                                     (a ◦ b) ◦ c = a ◦ (b ◦ c)

        for a, b, c ∈ G.

      • There exists an element e ∈ G, called the identity element, such
        that for any element a ∈ G

                                       e ◦ a = a ◦ e = a.

      • For each element a ∈ G, there exists an inverse element in G,
        denoted by a−1 , such that

                                     a ◦ a−1 = a−1 ◦ a = e.

A group G with the property that a ◦ b = b ◦ a for all a, b ∈ G is called
abelian or commutative. Groups not satisfying this property are said to
be nonabelian or noncommutative.

Example 3. The integers Z = {. . . , −1, 0, 1, 2, . . .} form a group under the
operation of addition. The binary operation on two integers m, n ∈ Z is just
their sum. Since the integers under addition already have a well-established
notation, we will use the operator + instead of ◦; that is, we shall write m + n
instead of m ◦ n. The identity is 0, and the inverse of n ∈ Z is written as −n
instead of n−1 . Notice that the integers under addition have the additional
property that m + n = n + m and are therefore an abelian group.               
    Most of the time we will write ab instead of a ◦ b; however, if the group
already has a natural operation such as addition in the integers, we will use
that operation. That is, if we are adding two integers, we still write m + n,
44                                                     CHAPTER 3      GROUPS


                    Table 3.3. Cayley table for (Z5 , +)
                             +    0   1   2   3   4
                             0    0   1   2   3   4
                             1    1   2   3   4   0
                             2    2   3   4   0   1
                             3    3   4   0   1   2
                             4    4   0   1   2   3



−n for the inverse, and 0 for the identity as usual. We also write m − n
instead of m + (−n).
    It is often convenient to describe a group in terms of an addition or
multiplication table. Such a table is called a Cayley table.

Example 4. The integers mod n form a group under addition modulo n.
Consider Z5 , consisting of the equivalence classes of the integers 0, 1, 2, 3,
and 4. We define the group operation on Z5 by modular addition. We write
the binary operation on the group additively; that is, we write m + n. The
element 0 is the identity of the group and each element in Z5 has an inverse.
For instance, 2 + 3 = 3 + 2 = 0. Table 3.3 is a Cayley table for Z5 . By
Proposition 3.1, Zn = {0, 1, . . . , n − 1} is a group under the binary operation
of addition mod n.                                                              

Example 5. Not every set with a binary operation is a group. For example,
if we let modular multiplication be the binary operation on Zn , then Zn fails
to be a group. The element 1 acts as a group identity since 1 · k = k · 1 = k
for any k ∈ Zn ; however, a multiplicative inverse for 0 does not exist since
0 · k = k · 0 = 0 for every k in Zn . Even if we consider the set Zn \ {0},
we still may not have a group. For instance, let 2 ∈ Z6 . Then 2 has no
multiplicative inverse since

                            0·2=0         1·2=2
                            2·2=4         3·2=0
                            4·2=2         5 · 2 = 4.

By Proposition 3.1, every nonzero k does have an inverse in Zn if k is
relatively prime to n. Denote the set of all such nonzero elements in Zn by
U (n). Then U (n) is a group called the group of units of Zn . Table 3.4 is
a Cayley table for the group U (8).                                      
3.2   DEFINITIONS AND EXAMPLES                                              45


                 Table 3.4. Multiplication table for U (8)
                                   ·   1   3   5   7
                                   1   1   3   5   7
                                   3   3   1   7   5
                                   5   5   7   1   3
                                   7   7   5   3   1



Example 6. The symmetries of an equilateral triangle described in Sec-
tion 3.1 form a nonabelian group. As we observed, it is not necessarily true
that αβ = βα for two symmetries α and β. Using Table 3.2, which is a
Cayley table for this group, we can easily check that the symmetries of an
equilateral triangle are indeed a group. We will denote this group by either
S3 or D3 , for reasons that will be explained later.                      

Example 7. We use M2 (R) to denote the set of all 2 × 2 matrices. Let
GL2 (R) be the subset of M2 (R) consisting of invertible matrices; that is, a
matrix                                   
                                     a b
                              A=
                                     c d
is in GL2 (R) if there exists a matrix A−1 such that AA−1 = A−1 A = I,
where I is the 2 × 2 identity matrix. For A to have an inverse is equivalent to
requiring that the determinant of A be nonzero; that is, det A = ad − bc 6= 0.
The set of invertible matrices forms a group called the general linear group.
The identity of the group is the identity matrix
                                           
                                        1 0
                                  I=          .
                                        0 1

The inverse of A ∈ GL2 (R) is
                                                   
                             −1        1       d −b
                         A        =                   .
                                    ad − bc    −c a

The product of two invertible matrices is again invertible. Matrix multipli-
cation is associative, satisfying the other group axiom. For matrices it is
not true in general that AB = BA; hence, GL2 (R) is another example of a
nonabelian group.                                                        
46                                                         CHAPTER 3          GROUPS

Example 8. Let
                                                            
                             1      0             0        1
                         1=                   I=
                             0      1            −1        0
                                                         
                             0      i              i      0
                         J=                   K=              ,
                              i     0             0       −i

where i2 = −1. Then the relations I 2 = J 2 = K 2 = −1, IJ = K, JK = I,
KI = J, JI = −K, KJ = −I, and IK = −J hold. The set Q8 =
{±1, ±I, ±J, ±K} is a group called the quaternion group. Notice that Q8
is noncommutative.                                                    

Example 9. Let C∗ be the set of nonzero complex numbers. Under the
operation of multiplication C∗ forms a group. The identity is 1. If z = a + bi
is a nonzero complex number, then
                                             a − bi
                                    z −1 =
                                             a2 + b2
is the inverse of z. It is easy to see that the remaining group axioms hold. 
    A group is finite, or has finite order, if it contains a finite number of
elements; otherwise, the group is said to be infinite or to have infinite
order . The order of a finite group is the number of elements that it contains.
If G is a group containing n elements, we write |G| = n. The group Z5 is a
finite group of order 5; the integers Z form an infinite group under addition,
and we sometimes write |Z| = ∞.

Basic Properties of Groups
Proposition 3.2 The identity element in a group G is unique; that is, there
exists only one element e ∈ G such that eg = ge = g for all g ∈ G.

Proof. Suppose that e and e0 are both identities in G. Then eg = ge = g
and e0 g = ge0 = g for all g ∈ G. We need to show that e = e0 . If we think
of e as the identity, then ee0 = e0 ; but if e0 is the identity, then ee0 = e.
Combining these two equations, we have e = ee0 = e0 .                      
    Inverses in a group are also unique. If g 0 and g 00 are both inverses of an
element g in a group G, then gg 0 = g 0 g = e and gg 00 = g 00 g = e. We want
to show that g 0 = g 00 , but g 0 = g 0 e = g 0 (gg 00 ) = (g 0 g)g 00 = eg 00 = g 00 . We
summarize this fact in the following proposition.
3.2   DEFINITIONS AND EXAMPLES                                           47

Proposition 3.3 If g is any element in a group G, then the inverse of g,
g −1 , is unique.
Proposition 3.4 Let G be a group. If a, b ∈ G, then (ab)−1 = b−1 a−1 .
Proof. Let a, b ∈ G. Then abb−1 a−1 = aea−1 = aa−1 = e. Similarly,
b−1 a−1 ab = e. But by the previous proposition, inverses are unique; hence,
(ab)−1 = b−1 a−1 .                                                        
Proposition 3.5 Let G be a group. For any a ∈ G, (a−1 )−1 = a.
Proof. Observe that a−1 (a−1 )−1 = e. Consequently, multiplying both sides
of this equation by a, we have
               (a−1 )−1 = e(a−1 )−1 = aa−1 (a−1 )−1 = ae = a.
                                                                         
    It makes sense to write equations with group elements and group opera-
tions. If a and b are two elements in a group G, does there exist an element
x ∈ G such that ax = b? If such an x does exist, is it unique? The following
proposition answers both of these questions positively.
Proposition 3.6 Let G be a group and a and b be any two elements in G.
Then the equations ax = b and xa = b have unique solutions in G.
Proof. Suppose that ax = b. We must show that such an x exists.
Multiplying both sides of ax = b by a−1 , we have x = ex = a−1 ax = a−1 b.
    To show uniqueness, suppose that x1 and x2 are both solutions of ax = b;
then ax1 = b = ax2 . So x1 = a−1 ax1 = a−1 ax2 = x2 . The proof for the
existence and uniqueness of the solution of xa = b is similar.           
Proposition 3.7 If G is a group and a, b, c ∈ G, then ba = ca implies b = c
and ab = ac implies b = c.
    This proposition tells us that the right and left cancellation laws
are true in groups. We leave the proof as an exercise.
    We can use exponential notation for groups just as we do in ordinary
algebra. If G is a group and g ∈ G, then we define g 0 = e. For n ∈ N, we
define
                               gn = g · g · · · g
                                    | {z }
                                         n times
and
                          g −n = g −1 · g −1 · · · g −1 .
                                 |        {z          }
                                         n times
48                                                    CHAPTER 3        GROUPS

Theorem 3.8 In a group, the usual laws of exponents hold; that is, for all
g, h ∈ G,

     1. g m g n = g m+n for all m, n ∈ Z;

     2. (g m )n = g mn for all m, n ∈ Z;

     3. (gh)n = (h−1 g −1 )−n for all n ∈ Z. Furthermore, if G is abelian, then
        (gh)n = g n hn .

    We will leave the proof of this theorem as an exercise. Notice that
(gh)n 6= g n hn in general, since the group may not be abelian. If the group
is Z or Zn , we write the group operation additively and the exponential
operation multiplicatively; that is, we write ng instead of g n . The laws of
exponents now become

     1. mg + ng = (m + n)g for all m, n ∈ Z;

     2. m(ng) = (mn)g for all m, n ∈ Z;

     3. m(g + h) = mg + mh for all n ∈ Z.

It is important to realize that the last statement can be made only because
Z and Zn are commutative groups.

                                 Historical Note
Although the first clear axiomatic definition of a group was not given until the
late 1800s, group-theoretic methods had been employed before this time in the
development of many areas of mathematics, including geometry and the theory of
algebraic equations.
     Joseph-Louis Lagrange used group-theoretic methods in a 1770–1771 memoir to
study methods of solving polynomial equations. Later, Évariste Galois (1811–1832)
succeeded in developing the mathematics necessary to determine exactly which
polynomial equations could be solved in terms of the polynomials’ coefficients.
Galois’ primary tool was group theory.
     The study of geometry was revolutionized in 1872 when Felix Klein proposed
that geometric spaces should be studied by examining those properties that are
invariant under a transformation of the space. Sophus Lie, a contemporary of Klein,
used group theory to study solutions of partial differential equations. One of the
first modern treatments of group theory appeared in William Burnside’s The Theory
of Groups of Finite Order [1], first published in 1897.
3.3   SUBGROUPS                                                             49

3.3     Subgroups
Definitions and Examples
Sometimes we wish to investigate smaller groups sitting inside a larger group.
The set of even integers 2Z = {. . . , −2, 0, 2, 4, . . .} is a group under the
operation of addition. This smaller group sits naturally inside of the group
of integers under addition. We define a subgroup H of a group G to be a
subset H of G such that when the group operation of G is restricted to H,
H is a group in its own right. Observe that every group G with at least two
elements will always have at least two subgroups, the subgroup consisting of
the identity element alone and the entire group itself. The subgroup H = {e}
of a group G is called the trivial subgroup. A subgroup that is a proper
subset of G is called a proper subgroup. In many of the examples that we
have investigated up to this point, there exist other subgroups besides the
trivial and improper subgroups.

Example 10. Consider the set of nonzero real numbers, R∗ , with the group
operation of multiplication. The identity of this group is 1 and the inverse
of any element a ∈ R∗ is just 1/a. We will show that

                  Q∗ = {p/q : p and q are nonzero integers}

is a subgroup of R∗ . The identity of R∗ is 1; however, 1 = 1/1 is the quotient
of two nonzero integers. Hence, the identity of R∗ is in Q∗ . Given two
elements in Q∗ , say p/q and r/s, their product pr/qs is also in Q∗ . The
inverse of any element p/q ∈ Q∗ is again in Q∗ since (p/q)−1 = q/p. Since
multiplication in R∗ is associative, multiplication in Q∗ is associative.    

Example 11. Recall that C∗ is the multiplicative group of nonzero complex
numbers. Let H = {1, −1, i, −i}. Then H is a subgroup of C∗ . It is quite
easy to verify that H is a group under multiplication and that H ⊂ C∗ . 

Example 12. Let SL2 (R) be the subset of GL2 (R) consisting of matrices
of determinant one; that is, a matrix
                                         
                                      a b
                                A=
                                      c d

is in SL2 (R) exactly when ad − bc = 1. To show that SL2 (R) is a subgroup
of the general linear group, we must show that it is a group under matrix
50                                                      CHAPTER 3      GROUPS

multiplication. The 2 × 2 identity matrix is in SL2 (R), as is the inverse of
the matrix A:                              
                             −1      d −b
                            A =                .
                                     −c a
It remains to show that multiplication is closed; that is, that the product of
two matrices of determinant one also has determinant one. We will leave this
task as an exercise. The group SL2 (R) is called the special linear group.


Example 13. It is important to realize that a subset H of a group G can
be a group without being a subgroup of G. For H to be a subgroup of G
it must inherit G’s binary operation. The set of all 2 × 2 matrices, M2 (R),
forms a group under the operation of addition. The 2 × 2 general linear
group is a subset of M2 (R) and is a group under matrix multiplication, but
it is not a subgroup of M2 (R). If we add two invertible matrices, we do not
necessarily obtain another invertible matrix. Observe that
                                                
                       1 0        −1 0          0 0
                             +              =          ,
                       0 1         0 −1         0 0

but the zero matrix is not in GL2 (R).                                          

Example 14. One way of telling whether or not two groups are the same
is by examining their subgroups. Other than the trivial subgroup and the
group itself, the group Z4 has a single subgroup consisting of the elements
0 and 2. From the group Z2 , we can form another group of four elements
as follows. As a set this group is Z2 × Z2 . We perform the group operation
coordinatewise; that is, (a, b) + (c, d) = (a + c, b + d). Table 3.5 is an addition
table for Z2 × Z2 . Since there are three nontrivial proper subgroups of
Z2 × Z2 , H1 = {(0, 0), (0, 1)}, H2 = {(0, 0), (1, 0)}, and H3 = {(0, 0), (1, 1)},
Z4 and Z2 × Z2 must be different groups.                                          

                         +      (0,0)   (0,1)   (1,0)   (1,1)
                        (0,0)   (0,0)   (0,1)   (1,0)   (1,1)
                        (0,1)   (0,1)   (0,0)   (1,1)   (1,0)
                        (1,0)   (1,0)   (1,1)   (0,0)   (0,1)
                        (1,1)   (1,1)   (1,0)   (0,1)   (0,0)


                   Table 3.5. Addition table for Z2 × Z2
EXERCISES                                                                51

Some Subgroup Theorems
Let us examine some criteria for determining exactly when a subset of a
group is a subgroup.

Proposition 3.9 A subset H of G is a subgroup if and only if it satisfies
the following conditions.

  1. The identity e of G is in H.

  2. If h1 , h2 ∈ H, then h1 h2 ∈ H.

  3. If h ∈ H, then h−1 ∈ H.

Proof. First suppose that H is a subgroup of G. We must show that
the three conditions hold. Since H is a group, it must have an identity eH .
We must show that eH = e, where e is the identity of G. We know that
eH eH = eH and that eeH = eH e = eH ; hence, eeH = eH eH . By right-hand
cancellation, e = eH . The second condition holds since a subgroup H is a
group. To prove the third condition, let h ∈ H. Since H is a group, there is
an element h0 ∈ H such that hh0 = h0 h = e. By the uniqueness of the inverse
in G, h0 = h−1 .
    Conversely, if the three conditions hold, we must show that H is a
group under the same operation as G; however, these conditions plus the
associativity of the binary operation are exactly the axioms stated in the
definition of a group.                                                    

Proposition 3.10 Let H be a subset of a group G. Then H is a subgroup
of G if and only if H 6= ∅, and whenever g, h ∈ H then gh−1 is in H.

Proof. First assume that H is a subgroup of G. We wish to show that
gh−1 ∈ H whenever g and h are in H. Since h is in H, its inverse h−1 must
also be in H. Because of the closure of the group operation, gh−1 ∈ H.
    Conversely, suppose that H ⊂ G such that H =6 ∅ and gh−1 ∈ H whenever
g, h ∈ H. If g ∈ H, then gg = e is in H. If g ∈ H, then eg −1 = g −1 is also
                           −1

in H. Now let h1 , h2 ∈ H. We must show that their product is also in H.
However, h1 (h−1
               2 )
                  −1 = h h ∈ H. Hence, H is a subgroup of G.
                         1 2                                              


Exercises
   1. Find all x ∈ Z satisfying each of the following equations.
52                                                          CHAPTER 3          GROUPS

         (a) 3x ≡ 2 (mod 7)                        (d) 9x ≡ 3 (mod 5)
         (b) 5x + 1 ≡ 13 (mod 23)                  (e) 5x ≡ 1 (mod 6)
         (c) 5x + 1 ≡ 13 (mod 26)                  (f) 3x ≡ 1 (mod 6)

     2. Which of the following multiplication tables defined on the set G = {a, b, c, d}
        form a group? Support your answer in each case.

         (a)                                       (c)
                      ◦   a b    c   d                         ◦ a     b   c   d
                      a   a c    d   a                         a a     b   c   d
                      b   b b    c   d                         b b     c   d   a
                      c   c d    a   b                         c c     d   a   b
                      d   d a    b   c                         d d     a   b   c

         (b)                                       (d)
                      ◦   a   b c d                            ◦   a   b c d
                      a   a   b c d                            a   a   b c d
                      b   b   a d c                            b   b   a c d
                      c   c   d a b                            c   c   b a d
                      d   d   c b a                            d   d   d b c

     3. Write out Cayley tables for groups formed by the symmetries of a rectangle
        and for (Z4 , +). How many elements are in each group? Are the groups the
        same? Why or why not?
     4. Describe the symmetries of a rhombus and prove that the set of symmetries
        forms a group. Give Cayley tables for both the symmetries of a rectangle and
        the symmetries of a rhombus. Are the symmetries of a rectangle and those of
        a rhombus the same?
     5. Describe the symmetries of a square and prove that the set of symmetries is
        a group. Give a Cayley table for the symmetries. How many ways can the
        vertices of a square be permuted? Is each permutation necessarily a symmetry
        of the square? The symmetry group of the square is denoted by D4 .
     6. Give a multiplication table for the group U (12).
     7. Let S = R \ {−1} and define a binary operation on S by a ∗ b = a + b + ab.
        Prove that (S, ∗) is an abelian group.
     8. Give an example of two elements A and B in GL2 (R) with AB 6= BA.
     9. Prove that the product of two matrices in SL2 (R) has determinant one.
 10. Prove that the set of matrices of the     form
                                                    
                                        1      x   y
                                     0        1   z
                                        0      0   1
EXERCISES                                                                                                53

     is a group under matrix multiplication. This group, known as the Heisen-
     berg group, is important in quantum physics. Matrix multiplication in the
     Heisenberg group is defined by

                             1 x0 y 0        1 x + x0 y + y 0 + xz 0
                                                                
                1 x y
              0 1 z  0 1 z 0  = 0            1       z + z0  .
                0 0 1        0 0 1           0    0         1

 11. Prove that det(AB) = det(A) det(B) in GL2 (R). Use this result to show that
     the binary operation in the group GL2 (R) is closed; that is, if A and B are
     in GL2 (R), then AB ∈ GL2 (R).
 12. Let Zn2 = {(a1 , a2 , . . . , an ) : ai ∈ Z2 }. Define a binary operation on Zn2 by

           (a1 , a2 , . . . , an ) + (b1 , b2 , . . . , bn ) = (a1 + b1 , a2 + b2 , . . . , an + bn ).

     Prove that Zn2 is a group under this operation. This group is important in
     algebraic coding theory.
 13. Show that R∗ = R \ {0} is a group under the operation of multiplication.
 14. Given the groups R∗ and Z, let G = R∗ × Z. Define a binary operation ◦ on G
     by (a, m) ◦ (b, n) = (ab, m + n). Show that G is a group under this operation.
 15. Prove or disprove that every group containing six elements is abelian.
 16. Give a specific example of some group G and elements g, h ∈ G where
     (gh)n 6= g n hn .
 17. Give an example of three different groups with eight elements. Why are the
     groups different?
 18. Show that there are n! permutations of a set containing n items.
 19. Show that
                                    0+a≡a+0≡a                   (mod n)
     for all a ∈ Zn .
 20. Prove that there is a multiplicative identity for the integers modulo n:

                                          a·1≡a          (mod n).

 21. For each a ∈ Zn find a b ∈ Zn such that

                                    a+b≡b+a≡0                  (mod n).

 22. Show that addition and multiplication mod n are well defined operations. That
     is, show that the operations do not depend on the choice of the representative
     from the equivalence classes mod n.
 23. Show that addition and multiplication mod n are associative operations.
54                                                             CHAPTER 3   GROUPS

 24. Show that multiplication distributes over addition modulo n:

                                 a(b + c) ≡ ab + ac (mod n).

 25. Let a and b be elements in a group G. Prove that abn a−1 = (aba−1 )n for
     n ∈ Z.
 26. Let U (n) be the group of units in Zn . If n > 2, prove that there is an element
     k ∈ U (n) such that k 2 = 1 and k 6= 1.
                                                       −1
 27. Prove that the inverse of g1 g2 · · · gn is gn−1 gn−1 · · · g1−1 .
 28. Prove the remainder of Proposition 3.6: if G is a group and a, b ∈ G, then
     the equation xa = b has unique solutions in G.
 29. Prove Theorem 3.8.
 30. Prove the right and left cancellation laws for a group G; that is, show that in
     the group G, ba = ca implies b = c and ab = ac implies b = c for elements
     a, b, c ∈ G.
 31. Show that if a2 = e for all elements a in a group G, then G must be abelian.
 32. Show that if G is a finite group of even order, then there is an a ∈ G such
     that a is not the identity and a2 = e.
 33. Let G be a group and suppose that (ab)2 = a2 b2 for all a and b in G. Prove
     that G is an abelian group.
 34. Find all the subgroups of Z3 × Z3 . Use this information to show that Z3 × Z3
     is not the same group as Z9 . (See Example 14 for a short description of the
     product of groups.)
 35. Find all the subgroups of the symmetry group of an equilateral triangle.
 36. Compute the subgroups of the symmetry group of a square.
 37. Let H = {2k : k ∈ Z}. Show that H is a subgroup of Q∗ .
 38. Let n = 0, 1, 2, . . . and nZ = {nk : k ∈ Z}. Prove that nZ is a subgroup of Z.
     Show that these subgroups are the only subgroups of Z.
 39. Let T = {z ∈ C∗ : |z| = 1}. Prove that T is a subgroup of C∗ .
 40. Let G consist of the 2 × 2 matrices of the form
                                                  
                                    cos θ − sin θ
                                    sin θ cos θ

     where θ ∈ R. Prove that G is a subgroup of SL2 (R).
 41. Prove that
                            √
                  G = {a + b 2 : a, b ∈ Q and a and b are not both zero}

     is a subgroup of R∗ under the group operation of multiplication.
EXERCISES                                                                       55

 42. Let G be the group of 2 × 2 matrices under addition and
                                                  
                                   a b
                            H=             :a+d=0 .
                                    c d

     Prove that H is a subgroup of G.
 43. Prove or disprove: SL2 (Z), the set of 2 × 2 matrices with integer entries and
     determinant one, is a subgroup of SL2 (R).
 44. List the subgroups of the quaternion group, Q8 .
 45. Prove that the intersection of two subgroups of a group G is also a subgroup
     of G.
 46. Prove or disprove: If H and K are subgroups of a group G, then H ∪ K is a
     subgroup of G.
 47. Prove or disprove: If H and K are subgroups of a group G, then HK = {hk :
     h ∈ H and k ∈ K} is a subgroup of G. What if G is abelian?
 48. Let G be a group and g ∈ G. Show that

                       Z(G) = {x ∈ G : gx = xg for all g ∈ G}

     is a subgroup of G. This subgroup is called the center of G.
 49. Let a and b be elements of a group G. If a4 b = ba and a3 = e, prove that
     ab = ba.
 50. Let a and b be elements of a group G. If a4 b = ba and a3 = e, prove that
     ab = ba.
 51. Give an example of an infinite group in which every proper subgroup is finite.
 52. If xy = x−1 y −1 for all x and y in G, prove that G must be abelian.
 53. Prove or disprove: Every nontrivial subgroup of an nonabelian group is
     nonabelian.
 54. Let H be a subgroup of G and

                       C(H) = {g ∈ G : gh = hg for all h ∈ H}.

     Prove C(H) is a subgroup of G. This subgroup is called the centralizer of
     H in G.
 55. Let H be a subgroup of G. If g ∈ G, show that gHg −1 = {g −1 hg : h ∈ H} is
     also a subgroup of G.
56                                                                     CHAPTER 3         GROUPS




                             0        50000            30042             6



                                 Figure 3.3. A UPC code


Additional Exercises: Detecting Errors
Credit card companies, banks, book publishers, and supermarkets all take advantage
of the properties of integer arithmetic modulo n and group theory to obtain error
detection schemes for the identification codes that they use.
     1. UPC Symbols. Universal Product Code (UPC) symbols are found on most
        products in grocery and retail stores. The UPC symbol is a 12-digit code
        identifying the manufacturer of a product and the product itself (Figure 3.3).
        The first 11 digits contain information about the product; the twelfth digit is
        used for error detection. If d1 d2 · · · d12 is a valid UPC number, then

                3 · d1 + 1 · d2 + 3 · d3 + · · · + 3 · d11 + 1 · d12 ≡ 0           (mod 10).

         (a) Show that the UPC number 0-50000-30042-6, which appears in Fig-
             ure 3.3, is a valid UPC number.
         (b) Show that the number 0-50000-30043-6 is not a valid UPC number.
         (c) Write a formula to calculate the check digit, d12 , in the UPC number.
         (d) The UPC error detection scheme can detect most transposition errors;
             that is, it can determine if two digits have been interchanged. Show
             that the transposition error 0-05000-30042-6 is not detected. Find a
             transposition error that is detected. Can you find a general rule for the
             types of transposition errors that can be detected?
         (e) Write a program that will determine whether or not a UPC number is
             valid.

     2. It is often useful to use an inner product notation for this type of error
        detection scheme; hence, we will use the notion

                       (d1 , d2 , . . . , dk ) · (w1 , w2 , . . . , wk ) ≡ 0   (mod n)
EXERCISES                                                                                      57

      to mean
                           d1 w1 + d2 w2 + · · · + dk wk ≡ 0                (mod n).
      Suppose that (d1 , d2 , . . . , dk ) · (w1 , w2 , . . . , wk ) ≡ 0 (mod n) is an error detec-
      tion scheme for the k-digit identification number d1 d2 · · · dk , where 0 ≤ di < n.
      Prove that all single-digit errors are detected if and only if gcd(wi , n) = 1 for
      1 ≤ i ≤ k.
   3. Let (d1 , d2 , . . . , dk ) · (w1 , w2 , . . . , wk ) ≡ 0 (mod n) be an error detection
      scheme for the k-digit identification number d1 d2 · · · dk , where 0 ≤ di < n.
      Prove that all transposition errors of two digits di and dj are detected if and
      only if gcd(wi − wj , n) = 1 for i and j between 1 and k.
   4. ISBN Codes. Every book has an International Standard Book Number
      (ISBN) code. This is a 10-digit code indicating the book’s publisher and title.
      The tenth digit is a check digit satisfying

                        (d1 , d2 , . . . , d10 ) · (10, 9, . . . , 1) ≡ 0    (mod 11).

      One problem is that d10 might have to be a 10 to make the inner product zero;
      in this case, 11 digits would be needed to make this scheme work. Therefore,
      the character X is used for the eleventh digit. So ISBN 3-540-96035-X is a
      valid ISBN code.
       (a) Is ISBN 0-534-91500-0 a valid ISBN code? What about ISBN 0-534-
           91700-0 and ISBN 0-534-19500-0?
       (b) Does this method detect all single-digit errors? What about all transpo-
           sition errors?
        (c) How many different ISBN codes are there?
       (d) Write a computer program that will calculate the check digit for the
           first nine digits of an ISBN code.
        (e) A publisher has houses in Germany and the United States. Its German
            prefix is 3-540. If its United States prefix will be 0-abc, find abc such
            that the rest of the ISBN code will be the same for a book printed in
            Germany and in the United States. Under the ISBN coding method
            the first digit identifies the language; German is 3 and English is 0.
            The next group of numbers identifies the publisher, and the last group
            identifies the specific book.

References and Suggested Readings
References [2] and [3] show how group theory can be used in error detection schemes.
Other sources cover more advanced topics in group theory.
  [1] Burnside, W. Theory of Groups of Finite Order. 2nd ed. Cambridge University
      Press, Cambridge, 1911; Dover, New York, 1953. A classic. Also available at
      books.google.com.
58                                                  CHAPTER 3        GROUPS

 [2] Gallian, J. A. and Winters, S. “Modular Arithmetic in the Marketplace,” The
     American Mathematical Monthly 95(1988): 548–51.
 [3] Gallian, J. A. Contemporary Abstract Algebra. 7th ed. Brooks/Cole, Belmont,
     CA, 2009.
 [4] Hall, M. Theory of Groups. 2nd ed. American Mathematical Society, Provi-
     dence, 1959.
 [5] Kurosh, A. E. The Theory of Groups, vols. I and II. American Mathematical
     Society, Providence, 1979.
 [6] Rotman, J. J. An Introduction to the Theory of Groups. 4th ed. Springer,
     New York, 1995.
Sage The first half of this text is about group theory. Sage includes
GAP, a program designed primarly for just group theory, and in continuous
development since 1986. Many of Sage’s computations for groups ultimately
are performed by GAP.
                                        4
                   Cyclic Groups



The groups Z and Zn , which are among the most familiar and easily under-
stood groups, are both examples of what are called cyclic groups. In this
chapter we will study the properties of cyclic groups and cyclic subgroups,
which play a fundamental part in the classification of all abelian groups.


4.1    Cyclic Subgroups
Often a subgroup will depend entirely on a single element of the group;
that is, knowing that particular element will allow us to compute any other
element in the subgroup.

Example 1. Suppose that we consider 3 ∈ Z and look at all multiples (both
positive and negative) of 3. As a set, this is

                         3Z = {. . . , −3, 0, 3, 6, . . .}.

It is easy to see that 3Z is a subgroup of the integers. This subgroup is
completely determined by the element 3 since we can obtain all of the other
elements of the group by taking multiples of 3. Every element in the subgroup
is “generated” by 3.                                                        

Example 2. If H = {2n : n ∈ Z}, then H is a subgroup of the multiplicative
group of nonzero rational numbers, Q∗ . If a = 2m and b = 2n are in H, then
ab−1 = 2m 2−n = 2m−n is also in H. By Proposition 3.10, H is a subgroup
of Q∗ determined by the element 2.                                       




                                        59
60                                       CHAPTER 4       CYCLIC GROUPS

Theorem 4.1 Let G be a group and a be any element in G. Then the set

                             hai = {ak : k ∈ Z}

is a subgroup of G. Furthermore, hai is the smallest subgroup of G that
contains a.

Proof. The identity is in hai since a0 = e. If g and h are any two elements
in hai, then by the definition of hai we can write g = am and h = an for some
integers m and n. So gh = am an = am+n is again in hai. Finally, if g = an in
hai, then the inverse g −1 = a−n is also in hai. Clearly, any subgroup H of G
containing a must contain all the powers of a by closure; hence, H contains
hai. Therefore, hai is the smallest subgroup of G containing a.             
Remark. If we are using the “+” notation, as in the case of the integers
under addition, we write hai = {na : n ∈ Z}.
    For a ∈ G, we call hai the cyclic subgroup generated by a. If G contains
some element a such that G = hai, then G is a cyclic group. In this case a
is a generator of G. If a is an element of a group G, we define the order
of a to be the smallest positive integer n such that an = e, and we write
|a| = n. If there is no such integer n, we say that the order of a is infinite
and write |a| = ∞ to denote the order of a.

Example 3. Notice that a cyclic group can have more than a single generator.
Both 1 and 5 generate Z6 ; hence, Z6 is a cyclic group. Not every element in
a cyclic group is necessarily a generator of the group. The order of 2 ∈ Z6 is
3. The cyclic subgroup generated by 2 is h2i = {0, 2, 4}.                   
   The groups Z and Zn are cyclic groups. The elements 1 and −1 are
generators for Z. We can certainly generate Zn with 1 although there may
be other generators of Zn , as in the case of Z6 .

Example 4. The group of units, U (9), in Z9 is a cyclic group. As a set,
U (9) is {1, 2, 4, 5, 7, 8}. The element 2 is a generator for U (9) since

                             21 = 2      22 = 4
                             23 = 8      24 = 7
                             25 = 5      26 = 1.

                                                                            
4.1   CYCLIC SUBGROUPS                                                    61

Example 5. Not every group is a cyclic group. Consider the symmetry
group of an equilateral triangle S3 . The multiplication table for this group
is Table 3.2. The subgroups of S3 are shown in Figure 4.1. Notice that every
subgroup is cyclic; however, no single element generates the entire group.
                                                                            

                                             S3


                {id, ρ1 , ρ2 }   {id, µ1 }        {id, µ2 }   {id, µ3 }


                                         {id}


                         Figure 4.1. Subgroups of S3


Theorem 4.2 Every cyclic group is abelian.

Proof. Let G be a cyclic group and a ∈ G be a generator for G. If g and h
are in G, then they can be written as powers of a, say g = ar and h = as .
Since
                  gh = ar as = ar+s = as+r = as ar = hg,
G is abelian.                                                             

Subgroups of Cyclic Groups
We can ask some interesting questions about cyclic subgroups of a group
and subgroups of a cyclic group. If G is a group, which subgroups of G are
cyclic? If G is a cyclic group, what type of subgroups does G possess?

Theorem 4.3 Every subgroup of a cyclic group is cyclic.

Proof. The main tools used in this proof are the division algorithm and
the Principle of Well-Ordering. Let G be a cyclic group generated by a and
suppose that H is a subgroup of G. If H = {e}, then trivially H is cyclic.
Suppose that H contains some other element g distinct from the identity.
Then g can be written as an for some integer n. We can assume that n > 0.
62                                      CHAPTER 4          CYCLIC GROUPS

Let m be the smallest natural number such that am ∈ H. Such an m exists
by the Principle of Well-Ordering.
    We claim that h = am is a generator for H. We must show that every
h0 ∈ H can be written as a power of h. Since h0 ∈ H and H is a subgroup of
G, h0 = ak for some positive integer k. Using the division algorithm, we can
find numbers q and r such that k = mq + r where 0 ≤ r < m; hence,

                      ak = amq+r = (am )q ar = hq ar .

So ar = ak h−q . Since ak and h−q are in H, ar must also be in H. However,
m was the smallest positive number such that am was in H; consequently,
r = 0 and so k = mq. Therefore,

                            h0 = ak = amq = hq

and H is generated by h.                                                  

Corollary 4.4 The subgroups of Z are exactly nZ for n = 0, 1, 2, . . ..

Proposition 4.5 Let G be a cyclic group of order n and suppose that a is
a generator for G. Then ak = e if and only if n divides k.

Proof. First suppose that ak = e. By the division algorithm, k = nq + r
where 0 ≤ r < n; hence,

                    e = ak = anq+r = anq ar = ear = ar .

Since the smallest positive integer m such that am = e is n, r = 0.
   Conversely, if n divides k, then k = ns for some integer s. Consequently,

                        ak = ans = (an )s = es = e.

                                                                          

Theorem 4.6 Let G be a cyclic group of order n and suppose that a ∈ G
is a generator of the group. If b = ak , then the order of b is n/d, where
d = gcd(k, n).

Proof. We wish to find the smallest integer m such that e = bm = akm .
By Proposition 4.5, this is the smallest integer m such that n divides km or,
equivalently, n/d divides m(k/d). Since d is the greatest common divisor of
n and k, n/d and k/d are relatively prime. Hence, for n/d to divide m(k/d)
it must divide m. The smallest such m is n/d.                             
4.2   MULTIPLICATIVE GROUP OF COMPLEX NUMBERS                              63

Corollary 4.7 The generators of Zn are the integers r such that 1 ≤ r < n
and gcd(r, n) = 1.


Example 6. Let us examine the group Z16 . The numbers 1, 3, 5, 7, 9, 11,
13, and 15 are the elements of Z16 that are relatively prime to 16. Each of
these elements generates Z16 . For example,

            1·9=9                 2·9=2                 3 · 9 = 11
            4·9=4                 5 · 9 = 13            6·9=6
            7 · 9 = 15            8·9=8                 9·9=1
           10 · 9 = 10           11 · 9 = 3            12 · 9 = 12
           13 · 9 = 5            14 · 9 = 14           15 · 9 = 7.

                                                                           


4.2     Multiplicative Group of Complex Numbers
The complex numbers are defined as

                           C = {a + bi : a, b ∈ R},

where i2 = −1. If z = a + bi, then a is the real part of z and b is the
imaginary part of z.
    To add two complex numbers z = a + bi and w = c + di, we just add the
corresponding real and imaginary parts:

              z + w = (a + bi) + (c + di) = (a + c) + (b + d)i.

Remembering that i2 = −1, we multiply complex numbers just like polyno-
mials. The product of z and w is

      (a + bi)(c + di) = ac + bdi2 + adi + bci = (ac − bd) + (ad + bc)i.

   Every nonzero complex number z = a + bi has a multiplicative inverse;
that is, there exists a z −1 ∈ C∗ such that zz −1 = z −1 z = 1. If z = a + bi,
then
                                       a − bi
                                z −1 = 2      .
                                      a + b2
64                                         CHAPTER 4         CYCLIC GROUPS

The complex conjugate of a complex number z = a + bi is defined √ to be
z = a − bi. The absolute value or modulus of z = a + bi is |z| = a2 + b2 .

Example 7. Let z = 2 + 3i and w = 1 − 2i. Then

                     z + w = (2 + 3i) + (1 − 2i) = 3 + i

and
                       zw = (2 + 3i)(1 − 2i) = 8 − i.
Also,
                                     2  3
                              z −1 =   − i
                                    13 13
                                    √
                               |z| = 13
                                 z = 2 − 3i.

                                                                           

                                       y

                                               z1 = 2 + 3i
              z3 = −3 + 2i


                                       0                       x

                                           z2 = 1 − 2i




        Figure 4.2. Rectangular coordinates of a complex number

    There are several ways of graphically representing complex numbers. We
can represent a complex number z = a + bi as an ordered pair on the xy
plane where a is the x (or real) coordinate and b is the y (or imaginary)
coordinate. This is called the rectangular or Cartesian representation.
The rectangular representations of z1 = 2 + 3i, z2 = 1 − 2i, and z3 = −3 + 2i
are depicted in Figure 4.2.
    Nonzero complex numbers can also be represented using polar coordi-
nates. To specify any nonzero point on the plane, it suffices to give an angle
4.2   MULTIPLICATIVE GROUP OF COMPLEX NUMBERS                                65

                                          y

                                                                a + bi
                                                 r

                                                 θ
                                          0                              x




            Figure 4.3. Polar coordinates of a complex number


θ from the positive x axis in the counterclockwise direction and a distance r
from the origin, as in Figure 4.3. We can see that

                        z = a + bi = r(cos θ + i sin θ).

Hence,                                    p
                              r = |z| =    a2 + b2
and

                                  a = r cos θ
                                  b = r sin θ.

We sometimes abbreviate r(cos θ + i sin θ) as r cis θ. To assure that the
representation of z is well-defined, we also require that 0◦ ≤ θ < 360◦ . If the
measurement is in radians, then 0 ≤ θ < 2π.

Example 8. Suppose that z = 2 cis 60◦ . Then

                               a = 2 cos 60◦ = 1

and                                              √
                              b = 2 sin 60◦ =        3.
                                                          √
Hence, the rectangular representation is z = 1 +              3 i.
66                                            CHAPTER 4        CYCLIC GROUPS

   Conversely, if we are given a rectangular representation of a complex
number,
     √ it is√often useful to know the number’s polar representation. If
z = 3 2 − 3 2 i, then
                            p           √
                        r = a2 + b2 = 36 = 6

and                                
                                   b
                       θ = arctan     = arctan(−1) = 315◦ ,
                                   a
    √     √
so 3 2 − 3 2 i = 6 cis 315◦ .                                                        
    The polar representation of a complex number makes it easy to find prod-
ucts and powers of complex numbers. The proof of the following proposition
is straightforward and is left as an exercise.

Proposition 4.8 Let z = r cis θ and w = s cis φ be two nonzero complex
numbers. Then
                         zw = rs cis(θ + φ).


Example 9. If z = 3 cis(π/3) and w = 2 cis(π/6), then zw = 6 cis(π/2) = 6i.


Theorem 4.9 (DeMoivre) Let z = r cis θ be a nonzero complex number.
Then
                     [r cis θ]n = rn cis(nθ)
for n = 1, 2, . . ..

Proof. We will use induction on n. For n = 1 the theorem is trivial.
Assume that the theorem is true for all k such that 1 ≤ k ≤ n. Then

     z n+1 = z n z
           = rn (cos nθ + i sin nθ)r(cos θ + i sin θ)
           = rn+1 [(cos nθ cos θ − sin nθ sin θ) + i(sin nθ cos θ + cos nθ sin θ)]
           = rn+1 [cos(nθ + θ) + i sin(nθ + θ)]
           = rn+1 [cos(n + 1)θ + i sin(n + 1)θ].
4.2   MULTIPLICATIVE GROUP OF COMPLEX NUMBERS                                67

                                                                              

Example 10. Suppose that z = 1 + i and we wish to compute z 10 . Rather
than computing (1 + i)10 directly, it is much easier to switch to polar
coordinates and calculate z 10 using DeMoivre’s Theorem:

                           z 10 = (1 + i)10
                                  √         π 10
                                =     2 cis
                                              4 
                                   √ 10          5π
                                = ( 2 ) cis
                                                  2
                                         π 
                                = 32 cis
                                           2
                                = 32i.

                                                                              


The Circle Group and the Roots of Unity
The multiplicative group of the complex numbers, C∗ , possesses some inter-
esting subgroups. Whereas Q∗ and R∗ have no interesting subgroups of finite
order, C∗ has many. We first consider the circle group,

                            T = {z ∈ C : |z| = 1}.

The following proposition is a direct result of Proposition 4.8.

Proposition 4.10 The circle group is a subgroup of C∗ .

    Although the circle group has infinite order, it has many interesting finite
subgroups. Suppose that H = {1, −1, i, −i}. Then H is a subgroup of the
circle group. Also, 1, −1, i, and −i are exactly those complex numbers that
satisfy the equation z 4 = 1. The complex numbers satisfying the equation
z n = 1 are called the nth roots of unity .

Theorem 4.11 If z n = 1, then the nth roots of unity are
                                        
                                     2kπ
                           z = cis         ,
                                      n
where k = 0, 1, . . . , n − 1. Furthermore, the nth roots of unity form a cyclic
subgroup of T of order n.
68                                                    CHAPTER 4      CYCLIC GROUPS

Proof. By DeMoivre’s Theorem,
                               
                  n         2kπ
                 z = cis n        = cis(2kπ) = 1.
                             n

The z’s are distinct since the numbers 2kπ/n are all distinct and are greater
than or equal to 0 but less than 2π. The fact that these are all of the roots
of the equation z n = 1 follows from from Corollary 17.6, which states that a
polynomial of degree n can have at most n roots. We will leave the proof
that the nth roots of unity form a cyclic subgroup of T as an exercise. 
   A generator for the group of the nth roots of unity is called a primitive
nth root of unity .

Example 11. The 8th roots of unity can be represented as eight equally
spaced points on the unit circle (Figure 4.4). The primitive 8th roots of
unity are
                                  √     √
                                    2     2
                             ω=       +     i
                                   2√    2√
                                      2     2
                           ω3 = −       +      i
                                    √2    √2
                                      2     2
                           ω5 = −       −      i
                                  √2 √2
                                    2     2
                           ω7 =       −     i.
                                   2     2
                                                                                


4.3           The Method of Repeated Squares1
Computing large powers can be very time-consuming. Just as anyone can
compute 22 or 28 , everyone knows how to compute
                                                 1000000
                                            22             .

However, such numbers are so large that we do not want to attempt the
calculations; moreover, past a certain point the computations would not be
feasible even if we had every computer in the world at our disposal. Even
writing down the decimal representation of a very large number may not be
     1
         The results in this section are needed only in Chapter 7.
4.3   THE METHOD OF REPEATED SQUARES                                       69

                                                y
                                           i
                             ω3                          ω


                        −1                      0             1   x

                             ω5                          ω7
                                          −i



                      Figure 4.4. 8th roots of unity


reasonable. It could be thousands or even millions of digits long. However, if
we could compute something like 237398332 (mod 46389), we could very easily
write the result down since it would be a number between 0 and 46,388. If
we want to compute powers modulo n quickly and efficiently, we will have to
be clever.
    The first thing to notice is that any number a can be written as the sum
of distinct powers of 2; that is, we can write

                         a = 2k1 + 2k2 + · · · + 2kn ,

where k1 < k2 < · · · < kn . This is just the binary representation of a.
For example, the binary representation of 57 is 111001, since we can write
57 = 20 + 23 + 24 + 25 .
   The laws of exponents still work in Zn ; that is, if b ≡ ax (mod n) and
                                                               k
c ≡ ay (mod n), then bc ≡ ax+y (mod n). We can compute a2 (mod n) in
k multiplications by computing
                                       0
                                  a2           (mod n)
                                   21
                                  a            (mod n)
                                                ..
                                                 .
                                      k
                                  a2       (mod n).
70                                                     CHAPTER 4             CYCLIC GROUPS

Each step involves squaring the answer obtained in the previous step, dividing
by n, and taking the remainder.

Example 12. We will compute 271321 (mod 481). Notice that

                                 321 = 20 + 26 + 28 ;

hence, computing 271321 (mod 481) is the same as computing
                   0 +26 +28             0             6          8
              2712             ≡ 2712 · 2712 · 2712                     (mod 481).
                                             i
So it will suffice to compute 2712 (mod 481) where i = 0, 6, 8. It is very
easy to see that
                          1
                      2712 = 73,441 ≡ 329 (mod 481).
                                                                         2
We can square this result to obtain a value for 2712 (mod 481):
                                2                1
                         2712 ≡ (2712 )2                   (mod 481)
                                    ≡ (329)2           (mod 481)
                                    ≡ 108,241              (mod 481)
                                    ≡ 16         (mod 481).
                                     n                 n          n+1
We are using the fact that (a2 )2 ≡ a2·2 ≡ a2 (mod n). Continuing, we
can calculate
                              6
                         2712 ≡ 419 (mod 481)
and
                                    8
                               2712 ≡ 16              (mod 481).
Therefore,
                                     0 +26 +28
                 271321 ≡ 2712                         (mod 481)
                                    20           26           8
                          ≡ 271          · 271        · 2712          (mod 481)
                          ≡ 271 · 419 · 16                 (mod 481)
                          ≡ 1,816,784                (mod 481)
                          ≡ 47          (mod 481).

                                                                                        
    The method of repeated squares will prove to be a very useful tool when
we explore RSA cryptography in Chapter 7. To encode and decode messages
in a reasonable manner under this scheme, it is necessary to be able to
quickly compute large powers of integers mod n.
EXERCISES                                                                       71

Exercises
  1. Prove or disprove each of the following statements.
      (a) U (8) is cyclic.
      (b) All of the generators of Z60 are prime.
      (c) Q is cyclic.
      (d) If every proper subgroup of a group G is cyclic, then G is a cyclic group.
      (e) A group with a finite number of subgroups is finite.
  2. Find the order of each of the following elements.
                                       √
      (a) 5 ∈ Z12                (c)       3 ∈ R∗           (e) 72 in Z240
          √                                    ∗
      (b) 3 ∈ R                  (d) −i ∈ C                 (f) 312 in Z471

  3. List all of the elements in each of the following subgroups.
      (a) The subgroup of Z generated by 7
      (b) The subgroup of Z24 generated by 15
      (c) All subgroups of Z12
      (d) All subgroups of Z60
      (e) All subgroups of Z13
      (f) All subgroups of Z48
      (g) The subgroup generated by 3 in U (20)
      (h) The subgroup generated by 5 in U (18)
      (i) The subgroup of R∗ generated by 7
      (j) The subgroup of C∗ generated by i where i2 = −1
      (k) The subgroup of C∗ generated by 2i
                                                  √
      (l) The subgroup of C∗ generated by (1 + i)/ 2
                                               √
     (m) The subgroup of C∗ generated by (1 + 3 i)/2
  4. Find the subgroups of GL2 (R) generated by each of the following matrices.
                                                                  
             0 1                     1 −1                       1 −1
      (a)                      (c)                       (e)
            −1 0                     1 0                       −1 0
                                                         √             
            0 1/3                    1 −1                        3/2 √1/2
      (b)                      (d)                       (f)
            3   0                    0 1                        −1/2    3/2

  5. Find the order of every element in Z18 .
  6. Find the order of every element in the symmetry group of the square, D4 .
72                                                 CHAPTER 4           CYCLIC GROUPS

     7. What are all of the cyclic subgroups of the quaternion group, Q8 ?
     8. List all of the cyclic subgroups of U (30).
     9. List every generator of each subgroup of order 8 in Z32 .
 10. Find all elements of finite order in each of the following groups. Here the “∗”
     indicates the set with zero removed.

         (a) Z                           (b) Q∗                        (c) R∗

 11. If a24 = e in a group G, what are the possible orders of a?
 12. Find a cyclic group with exactly one generator. Can you find cyclic groups
     with exactly two generators? Four generators? How about n generators?
 13. For n ≤ 20, which groups U (n) are cyclic? Make a conjecture as to what is
     true in general. Can you prove your conjecture?
 14. Let                                                              
                                    0     1                     0      −1
                           A=                     and       B=
                                    −1    0                     1      −1
        be elements in GL2 (R). Show that A and B have finite orders but AB does
        not.
 15. Evaluate each of the following.

         (a) (3 − 2i) + (5i − 6)                        (d) (9 − i)(9 − i)
         (b) (4 − 5i) − (4i − 4)                        (e) i45
         (c) (5 − 4i)(7 + 2i)                           (f) (1 + i) + (1 + i)

 16. Convert the following complex numbers to the form a + bi.

         (a) 2 cis(π/6)                                 (c) 3 cis(π)
         (b) 5 cis(9π/4)                                (d) cis(7π/4)/2

 17. Change the following complex numbers to polar representation.

         (a) 1 − i                       (c) 2 + 2i                    (e) −3i
                                             √                                   √
         (b) −5                          (d) 3 + i                     (f) 2i + 2 3

 18. Calculate each of the following expressions.
EXERCISES                                                                      73

      (a)   (1 + i)−1                          (e) ((1 − i)/2)4
      (b)   (1 − i)6                                  √     √
             √                                 (f) (− 2 − 2 i)12
      (c)   ( 3 + i)5
      (d)   (−i)10                             (g) (−2 + 2i)−5

 19. Prove each of the following statements.

      (a) |z| = |z|                            (d) |z + w| ≤ |z| + |w|
                      2
      (b) zz = |z|                             (e) |z − w| ≥ ||z| − |w||
              −1             2
      (c) z        = z/|z|                     (f) |zw| = |z||w|

 20. List and graph the 6th roots of unity. What are the generators of this group?
     What are the primitive 6th roots of unity?
 21. List and graph the 5th roots of unity. What are the generators of this group?
     What are the primitive 5th roots of unity?
 22. Calculate each of the following.

      (a) 2923171 (mod 582)                    (c) 20719521 (mod 4724)
      (b) 2557341 (mod 5681)                   (d) 971321 (mod 765)

 23. Let a, b ∈ G. Prove the following statements.
      (a) The order of a is the same as the order of a−1 .
      (b) For all g ∈ G, |a| = |g −1 ag|.
      (c) The order of ab is the same as the order of ba.
 24. Let p and q be distinct primes. How many generators does Zpq have?
 25. Let p be prime and r be a positive integer. How many generators does Zpr
     have?
 26. Prove that Zp has no nontrivial subgroups if p is prime.
 27. If g and h have orders 15 and 16 respectively in a group G, what is the order
     of hgi ∩ hhi?
 28. Let a be an element in a group G. What is a generator for the subgroup
     ham i ∩ han i?
 29. Prove that Zn has an even number of generators for n > 2.
 30. Suppose that G is a group and let a, b ∈ G. Prove that if |a| = m and |b| = n
     with gcd(m, n) = 1, then hai ∩ hbi = {e}.
 31. Let G be an abelian group. Show that the elements of finite order in G form
     a subgroup. This subgroup is called the torsion subgroup of G.
74                                            CHAPTER 4         CYCLIC GROUPS

 32. Let G be a finite cyclic group of order n generated by x. Show that if y = xk
     where gcd(k, n) = 1, then y must be a generator of G.
 33. If G is an abelian group that contains a pair of cyclic subgroups of order 2,
     show that G must contain a subgroup of order 4. Does this subgroup have to
     be cyclic?
 34. Let G be an abelian group of order pq where gcd(p, q) = 1. If G contains
     elements a and b of order p and q respectively, then show that G is cyclic.
 35. Prove that the subgroups of Z are exactly nZ for n = 0, 1, 2, . . ..
 36. Prove that the generators of Zn are the integers r such that 1 ≤ r < n and
     gcd(r, n) = 1.
 37. Prove that if G has no proper nontrivial subgroups, then G is a cyclic group.
 38. Prove that the order of an element in a cyclic group G must divide the order
     of the group.
 39. For what integers n is −1 an nth root of unity?
 40. If z = r(cos θ + i sin θ) and w = s(cos φ + i sin φ) are two nonzero complex
     numbers, show that

                             zw = rs[cos(θ + φ) + i sin(θ + φ)].

 41. Prove that the circle group is a subgroup of C∗ .
 42. Prove that the nth roots of unity form a cyclic subgroup of T of order n.
 43. Let α ∈ T. Prove that αm = 1 and αn = 1 if and only if αd = 1 for
     d = gcd(m, n).
 44. Let z ∈ C∗ . If |z| =
                         6 1, prove that the order of z is infinite.
 45. Let z = cos θ + i sin θ be in T where θ ∈ Q. Prove that the order of z is
     infinite.

Programming Exercises
     1. Write a computer program that will write any decimal number as the sum
        of distinct powers of 2. What is the largest integer that your program will
        handle?
     2. Write a computer program to calculate ax (mod n) by the method of repeated
        squares. What are the largest values of n and x that your program will accept?
EXERCISES                                                                   75

References and Suggested Readings
  [1] Koblitz, N. A Course in Number Theory and Cryptography. 2nd ed. Springer,
      New York, 1994.
  [2] Pomerance, C. “Cryptology and Computational Number Theory—An Intro-
      duction,” in Cryptology and Computational Number Theory, Pomerance, C.,
      ed. Proceedings of Symposia in Applied Mathematics, vol. 42, American
      Mathematical Society, Providence, RI, 1990. This book gives an excellent
      account of how the method of repeated squares is used in cryptography.

Sage Sage support for cyclic groups is a little spotty — but this situation
could change soon.
                                    5
           Permutation Groups



Permutation groups are central to the study of geometric symmetries and to
Galois theory, the study of finding solutions of polynomial equations. They
also provide abundant examples of nonabelian groups.
    Let us recall for a moment the symmetries of the equilateral triangle
4ABC from Chapter 3. The symmetries actually consist of permutations
of the three vertices, where a permutation of the set S = {A, B, C} is a
one-to-one and onto map π : S → S. The three vertices have the following
six permutations.
                                                        
               A B C              A B C             A B C
               A B C              C A B             B C A
                                                        
               A B C              A B C             A B C
               A C B              C B A             B A C

We have used the array                     
                                A B C
                                B C A
to denote the permutation that sends A to B, B to C, and C to A. That is,

                                  A 7→ B
                                  B 7→ C
                                  C 7→ A.

The symmetries of a triangle form a group. In this chapter we will study
groups of this type.




                                    76
5.1    DEFINITIONS AND NOTATION                                             77

5.1      Definitions and Notation
In general, the permutations of a set X form a group SX . If X is a finite
set, we can assume X = {1, 2, . . . , n}. In this case we write Sn instead of
SX . The following theorem says that Sn is a group. We call this group the
symmetric group on n letters.

Theorem 5.1 The symmetric group on n letters, Sn , is a group with n!
elements, where the binary operation is the composition of maps.

Proof. The identity of Sn is just the identity map that sends 1 to 1, 2 to
2, . . ., n to n. If f : Sn → Sn is a permutation, then f −1 exists, since f is
one-to-one and onto; hence, every permutation has an inverse. Composition
of maps is associative, which makes the group operation associative. We
leave the proof that |Sn | = n! as an exercise.                              
      A subgroup of Sn is called a permutation group.

Example 1. Consider the subgroup G of S5 consisting of the identity
permutation id and the permutations
                                       
                              1 2 3 4 5
                         σ=
                              1 2 3 5 4
                                       
                              1 2 3 4 5
                         τ=
                              3 2 1 4 5
                                       
                              1 2 3 4 5
                         µ=               .
                              3 2 1 5 4

The following table tells us how to multiply elements in the permutation
group G.
                              ◦   id   σ    τ    µ
                             id   id   σ    τ    µ
                             σ    σ    id   µ    τ
                             τ    τ    µ    id   σ
                             µ    µ    τ    σ    id
                                                                             
Remark. Though it is natural to multiply elements in a group from left to
right, functions are composed from right to left. Let σ and τ be permutations
on a set X. To compose σ and τ as functions, we calculate (σ◦τ )(x) = σ(τ (x)).
78                              CHAPTER 5       PERMUTATION GROUPS

That is, we do τ first, then σ. There are several ways to approach this
inconsistency. We will adopt the convention of multiplying permutations
right to left. To compute στ , do τ first and then σ. That is, by στ (x) we
mean σ(τ (x)). (Another way of solving this problem would be to write
functions on the right; that is, instead of writing σ(x), we could write (x)σ.
We could also multiply permutations left to right to agree with the usual
way of multiplying elements in a group. Certainly all of these methods have
been used.

Example 2. Permutation multiplication is not usually commutative. Let
                                        
                              1 2 3 4
                       σ=
                              4 1 2 3
                                        
                              1 2 3 4
                       τ=                  .
                              2 1 4 3

Then                                    
                                  1 2 3 4
                            στ =           ,
                                  1 4 3 2
but                                     
                                  1 2 3 4
                            τσ =           .
                                  3 2 1 4
                                                                           


Cycle Notation
The notation that we have used to represent permutations up to this point is
cumbersome, to say the least. To work effectively with permutation groups,
we need a more streamlined method of writing down and manipulating
permutations.
     A permutation σ ∈ SX is a cycle of length k if there exist elements
a1 , a2 , . . . , ak ∈ X such that

                                 σ(a1 ) = a2
                                 σ(a2 ) = a3
                                       ..
                                        .
                                 σ(ak ) = a1
5.1   DEFINITIONS AND NOTATION                                                         79

and σ(x) = x for all other elements x ∈ X. We will write (a1 , a2 , . . . , ak ) to
denote the cycle σ. Cycles are the building blocks of all permutations.

Example 3. The permutation
                                 
                    1 2 3 4 5 6 7
              σ=                    = (162354)
                    6 3 5 1 4 2 7
is a cycle of length 6, whereas
                                       
                            1 2 3 4 5 6
                       τ=                 = (243)
                            1 4 2 3 5 6
is a cycle of length 3.
    Not every permutation is a cycle. Consider the permutation
                                      
                        1 2 3 4 5 6
                                         = (1243)(56).
                        2 4 1 3 6 5
This permutation actually contains a cycle of length 2 and a cycle of length 4.
                                                                            

Example 4. It is very easy to compute products of cycles. Suppose that
                           σ = (1352)       and τ = (256).
If we think of σ as
                    1 7→ 3,       3 7→ 5,       5 7→ 2,       2 7→ 1,
and τ as
                           2 7→ 5,       5 7→ 6,       6 7→ 2,
then for στ remembering that we apply τ first and then σ, it must be the
case that
              1 7→ 3,   3 7→ 5,   5 7→ 6,      6 7→ 2 7→ 1,
or στ = (1356). If µ = (1634), then σµ = (1652)(34).                                    
   Two cycles in SX , σ = (a1 , a2 , . . . , ak ) and τ = (b1 , b2 , . . . , bl ), are dis-
joint if ai 6= bj for all i and j.

Example 5. The cycles (135) and (27) are disjoint; however, the cycles
(135) and (347) are not. Calculating their products, we find that
                                (135)(27) = (135)(27)
                               (135)(347) = (13475).
80                                  CHAPTER 5         PERMUTATION GROUPS

The product of two cycles that are not disjoint may reduce to something less
complicated; the product of disjoint cycles cannot be simplified.         

Proposition 5.2 Let σ and τ be two disjoint cycles in SX . Then στ = τ σ.

Proof. Let σ = (a1 , a2 , . . . , ak ) and τ = (b1 , b2 , . . . , bl ). We must show
that στ (x) = τ σ(x) for all x ∈ X. If x is neither in {a1 , a2 , . . . , ak } nor
{b1 , b2 , . . . , bl }, then both σ and τ fix x. That is, σ(x) = x and τ (x) = x.
Hence,

           στ (x) = σ(τ (x)) = σ(x) = x = τ (x) = τ (σ(x)) = τ σ(x).

Do not forget that we are multiplying permutations right to left, which is
the opposite of the order in which we usually multiply group elements. Now
suppose that x ∈ {a1 , a2 , . . . , ak }. Then σ(ai ) = a(i mod k)+1 ; that is,

                                       a1 7→ a2
                                       a2 →7 a3
                                         ..
                                          .
                                     ak−1 7→ ak
                                       ak 7→ a1 .

However, τ (ai ) = ai since σ and τ are disjoint. Therefore,

                             στ (ai ) = σ(τ (ai ))
                                     = σ(ai )
                                     = a(i mod k)+1
                                     = τ (a(i mod k)+1 )
                                     = τ (σ(ai ))
                                     = τ σ(ai ).

Similarly, if x ∈ {b1 , b2 , . . . , bl }, then σ and τ also commute.            

Theorem 5.3 Every permutation in Sn can be written as the product of
disjoint cycles.

Proof. We can assume that X = {1, 2, . . . , n}. Let σ ∈ Sn , and define X1
to be {σ(1), σ 2 (1), . . .}. The set X1 is finite since X is finite. Now let i be
the first integer in X that is not in X1 and define X2 by {σ(i), σ 2 (i), . . .}.
5.1   DEFINITIONS AND NOTATION                                                       81

Again, X2 is a finite set. Continuing in this manner, we can define finite
disjoint sets X3 , X4 , . . .. Since X is a finite set, we are guaranteed that this
process will end and there will be only a finite number of these sets, say r.
If σi is the cycle defined by
                                        
                                          σ(x) x ∈ Xi
                               σi (x) =
                                          x      x∈ / Xi ,

then σ = σ1 σ2 · · · σr . Since the sets X1 , X2 , . . . , Xr are disjoint, the cycles
σ1 , σ2 , . . . , σr must also be disjoint.                                         

Example 6. Let
                                                             
                                 1        2 3 4 5 6
                             σ=
                                 6        4 3 1 5 2
                                                   
                                 1        2 3 4 5 6
                             τ=                       .
                                 3        2 1 5 6 4

Using cycle notation, we can write

                                      σ = (1624)
                                      τ = (13)(456)
                                    στ = (136)(245)
                                    τ σ = (143)(256).

                                                                                     
Remark. From this point forward we will find it convenient to use cycle
notation to represent permutations. When using cycle notation, we often
denote the identity permutation by (1).

Transpositions
The simplest permutation is a cycle of length 2. Such cycles are called
transpositions. Since

              (a1 , a2 , . . . , an ) = (a1 an )(a1 an−1 ) · · · (a1 a3 )(a1 a2 ),

any cycle can be written as the product of transpositions, leading to the
following proposition.

Proposition 5.4 Any permutation of a finite set containing at least two
elements can be written as the product of transpositions.
82                               CHAPTER 5              PERMUTATION GROUPS

Example 7. Consider the permutation

             (16)(253) = (16)(23)(25) = (16)(45)(23)(45)(25).

As we can see, there is no unique way to represent permutation as the product
of transpositions. For instance, we can write the identity permutation as
(12)(12), as (13)(24)(13)(24), and in many other ways. However, as it turns
out, no permutation can be written as the product of both an even number
of transpositions and an odd number of transpositions. For instance, we
could represent the permutation (16) by

                                  (23)(16)(23)

or by
                       (35)(16)(13)(16)(13)(35)(56),
but (16) will always be the product of an odd number of transpositions. 

Lemma 5.5 If the identity is written as the product of r transpositions,

                                id = τ1 τ2 · · · τr ,

then r is an even number.

Proof. We will employ induction on r. A transposition cannot be the
identity; hence, r > 1. If r = 2, then we are done. Suppose that r > 2. In
this case the product of the last two transpositions, τr−1 τr , must be one of
the following cases:

                             (ab)(ab) = id
                             (bc)(ab) = (ac)(bc)
                             (cd)(ab) = (ab)(cd)
                             (ac)(ab) = (ab)(bc),

where a, b, c, and d are distinct.
    The first equation simply says that a transposition is its own inverse. If
this case occurs, delete τr−1 τr from the product to obtain

                            id = τ1 τ2 · · · τr−3 τr−2 .

By induction r − 2 is even; hence, r must be even.
5.1   DEFINITIONS AND NOTATION                                                83

    In each of the other three cases, we can replace τr−1 τr with the right-hand
side of the corresponding equation to obtain a new product of r transpositions
for the identity. In this new product the last occurrence of a will be in the
next-to-the-last transposition. We can continue this process with τr−2 τr−1
to obtain either a product of r − 2 transpositions or a new product of r
transpositions where the last occurrence of a is in τr−2 . If the identity is the
product of r − 2 transpositions, then again we are done, by our induction
hypothesis; otherwise, we will repeat the procedure with τr−3 τr−2 .
    At some point either we will have two adjacent, identical transpositions
canceling each other out or a will be shuffled so that it will appear only in
the first transposition. However, the latter case cannot occur, because the
identity would not fix a in this instance. Therefore, the identity permutation
must be the product of r − 2 transpositions and, again by our induction
hypothesis, we are done.                                                       

Theorem 5.6 If a permutation σ can be expressed as the product of an even
number of transpositions, then any other product of transpositions equaling
σ must also contain an even number of transpositions. Similarly, if σ can
be expressed as the product of an odd number of transpositions, then any
other product of transpositions equaling σ must also contain an odd number
of transpositions.

Proof. Suppose that

                         σ = σ1 σ2 · · · σm = τ1 τ2 · · · τn ,

where m is even. We must show that n is also an even number. The inverse
of σ is σm · · · σ1 . Since

                     id = σσm · · · σ1 = τ1 · · · τn σm · · · σ1 ,

n must be even by Lemma 5.5. The proof for the case in which σ can be
expressed as an odd number of transpositions is left as an exercise. 
   In light of Theorem 5.6, we define a permutation to be even if it can
be expressed as an even number of transpositions and odd if it can be
expressed as an odd number of transpositions.

The Alternating Groups
One of the most important subgroups of Sn is the set of all even permutations,
An . The group An is called the alternating group on n letters.
84                               CHAPTER 5             PERMUTATION GROUPS

Theorem 5.7 The set An is a subgroup of Sn .

Proof. Since the product of two even permutations must also be an even
permutation, An is closed. The identity is an even permutation and therefore
is in An . If σ is an even permutation, then

                                σ = σ1 σ2 · · · σr ,

where σi is a transposition and r is even. Since the inverse of any transposition
is itself,
                              σ −1 = σr σr−1 · · · σ1
is also in An .                                                                

Proposition 5.8 The number of even permutations in Sn , n ≥ 2, is equal
to the number of odd permutations; hence, the order of An is n!/2.

Proof. Let An be the set of even permutations in Sn and Bn be the set of
odd permutations. If we can show that there is a bijection between these
sets, they must contain the same number of elements. Fix a transposition σ
in Sn . Since n ≥ 2, such a σ exists. Define

                                 λ σ : An → B n

by
                                  λσ (τ ) = στ.
Suppose that λσ (τ ) = λσ (µ). Then στ = σµ and so

                          τ = σ −1 στ = σ −1 σµ = µ.

Therefore, λσ is one-to-one. We will leave the proof that λσ is surjective to
the reader.                                                                

Example 8. The group A4 is the subgroup of S4 consisting of even permu-
tations. There are twelve elements in A4 :

              (1)         (12)(34)          (13)(24)       (14)(23)
              (123)       (132)             (124)          (142)
              (134)       (143)             (234)          (243).

One of the end-of-chapter exercises will be to write down all the subgroups
of A4 . You will find that there is no subgroup of order 6. Does this surprise
you?                                                                        
5.2   DIHEDRAL GROUPS                                                             85

                                Historical Note

Lagrange first thought of permutations as functions from a set to itself, but it was
Cauchy who developed the basic theorems and notation for permutations. He was
the first to use cycle notation. Augustin-Louis Cauchy (1789–1857) was born in
Paris at the height of the French Revolution. His family soon left Paris for the
village of Arcueil to escape the Reign of Terror. One of the family’s neighbors there
was Pierre-Simon Laplace (1749–1827), who encouraged him to seek a career in
mathematics. Cauchy began his career as a mathematician by solving a problem
in geometry given to him by Lagrange. Over 800 papers were written by Cauchy
on such diverse topics as differential equations, finite groups, applied mathematics,
and complex analysis. He was one of the mathematicians responsible for making
calculus rigorous. Perhaps more theorems and concepts in mathematics have the
name Cauchy attached to them than that of any other mathematician.


                                            1
                                   n                2


                           n−1                          3


                                                    4


                         Figure 5.1. A regular n-gon



5.2     Dihedral Groups
Another special type of permutation group is the dihedral group. Recall the
symmetry group of an equilateral triangle in Chapter 3. Such groups consist
of the rigid motions of a regular n-sided polygon or n-gon. For n = 3, 4, . . .,
we define the nth dihedral group to be the group of rigid motions of a
regular n-gon. We will denote this group by Dn . We can number the vertices
of a regular n-gon by 1, 2, . . . , n (Figure 5.1). Notice that there are exactly
n choices to replace the first vertex. If we replace the first vertex by k, then
the second vertex must be replaced either by vertex k + 1 or by vertex k − 1;
hence, there are 2n possible rigid motions of the n-gon. We summarize these
results in the following theorem.
86                                    CHAPTER 5                 PERMUTATION GROUPS

Theorem 5.9 The dihedral group, Dn , is a subgroup of Sn of order 2n.


                        1                                          2
                  8               2                         1           3
                                           rotation
              7                       3                 8                   4

                  6               4                         7           5
                        5                                          6
                        1                                          1
                  8               2                         2           8
                                          reflection
              7                       3                 3                   7

                  6               4                         4           6
                        5                                          5


          Figure 5.2. Rotations and reflections of a regular n-gon


Theorem 5.10 The group Dn , n ≥ 3, consists of all products of the two
elements r and s, satisfying the relations

                                           rn = id
                                           s2 = id
                                          srs = r−1 .

Proof. The possible motions of a regular n-gon are either reflections or
rotations (Figure 5.2). There are exactly n possible rotations:
                            360◦      360◦                     360◦
                      id,        ,2 ·      , . . . , (n − 1) ·      .
                             n         n                        n
We will denote the rotation 360◦ /n by r. The rotation r generates all of the
other rotations. That is,
                                                360◦
                                   rk = k ·          .
                                                 n
Label the n reflections s1 , s2 , . . . , sn , where sk is the reflection that leaves
vertex k fixed. There are two cases of reflection, depending on whether n
5.2   DIHEDRAL GROUPS                                                       87

                       1                                 1

               6                   2         2                   6


               5                   3         3                   5

                       4                                 4
                       1                                 1

               5                   2         2                   5


                   4           3                 3           4


            Figure 5.3. Types of reflections of a regular n-gon


is even or odd. If there are an even number of vertices, then 2 vertices are
left fixed by a reflection. If there are an odd number of vertices, then only
a single vertex is left fixed by a reflection (Figure 5.3). In either case, the
order of sk is two. Let s = s1 . Then s2 = id and rn = id. Since any rigid
motion t of the n-gon replaces the first vertex by the vertex k, the second
vertex must be replaced by either k + 1 or by k − 1. If the second vertex is
replaced by k + 1, then t = rk−1 . If it is replaced by k − 1, then t = rk−1 s.
Hence, r and s generate Dn ; that is, Dn consists of all finite products of r
and s. We will leave the proof that srs = r−1 as an exercise.                

                           1                         2




                           4                         3


                        Figure 5.4. The group D4
88                              CHAPTER 5         PERMUTATION GROUPS

Example 9. The group of rigid motions of a square, D4 , consists of eight
elements. With the vertices numbered 1, 2, 3, 4 (Figure 5.4), the rotations
are

                                 r = (1234)
                                r2 = (13)(24)
                                r3 = (1432)
                                r4 = id

and the reflections are

                                 s1 = (24)
                                 s2 = (13).

The order of D4 is 8. The remaining two elements are

                               rs1 = (12)(34)
                              r3 s1 = (14)(23).

                                                                            

                                1                  2
                          4                  3




                                3                  4
                          2                  1


                 Figure 5.5. The motion group of a cube


The Motion Group of a Cube
We can investigate the groups of rigid motions of geometric objects other
than a regular n-sided polygon to obtain interesting examples of permutation
groups. Let us consider the group of rigid motions of a cube. One of the first
EXERCISES                                                                    89

questions that we can ask about this group is “what is its order?” A cube
has 6 sides. If a particular side is facing upward, then there are four possible
rotations of the cube that will preserve the upward-facing side. Hence, the
order of the group is 6 · 4 = 24. We have just proved the following proposition.

Proposition 5.11 The group of rigid motions of a cube contains 24 ele-
ments.

Theorem 5.12 The group of rigid motions of a cube is S4 .


                 1                  2              2                1
         4                  3              4                 3




                 3                  4              3                4
         2                  1              1                 2


        Figure 5.6. Transpositions in the motion group of a cube

Proof. From Proposition 5.11, we already know that the motion group of
the cube has 24 elements, the same number of elements as there are in S4 .
There are exactly four diagonals in the cube. If we label these diagonals 1,
2, 3, and 4, we must show that the motion group of the cube will give us
any permutation of the diagonals (Figure 5.5). If we can obtain all of these
permutations, then S4 and the group of rigid motions of the cube must be
the same. To obtain a transposition we can rotate the cube 180◦ about the
axis joining the midpoints of opposite edges (Figure 5.6). There are six such
axes, giving all transpositions in S4 . Since every element in S4 is the product
of a finite number of transpositions, the motion group of a cube must be S4 .
                                                                              


Exercises
   1. Write the following permutations in cycle notation.
90                                             CHAPTER 5     PERMUTATION GROUPS

          (a)                                        (c)                                 
                          1    2    3      4   5                        1   2   3   4   5
                          2    4    1      5   3                        3   5   1   4   2

          (b)                                        (d)                                 
                          1    2    3      4   5                        1   2   3   4   5
                          4    2    5      1   3                        1   4   3   2   5


     2. Compute each of the following.

          (a) (1345)(234)                               (i) (123)(45)(1254)−2
          (b) (12)(1253)                                (j) (1254)100
          (c) (143)(23)(24)                            (k) |(1254)|
          (d) (1423)(34)(56)(1324)                      (l) |(1254)2 |
          (e) (1254)(13)(25)                           (m) (12)−1
           (f) (1254)(13)(25)2                         (n) (12537)−1
          (g) (1254)−1 (123)(45)(1254)                 (o) [(12)(34)(12)(47)]−1
          (h) (1254)2 (123)(45)                        (p) [(1235)(467)]−1

     3. Express the following permutations as products of transpositions and identify
        them as even or odd.

          (a) (14356)                                  (d) (17254)(1423)(154632)
          (b) (156)(234)
          (c) (1426)(142)                              (e) (142637)

     4. Find (a1 , a2 , . . . , an )−1 .
     5. List all of the subgroups of S4 . Find each of the following sets.
          (a) {σ ∈ S4 : σ(1) = 3}
          (b) {σ ∈ S4 : σ(2) = 2}
          (c) {σ ∈ S4 : σ(1) = 3 and σ(2) = 2}
        Are any of these sets subgroups of S4 ?
     6. Find all of the subgroups in A4 . What is the order of each subgroup?
     7. Find all possible orders of elements in S7 and A7 .
     8. Show that A10 contains an element of order 15.
     9. Does A8 contain an element of order 26?
 10. Find an element of largest order in Sn for n = 3, . . . , 10.
EXERCISES                                                                         91

 11. What are the possible cycle structures of elements of A5 ? What about A6 ?
 12. Let σ ∈ Sn have order n. Show that for all integers i and j, σ i = σ j if and
     only if i ≡ j (mod n).
 13. Let σ = σ1 · · · σm ∈ Sn be the product of disjoint cycles. Prove that the order
     of σ is the least common multiple of the lengths of the cycles σ1 , . . . , σm .
 14. Using cycle notation, list the elements in D5 . What are r and s? Write every
     element as a product of r and s.
 15. If the diagonals of a cube are labeled as Figure 5.5, to which motion of
     the cube does the permutation (12)(34) correspond? What about the other
     permutations of the diagonals?
 16. Find the group of rigid motions of a tetrahedron. Show that this is the same
     group as A4 .
 17. Prove that Sn is nonabelian for n ≥ 3.
 18. Show that An is nonabelian for n ≥ 4.
 19. Prove that Dn is nonabelian for n ≥ 3.
 20. Let σ ∈ Sn . Prove that σ can be written as the product of at most n − 1
     transpositions.
 21. Let σ ∈ Sn . If σ is not a cycle, prove that σ can be written as the product of
     at most n − 2 transpositions.
 22. If σ can be expressed as an odd number of transpositions, show that any
     other product of transpositions equaling σ must also be odd.
 23. If σ is a cycle of odd length, prove that σ 2 is also a cycle.
 24. Show that a 3-cycle is an even permutation.
 25. Prove that in An with n ≥ 3, any permutation is a product of cycles of
     length 3.
 26. Prove that any element in Sn can be written as a finite product of the following
     permutations.
      (a) (12), (13), . . . , (1n)
      (b) (12), (23), . . . , (n − 1, n)
       (c) (12), (12 . . . n)
 27. Let G be a group and define a map λg : G → G by λg (a) = ga. Prove that
     λg is a permutation of G.
 28. Prove that there exist n! permutations of a set containing n elements.
92                                     CHAPTER 5            PERMUTATION GROUPS

 29. Recall that the center of a group G is

                          Z(G) = {g ∈ G : gx = xg for all x ∈ G}.

     Find the center of D8 . What about the center of D10 ? What is the center of
     Dn ?
 30. Let τ = (a1 , a2 , . . . , ak ) be a cycle of length k.
       (a) Prove that if σ is any permutation, then

                                  στ σ −1 = (σ(a1 ), σ(a2 ), . . . , σ(ak ))

            is a cycle of length k.
       (b) Let µ be a cycle of length k. Prove that there is a permutation σ such
           that στ σ −1 = µ.
 31. For α and β in Sn , define α ∼ β if there exists an σ ∈ Sn such that σασ −1 = β.
     Show that ∼ is an equivalence relation on Sn .
 32. Let σ ∈ SX . If σ n (x) = y, we will say that x ∼ y.
       (a) Show that ∼ is an equivalence relation on X.
       (b) If σ ∈ An and τ ∈ Sn , show that τ −1 στ ∈ An .
       (c) Define the orbit of x ∈ X under σ ∈ SX to be the set

                                          Ox,σ = {y : x ∼ y}.

            Compute the orbits of α, β, γ where

                                              α = (1254)
                                              β = (123)(45)
                                              γ = (13)(25).

       (d) If Ox,σ ∩ Oy,σ =
                          6 ∅, prove that Ox,σ = Oy,σ . The orbits under a permu-
           tation σ are the equivalence classes corresponding to the equivalence
           relation ∼.
       (e) A subgroup H of SX is transitive if for every x, y ∈ X, there exists
           a σ ∈ H such that σ(x) = y. Prove that hσi is transitive if and only if
           Ox,σ = X for some x ∈ X.
 33. Let α ∈ Sn for n ≥ 3. If αβ = βα for all β ∈ Sn , prove that α must be the
     identity permutation; hence, the center of Sn is the trivial subgroup.
 34. If α is even, prove that α−1 is also even. Does a corresponding result hold if
     α is odd?
 35. Show that α−1 β −1 αβ is even for α, β ∈ Sn .
EXERCISES                                                           93

 36. Let r and s be the elements in Dn described in Theorem 5.10.
      (a) Show that srs = r−1 .
      (b) Show that rk s = sr−k in Dn .
      (c) Prove that the order of rk ∈ Dn is n/ gcd(k, n).

Sage A permutation group is a very concrete representation of a group,
and Sage support for permutations groups is very good — making Sage a
natural place for beginners to learn about group theory.
                                       6
         Cosets and Lagrange’s
               Theorem


Lagrange’s Theorem, one of the most important results in finite group theory,
states that the order of a subgroup must divide the order of the group. This
theorem provides a powerful tool for analyzing finite groups; it gives us an
idea of exactly what type of subgroups we might expect a finite group to
possess. Central to understanding Lagranges’s Theorem is the notion of a
coset.


6.1     Cosets
Let G be a group and H a subgroup of G. Define a left coset of H with
representative g ∈ G to be the set
                              gH = {gh : h ∈ H}.
Right cosets can be defined similarly by
                              Hg = {hg : h ∈ H}.
If left and right cosets coincide or if it is clear from the context to which type
of coset that we are referring, we will use the word coset without specifying
left or right.

Example 1. Let H be the subgroup of Z6 consisting of the elements 0 and
3. The cosets are
                            0 + H = 3 + H = {0, 3}
                            1 + H = 4 + H = {1, 4}
                           2 + H = 5 + H = {2, 5}.

                                       94
6.1   COSETS                                                                  95

We will always write the cosets of subgroups of Z and Zn with the additive
notation we have used for cosets here. In a commutative group, left and
right cosets are always identical.                                      

Example 2. Let H be the subgroup of S3 defined by the permutations
{(1), (123), (132)}. The left cosets of H are

               (1)H = (123)H = (132)H = {(1), (123), (132)}
                (12)H = (13)H = (23)H = {(12), (13), (23)}.

The right cosets of H are exactly the same as the left cosets:

               H(1) = H(123) = H(132) = {(1), (123), (132)}
                H(12) = H(13) = H(23) = {(12), (13), (23)}.

    It is not always the case that a left coset is the same as a right coset. Let
K be the subgroup of S3 defined by the permutations {(1), (12)}. Then the
left cosets of K are

                          (1)K = (12)K = {(1), (12)}
                        (13)K = (123)K = {(13), (123)}
                        (23)K = (132)K = {(23), (132)};

however, the right cosets of K are

                          K(1) = K(12) = {(1), (12)}
                        K(13) = K(132) = {(13), (132)}
                        K(23) = K(123) = {(23), (123)}.

                                                                               
    The following lemma is quite useful when dealing with cosets. (We leave
its proof as an exercise.)

Lemma 6.1 Let H be a subgroup of a group G and suppose that g1 , g2 ∈ G.
The following conditions are equivalent.

   1. g1 H = g2 H;

   2. Hg1−1 = Hg2−1 ;

   3. g1 H ⊆ g2 H;
96                   CHAPTER 6    COSETS AND LAGRANGE’S THEOREM

     4. g2 ∈ g1 H;
     5. g1−1 g2 ∈ H.

   In all of our examples the cosets of a subgroup H partition the larger
group G. The following theorem proclaims that this will always be the case.

Theorem 6.2 Let H be a subgroup of a group G. Then the left cosets of H
in G partition G. That is, the group G is the disjoint union of the left cosets
of H in G.

Proof. Let g1 H and g2 H be two cosets of H in G. We must show that
either g1 H ∩ g2 H = ∅ or g1 H = g2 H. Suppose that g1 H ∩ g2 H 6= ∅ and
a ∈ g1 H ∩ g2 H. Then by the definition of a left coset, a = g1 h1 = g2 h2
for some elements h1 and h2 in H. Hence, g1 = g2 h2 h−1
                                                      1 or g1 ∈ g2 H. By
Lemma 6.1, g1 H = g2 H.                                                 
Remark. There is nothing special in this theorem about left cosets. Right
cosets also partition G; the proof of this fact is exactly the same as the proof
for left cosets except that all group multiplications are done on the opposite
side of H.
    Let G be a group and H be a subgroup of G. Define the index of H
in G to be the number of left cosets of H in G. We will denote the index
by [G : H].

Example 3. Let G = Z6 and H = {0, 3}. Then [G : H] = 3.                       

Example 4. Suppose that G = S3 , H = {(1), (123), (132)}, and K =
{(1), (12)}. Then [G : H] = 2 and [G : K] = 3.                  

Theorem 6.3 Let H be a subgroup of a group G. The number of left cosets
of H in G is the same as the number of right cosets of H in G.

Proof. Let LH and RH denote the set of left and right cosets of H in
G, respectively. If we can define a bijective map φ : LH → RH , then the
theorem will be proved. If gH ∈ LH , let φ(gH) = Hg −1 . By Lemma 6.1,
the map φ is well-defined; that is, if g1 H = g2 H, then Hg1−1 = Hg2−1 . To
show that φ is one-to-one, suppose that
                       Hg1−1 = φ(g1 H) = φ(g2 H) = Hg2−1 .
Again by Lemma 6.1, g1 H = g2 H. The map φ is onto since φ(g −1 H) = Hg.
                                                                      
6.2   LAGRANGE’S THEOREM                                                  97

6.2    Lagrange’s Theorem
Proposition 6.4 Let H be a subgroup of G with g ∈ G and define a map
φ : H → gH by φ(h) = gh. The map φ is bijective; hence, the number of
elements in H is the same as the number of elements in gH.

Proof. We first show that the map φ is one-to-one. Suppose that φ(h1 ) =
φ(h2 ) for elements h1 , h2 ∈ H. We must show that h1 = h2 , but φ(h1 ) = gh1
and φ(h2 ) = gh2 . So gh1 = gh2 , and by left cancellation h1 = h2 . To show
that φ is onto is easy. By definition every element of gH is of the form gh
for some h ∈ H and φ(h) = gh.                                              

Theorem 6.5 (Lagrange) Let G be a finite group and let H be a subgroup
of G. Then |G|/|H| = [G : H] is the number of distinct left cosets of H in
G. In particular, the number of elements in H must divide the number of
elements in G.

Proof. The group G is partitioned into [G : H] distinct left cosets. Each
left coset has |H| elements; therefore, |G| = [G : H]|H|.               

Corollary 6.6 Suppose that G is a finite group and g ∈ G. Then the order
of g must divide the number of elements in G.

Corollary 6.7 Let |G| = p with p a prime number. Then G is cyclic and
any g ∈ G such that g 6= e is a generator.

Proof. Let g be in G such that g = 6 e. Then by Corollary 6.6, the order of
g must divide the order of the group. Since |hgi| > 1, it must be p. Hence, g
generates G.                                                               
    Corollary 6.7 suggests that groups of prime order p must somehow look
like Zp .

Corollary 6.8 Let H and K be subgroups of a finite group G such that
G ⊃ H ⊃ K. Then
                     [G : K] = [G : H][H : K].

Proof. Observe that
                           |G|   |G| |H|
               [G : K] =       =    ·    = [G : H][H : K].
                           |K|   |H| |K|
                                                                           
98              CHAPTER 6         COSETS AND LAGRANGE’S THEOREM

    The converse of Lagrange’s Theorem is false. The group A4 has order
12; however, it can be shown that it does not possess a subgroup of order
6. According to Lagrange’s Theorem, subgroups of a group of order 12 can
have orders of either 1, 2, 3, 4, or 6. However, we are not guaranteed that
subgroups of every possible order exist. To prove that A4 has no subgroup
of order 6, we will assume that it does have such a subgroup H and show
that a contradiction must occur. Since A4 contains eight 3-cycles, we know
that H must contain a 3-cycle. We will show that if H contains one 3-cycle,
then it must contain more than 6 elements.
Proposition 6.9 The group A4 has no subgroup of order 6.
Proof. Since [A4 : H] = 2, there are only two cosets of H in A4 . Inasmuch
as one of the cosets is H itself, right and left cosets must coincide; therefore,
gH = Hg or gHg −1 = H for every g ∈ A4 . Since there are eight 3-cycles in
A4 , at least one 3-cycle must be in H. Without loss of generality, assume that
(123) is in H. Then (123)−1 = (132) must also be in H. Since ghg −1 ∈ H
for all g ∈ A4 and all h ∈ H and
                (124)(123)(124)−1 = (124)(123)(142) = (243)
                (243)(123)(243)−1 = (243)(123)(234) = (142)
we can conclude that H must have at least seven elements
       (1), (123), (132), (243), (243)−1 = (234), (142), (142)−1 = (124).
Therefore, A4 has no subgroup of order 6.                                     
     In fact, we can say more about when two cycles have the same length.
Theorem 6.10 Two cycles τ and µ in Sn have the same length if and only
if there exists a σ ∈ Sn such that µ = στ σ −1 .
Proof. Suppose that
                              τ = (a1 , a2 , . . . , ak )
                              µ = (b1 , b2 , . . . , bk ).
Define σ to be the permutation
                                   σ(a1 ) = b1
                                   σ(a2 ) = b2
                                         ..
                                          .
                                   σ(ak ) = bk .
6.3   FERMAT’S AND EULER’S THEOREMS                                              99

Then µ = στ σ −1 .
   Conversely, suppose that τ = (a1 , a2 , . . . , ak ) is a k-cycle and σ ∈ Sn . If
σ(ai ) = b and σ(a(i mod k)+1 ) = b0 , then µ(b) = b0 . Hence,

                         µ = (σ(a1 ), σ(a2 ), . . . , σ(ak )).

Since σ is one-to-one and onto, µ is a cycle of the same length as τ .            


6.3     Fermat’s and Euler’s Theorems
The Euler φ-function is the map φ : N → N defined by φ(n) = 1 for n = 1,
and, for n > 1, φ(n) is the number of positive integers m with 1 ≤ m < n
and gcd(m, n) = 1.
    From Proposition 3.1, we know that the order of U (n), the group of units
in Zn , is φ(n). For example, |U (12)| = φ(12) = 4 since the numbers that are
relatively prime to 12 are 1, 5, 7, and 11. For any prime p, φ(p) = p − 1. We
state these results in the following theorem.

Theorem 6.11 Let U (n) be the group of units in Zn . Then |U (n)| = φ(n).

   The following theorem is an important result in number theory, due to
Leonhard Euler.

Theorem 6.12 (Euler’s Theorem) Let a and n be integers such that n >
0 and gcd(a, n) = 1. Then aφ(n) ≡ 1 (mod n).

Proof. By Theorem 6.11 the order of U (n) is φ(n). Consequently, aφ(n) = 1
for all a ∈ U (n); or aφ(n) − 1 is divisible by n. Therefore, aφ(n) ≡ 1 (mod n).
                                                                             
   If we consider the special case of Euler’s Theorem in which n = p is prime
and recall that φ(p) = p − 1, we obtain the following result, due to Pierre de
Fermat.

Theorem 6.13 (Fermat’s Little Theorem) Let p be any prime number
and suppose that p6 |a. Then

                               ap−1 ≡ 1     (mod p).

Furthermore, for any integer b, bp ≡ b (mod p).
100              CHAPTER 6         COSETS AND LAGRANGE’S THEOREM

                                Historical Note

Joseph-Louis Lagrange (1736–1813), born in Turin, Italy, was of French and Italian
descent. His talent for mathematics became apparent at an early age. Leonhard Euler
recognized Lagrange’s abilities when Lagrange, who was only 19, communicated to
Euler some work that he had done in the calculus of variations. That year he was
also named a professor at the Royal Artillery School in Turin. At the age of 23 he
joined the Berlin Academy. Frederick the Great had written to Lagrange proclaiming
that the “greatest king in Europe” should have the “greatest mathematician in
Europe” at his court. For 20 years Lagrange held the position vacated by his mentor,
Euler. His works include contributions to number theory, group theory, physics
and mechanics, the calculus of variations, the theory of equations, and differential
equations. Along with Laplace and Lavoisier, Lagrange was one of the people
responsible for designing the metric system. During his life Lagrange profoundly
influenced the development of mathematics, leaving much to the next generation of
mathematicians in the form of examples and new problems to be solved.


Exercises
   1. Suppose that G is a finite group with an element g of order 5 and an element
      h of order 7. Why must |G| ≥ 35?
   2. Suppose that G is a finite group with 60 elements. What are the orders of
      possible subgroups of G?
   3. Prove or disprove: Every subgroup of the integers has finite index.
   4. Prove or disprove: Every subgroup of the integers has finite order.
   5. List the left and right cosets of the subgroups in each of the following.

       (a) h8i in Z24                           (e) An in Sn
       (b) h3i in U (8)                         (f) D4 in S4
       (c) 3Z in Z                              (g) T in C∗
       (d) A4 in S4                            (h) H = {(1), (123), (132)} in S4

   6. Describe the left cosets of SL2 (R) in GL2 (R). What is the index of SL2 (R)
      in GL2 (R)?
   7. Verify Euler’s Theorem for n = 15 and a = 4.
   8. Use Fermat’s Little Theorem to show that if p = 4n + 3 is prime, there is no
      solution to the equation x2 ≡ −1 (mod p).
EXERCISES                                                                                   101

  9. Show that the integers have infinite index in the additive group of rational
     numbers.
 10. Show that the additive group of real numbers has infinite index in the additive
     group of the complex numbers.
 11. Let H be a subgroup of a group G and suppose that g1 , g2 ∈ G. Prove that
     the following conditions are equivalent.
       (a) g1 H = g2 H
       (b) Hg1−1 = Hg2−1
       (c) g1 H ⊆ g2 H
       (d) g2 ∈ g1 H
       (e) g1−1 g2 ∈ H
 12. If ghg −1 ∈ H for all g ∈ G and h ∈ H, show that right cosets are identical to
     left cosets. That is, show that gH = Hg for all g ∈ G.
 13. What fails in the proof of Theorem 6.3 if φ : LH → RH is defined by
     φ(gH) = Hg?
 14. Suppose that g n = e. Show that the order of g divides n.
 15. Modify the proof of Theorem 6.10 to show that any two permutations α, β ∈ Sn
     have the same cycle structure if and only if there exists a permutation γ
     such that β = γαγ −1 . If β = γαγ −1 for some γ ∈ Sn , then α and β are
     conjugate.
 16. If |G| = 2n, prove that the number of elements of order 2 is odd. Use this
     result to show that G must contain a subgroup of order 2.
 17. Suppose that [G : H] = 2. If a and b are not in H, show that ab ∈ H.
 18. If [G : H] = 2, prove that gH = Hg.
 19. Let H and K be subgroups of a group G. Prove that gH ∩ gK is a coset of
     H ∩ K in G.
 20. Let H and K be subgroups of a group G. Define a relation ∼ on G by a ∼ b
     if there exists an h ∈ H and a k ∈ K such that hak = b. Show that this
     relation is an equivalence relation. The corresponding equivalence classes are
     called double cosets. Compute the double cosets of H = {(1), (123), (132)}
     in A4 .
 21. Let G be a cyclic group of order n. Show that there are exactly φ(n) generators
     for G.
 22. Let n = pe11 pe22 · · · pekk , where p1 , p2 , . . . , pk are distinct primes. Prove that
                                                                          
                                             1                1              1
                         φ(n) = n 1 −                  1−          ··· 1 −       .
                                            p1                p2            pk
102              CHAPTER 6           COSETS AND LAGRANGE’S THEOREM

 23. Show that                              X
                                       n=         φ(d)
                                            d|n

      for all positive integers n.

Sage Sage can create all the subgroups of a group, so long as the group is
not too large. It can also create the cosets of a subgroup.
                                       7
                   Introduction to
                    Cryptography



Cryptography is the study of sending and receiving secret messages. The aim
of cryptography is to send messages across a channel so only the intended
recipient of the message can read it. In addition, when a message is received,
the recipient usually requires some assurance that the message is authentic;
that is, that it has not been sent by someone who is trying to deceive the
recipient. Modern cryptography is heavily dependent on abstract algebra
and number theory.
    The message to be sent is called the plaintext message. The disguised
message is called the ciphertext. The plaintext and the ciphertext are both
written in an alphabet, consisting of letters or characters. Characters can
include not only the familiar alphabetic characters A, . . ., Z and a, . . ., z but
also digits, punctuation marks, and blanks. A cryptosystem, or cipher,
has two parts: encryption, the process of transforming a plaintext message
to a ciphertext message, and decryption, the reverse transformation of
changing a ciphertext message into a plaintext message.
    There are many different families of cryptosystems, each distinguished by
a particular encryption algorithm. Cryptosystems in a specified cryptographic
family are distinguished from one another by a parameter to the encryption
function called a key . A classical cryptosystem has a single key, which must
be kept secret, known only to the sender and the receiver of the message. If
person A wishes to send secret messages to two different people B and C,
and does not wish to have B understand C’s messages or vice versa, A must
use two separate keys, so one cryptosystem is used for exchanging messages
with B, and another is used for exchanging messages with C.
    Systems that use two separate keys, one for encoding and another for
decoding, are called public key cryptosystems. Since knowledge of the

                                       103
104             CHAPTER 7        INTRODUCTION TO CRYPTOGRAPHY

encoding key does not allow anyone to guess at the decoding key, the encoding
key can be made public. A public key cryptosystem allows A and B to send
messages to C using the same encoding key. Anyone is capable of encoding
a message to be sent to C, but only C knows how to decode such a message.


7.1     Private Key Cryptography
In single or private key cryptosystems the same key is used for both
encrypting and decrypting messages. To encrypt a plaintext message, we
apply to the message some function which is kept secret, say f . This function
will yield an encrypted message. Given the encrypted form of the message,
we can recover the original message by applying the inverse transformation
f −1 . The transformation f must be relatively easy to compute, as must f −1 ;
however, f must be extremely difficult to guess at if only examples of coded
messages are available.

Example 1. One of the first and most famous private key cryptosystems
was the shift code used by Julius Caesar. We first digitize the alphabet by
letting A = 00, B = 01, . . . , Z = 25. The encoding function will be

                            f (p) = p + 3 mod 26;

that is, A 7→ D, B 7→ E, . . . , Z 7→ C. The decoding function is then

                  f −1 (p) = p − 3 mod 26 = p + 23 mod 26.

Suppose we receive the encoded message DOJHEUD. To decode this message,
we first digitize it:
                             3, 14, 9, 7, 4, 20, 3.
Next we apply the inverse transformation to get

                              0, 11, 6, 4, 1, 17, 0,

or ALGEBRA. Notice here that there is nothing special about either of the
numbers 3 or 26. We could have used a larger alphabet or a different shift.
                                                                        
   Cryptanalysis is concerned with deciphering a received or intercepted
message. Methods from probability and statistics are great aids in deciphering
7.1   PRIVATE KEY CRYPTOGRAPHY                                           105

an intercepted message; for example, the frequency analysis of the characters
appearing in the intercepted message often makes its decryption possible.

Example 2. Suppose we receive a message that we know was encrypted by
using a shift transformation on single letters of the 26-letter alphabet. To
find out exactly what the shift transformation was, we must compute b in
the equation f (p) = p + b mod 26. We can do this using frequency analysis.
The letter E = 04 is the most commonly occurring letter in the English
language. Suppose that S = 18 is the most commonly occurring letter in the
ciphertext. Then we have good reason to suspect that 18 = 4 + b mod 26, or
b = 14. Therefore, the most likely encrypting function is

                           f (p) = p + 14 mod 26.

The corresponding decrypting function is

                         f −1 (p) = p + 12 mod 26.

It is now easy to determine whether or not our guess is correct.           
    Simple shift codes are examples of monoalphabetic cryptosystems.
In these ciphers a character in the enciphered message represents exactly
one character in the original message. Such cryptosystems are not very
sophisticated and are quite easy to break. In fact, in a simple shift as
described in Example 1, there are only 26 possible keys. It would be quite
easy to try them all rather than to use frequency analysis.
    Let us investigate a slightly more sophisticated cryptosystem. Suppose
that the encoding function is given by

                           f (p) = ap + b mod 26.

We first need to find out when a decoding function f −1 exists. Such a
decoding function exists when we can solve the equation

                             c = ap + b mod 26

for p. By Proposition 3.1, this is possible exactly when a has an inverse or,
equivalently, when gcd(a, 26) = 1. In this case

                      f −1 (p) = a−1 p − a−1 b mod 26.

Such a cryptosystem is called an affine cryptosystem.

Example 3. Let us consider the affine cryptosystem f (p) = ap + b mod 26.
For this cryptosystem to work we must choose an a ∈ Z26 that is invertible.
106              CHAPTER 7         INTRODUCTION TO CRYPTOGRAPHY

This is only possible if gcd(a, 26) = 1. Recognizing this fact, we will let a = 5
since gcd(5, 26) = 1. It is easy to see that a−1 = 21. Therefore, we can take
our encryption function to be f (p) = 5p + 3 mod 26. Thus, ALGEBRA is
encoded as 3, 6, 7, 23, 8, 10, 3, or DGHXIKD. The decryption function will be
              f −1 (p) = 21p − 21 · 3 mod 26 = 21p + 15 mod 26.
                                                                               
    A cryptosystem would be more secure if a ciphertext letter could rep-
resent more than one plaintext letter. To give an example of this type of
cryptosystem, called a polyalphabetic cryptosystem, we will generalize
affine codes by using matrices. The idea works roughly the same as before;
however, instead of encrypting one letter at a time we will encrypt pairs of
letters. We can store a pair of letters p1 and p2 in a vector
                                       
                                        p1
                                  p=        .
                                        p2
Let A be a 2 × 2 invertible matrix with entries in Z26 . We can define an
encoding function by
                             f (p) = Ap + b,
where b is a fixed column vector and matrix operations are performed in
Z26 . The decoding function must be
                           f −1 (p) = A−1 p − A−1 b.

Example 4. Suppose that we wish to encode the word HELP. The corre-
sponding digit string is 7, 4, 11, 15. If
                                             
                                          3 5
                                  A=            ,
                                          1 2
then                                           
                                  −1       2 21
                              A        =          .
                                           25 3
If b = (2, 2)t , then our message is encrypted as RRCR. The encrypted letter
R represents more than one plaintext letter.                              
    Frequency analysis can still be performed on a polyalphabetic cryptosys-
tem, because we have a good understanding of how pairs of letters appear
in the English language. The pair th appears quite often; the pair qz never
appears. To avoid decryption by a third party, we must use a larger matrix
than the one we used in Example 4.
7.2   PUBLIC KEY CRYPTOGRAPHY                                              107

7.2     Public Key Cryptography
If traditional cryptosystems are used, anyone who knows enough to encode a
message will also know enough to decode an intercepted message. In 1976,
W. Diffie and M. Hellman proposed public key cryptography, which is based
on the observation that the encryption and decryption procedures need not
have the same key. This removes the requirement that the encoding key be
kept secret. The encoding function f must be relatively easy to compute,
but f −1 must be extremely difficult to compute without some additional
information, so that someone who knows only the encrypting key cannot
find the decrypting key without prohibitive computation. It is interesting
to note that to date, no system has been proposed that has been proven to
be “one-way;” that is, for any existing public key cryptosystem, it has never
been shown to be computationally prohibitive to decode messages with only
knowledge of the encoding key.

The RSA Cryptosystem
The RSA cryptosystem introduced by R. Rivest, A. Shamir, and L. Adleman
in 1978, is based on the difficulty of factoring large numbers. Though it is not
a difficult task to find two large random primes and multiply them together,
factoring a 150-digit number that is the product of two large primes would
take 100 million computers operating at 10 million instructions per second
about 50 million years under the fastest algorithms currently known.
     The RSA cryptosystem works as follows. Suppose that we choose two
random 150-digit prime numbers p and q. Next, we compute the product
n = pq and also compute φ(n) = m = (p − 1)(q − 1), where φ is the Euler
φ-function. Now we start choosing random integers E until we find one that
is relatively prime to m; that is, we choose E such that gcd(E, m) = 1. Using
the Euclidean algorithm, we can find a number D such that DE ≡ 1 (mod m).
The numbers n and E are now made public.
     Suppose now that person B (Bob) wishes to send person A (Alice) a
message over a public line. Since E and n are known to everyone, anyone can
encode messages. Bob first digitizes the message according to some scheme,
say A = 00, B = 02, . . . , Z = 25. If necessary, he will break the message into
pieces such that each piece is a positive integer less than n. Suppose x is one
of the pieces. Bob forms the number y = xE mod n and sends y to Alice.
108             CHAPTER 7        INTRODUCTION TO CRYPTOGRAPHY

For Alice to recover x, she need only compute x = y D mod n. Only Alice
knows D.

Example 5. Before exploring the theory behind the RSA cryptosystem
or attempting to use large integers, we will use some small integers just to
see that the system does indeed work. Suppose that we wish to send some
message, which when digitized is 25. Let p = 23 and q = 29. Then

                                n = pq = 667

and
                     φ(n) = m = (p − 1)(q − 1) = 616.
We can let E = 487, since gcd(616, 487) = 1. The encoded message is
computed to be
                        25487 mod 667 = 169.
This computation can be reasonably done by using the method of repeated
squares as described in Chapter 4. Using the Euclidean algorithm, we
determine that 191E = 1 + 151m; therefore, the decrypting key is (n, D) =
(667, 191). We can recover the original message by calculating

                            169191 mod 667 = 25.

                                                                            
  Now let us examine why the RSA cryptosystem works. We know that
DE ≡ 1 (mod m); hence, there exists a k such that

                         DE = km + 1 = kφ(n) + 1.

There are two cases to consider. In the first case assume that gcd(x, n) = 1.
Then by Theorem 6.12,

       y D = (xE )D = xDE = xkm+1 = (xφ(n) )k x = (1)k x = x mod n.

So we see that Alice recovers the original message x when she computes
y D mod n.
    For the other case, assume that gcd(x, n) 6= 1. Since n = pq and x < n,
we know x is a multiple of p or a multiple of q, but not both. We will describe
the first possibility only, since the second is entirely similar. There is then
an integer r, with r < q and x = rp. Note that we have gcd(x, q) = 1 and
7.2    PUBLIC KEY CRYPTOGRAPHY                                                 109

that m = φ(n) = (p − 1)(q − 1) = φ(p)φ(q). Then, using Theorem 6.12, but
now mod q,

             xkm = xkφ(p)φ(q) = (xφ(q) )kφ(p) = (1)kφ(p) = 1 mod q.

So there is an integer t such that xkm = 1 + tq. Thus, Alice also recovers the
message in this case,

      y D = xkm+1 = xkm x = (1 + tq)x = x + tq(rp) = x + trn = x mod n.

    We can now ask how one would go about breaking the RSA cryptosystem.
To find D given n and E, we simply need to factor n and solve for D by using
the Euclidean algorithm. If we had known that 667 = 23 · 29 in Example 5,
we could have recovered D.

Message Verification
There is a problem of message verification in public key cryptosystems. Since
the encoding key is public knowledge, anyone has the ability to send an
encoded message. If Alice receives a message from Bob, she would like to
be able to verify that it was Bob who actually sent the message. Suppose
that Bob’s encrypting key is (n0 , E 0 ) and his decrypting key is (n0 , D0 ). Also,
suppose that Alice’s encrypting key is (n, E) and her decrypting key is
(n, D). Since encryption keys are public information, they can exchange
coded messages at their convenience. Bob wishes to assure Alice that the
message he is sending is authentic. Before Bob sends the message x to Alice,
he decrypts x with his own key:
                                         0
                                x0 = xD mod n0 .

Anyone can change x0 back to x just by encryption, but only Bob has the
ability to form x0 . Now Bob encrypts x0 with Alice’s encryption key to form
                                        E
                                 y 0 = x0 mod n,

a message that only Alice can decode. Alice decodes the message and then
encodes the result with Bob’s key to read the original message, a message
that could have only been sent by Bob.

                                Historical Note
Encrypting secret messages goes as far back as ancient Greece and Rome. As we
know, Julius Caesar used a simple shift code to send and receive messages. However,
110              CHAPTER 7         INTRODUCTION TO CRYPTOGRAPHY

the formal study of encoding and decoding messages probably began with the Arabs
in the 1400s. In the fifteenth and sixteenth centuries mathematicians such as Alberti
and Viete discovered that monoalphabetic cryptosystems offered no real security.
In the 1800s, F. W. Kasiski established methods for breaking ciphers in which
a ciphertext letter can represent more than one plaintext letter, if the same key
was used several times. This discovery led to the use of cryptosystems with keys
that were used only a single time. Cryptography was placed on firm mathematical
foundations by such people as W. Friedman and L. Hill in the early part of the
twentieth century.
    During World War II mathematicians were very active in cryptography. Efforts
to penetrate the cryptosystems of the Axis nations were organized in England and in
the United States by such notable mathematicians as Alan Turing and A. A. Albert.
The period after World War I saw the development of special-purpose machines for
encrypting and decrypting messages. The Allies gained a tremendous advantage in
World War II by breaking the ciphers produced by the German Enigma machine
and the Japanese Purple ciphers.
    By the 1970s, interest in commercial cryptography had begun to take hold.
There was a growing need to protect banking transactions, computer data, and
electronic mail. In the early 1970s, IBM developed and implemented LUZIFER, the
forerunner of the National Bureau of Standards’ Data Encryption Standard (DES).
    The concept of a public key cryptosystem, due to Diffie and Hellman, is very
recent (1976). It was further developed by Rivest, Shamir, and Adleman with the
RSA cryptosystem (1978). It is not known how secure any of these systems are.
The trapdoor knapsack cryptosystem, developed by Merkle and Hellman, has been
broken. It is still an open question whether or not the RSA system can be broken.
At the time of the writing of this book, the largest number factored is 135 digits
long, and at the present moment a code is considered secure if the key is about
400 digits long and is the product of two 200-digit primes. There has been a great
deal of controversy about research in cryptography in recent times: the National
Security Agency would like to keep information about cryptography secret, whereas
the academic community has fought for the right to publish basic research.
    Modern cryptography has come a long way since 1929, when Henry Stimson,
Secretary of State under Herbert Hoover, dismissed the Black Chamber (the State
Department’s cryptography division) in 1929 on the ethical grounds that “gentlemen
do not read each other’s mail.”


Exercises
   1. Encode IXLOVEXMATH using the cryptosystem in Example 1.
   2. Decode ZLOOA WKLVA EHARQ WKHA ILQDO, which was encoded using
      the cryptosystem in Example 1.
   3. Assuming that monoalphabetic code was used to encode the following secret
      message, what was the original message?
EXERCISES                                                                         111

     NBQFRSMXZF YAWJUFHWFF ESKGQCFWDQ AFNBQFTILO FCWP
  4. What is the total number of possible monoalphabetic cryptosystems? How
     secure are such cryptosystems?
  5. Prove that a 2 × 2 matrix A with entries in Z26 is invertible if and only if
     gcd(det(A), 26) = 1.
  6. Given the matrix                               
                                               3    4
                                      A=               ,
                                               2    3
     use the encryption function f (p) = Ap + b to encode the message CRYP-
     TOLOGY, where b = (2, 5)t . What is the decoding function?
  7. Encrypt each of the following RSA messages x so that x is divided into blocks
     of integers of length 2; that is, if x = 142528, encode 14, 25, and 28 separately.
      (a) n = 3551, E = 629, x = 31
      (b) n = 2257, E = 47, x = 23
      (c) n = 120979, E = 13251, x = 142371
      (d) n = 45629, E = 781, x = 231561
  8. Compute the decoding key D for each of the encoding keys in Exercise 7.
  9. Decrypt each of the following RSA messages y.
      (a) n = 3551, D = 1997, y = 2791
      (b) n = 5893, D = 81, y = 34
      (c) n = 120979, D = 27331, y = 112135
      (d) n = 79403, D = 671, y = 129381
 10. For each of the following encryption keys (n, E) in the RSA cryptosystem,
     compute D.
      (a) (n, E) = (451, 231)
      (b) (n, E) = (3053, 1921)
      (c) (n, E) = (37986733, 12371)
      (d) (n, E) = (16394854313, 34578451)
 11. Encrypted messages are often divided into blocks of n letters. A message such
     as THE WORLD WONDERS WHY might be encrypted as JIW OCFRJ
     LPOEVYQ IOC but sent as JIW OCF RJL POE VYQ IOC. What are the
     advantages of using blocks of n letters?
 12. Find integers n, E, and X such that

                                   XE ≡ X          (mod n).

     Is this a potential problem in the RSA cryptosystem?
112              CHAPTER 7        INTRODUCTION TO CRYPTOGRAPHY

  13. Every person in the class should construct an RSA cryptosystem using primes
      that are 10 to 15 digits long. Hand in (n, E) and an encoded message. Keep
      D secret. See if you can break one another’s codes.

Additional Exercises: Primality and Factoring
In the RSA cryptosystem it is important to be able to find large prime numbers
easily. Also, this cryptosystem is not secure if we can factor a composite number
that is the product of two large primes. The solutions to both of these problems
are quite easy. To find out if a number n is prime
                                                 √ or to factor n, we can use trial
division. We simply divide n by d = 2, 3, . . . , n. Either a factorization will be
obtained, or n is prime if no d divides n. The problem is that such a computation
is prohibitively time-consuming if n is very large.
   1. A better algorithm for factoring odd positive integers is Fermat’s factor-
      ization algorithm.
       (a) Let n = ab be an odd composite number. Prove that n can be written
           as the difference of two perfect squares:

                                n = x2 − y 2 = (x − y)(x + y).

           Consequently, a positive odd integer can be factored exactly when we
           can find integers x and y such that n = x2 − y 2 .
       (b) Write a program to implement the following factorization algorithm
           based on the observation in part (a).
                     √
                x ← d ne
                y←1

           1:   while x2 − y 2 > n do
                    y ←y+1

                if x2 − y 2 < n then
                    x←x+1
                    y←1
                    goto 1
                else if x2 − y 2 = 0 then
                    a←x−y
                    b←x+y
                    write n = a ∗ b
                              √
           The expression d n e means the smallest integer greater than or equal
           to the square root of n. Write another program to do factorization
           using trial division and compare the speed of the two algorithms. Which
           algorithm is faster and why?
EXERCISES                                                                    113

  2. Primality Testing. Recall Fermat’s Little Theorem from Chapter 6. Let p
     be prime with gcd(a, p) = 1. Then ap−1 ≡ 1 (mod p). We can use Fermat’s
     Little Theorem as a screening test for primes. For example, 15 cannot be
     prime since
                             215−1 ≡ 214 ≡ 4 (mod 15).
     However, 17 is a potential prime since

                             217−1 ≡ 216 ≡ 1    (mod 17).

    We say that an odd composite number n is a pseudoprime if

                                 2n−1 ≡ 1     (mod n).

    Which of the following numbers are primes and which are pseudoprimes?

      (a) 342                   (c) 601                     (e) 771
      (b) 811                   (d) 561                     (f) 631

  3. Let n be an odd composite number and b be a positive integer such that
     gcd(b, n) = 1. If bn−1 ≡ 1 (mod n), then n is a pseudoprime base b. Show
     that 341 is a pseudoprime base 2 but not a pseudoprime base 3.
  4. Write a program to determine all primes less than 2000 using trial division.
     Write a second program that will determine all numbers less than 2000 that
     are either primes or pseudoprimes. Compare the speed of the two programs.
     How many pseudoprimes are there below 2000?
     There exist composite numbers that are pseudoprimes for all bases to which
     they are relatively prime. These numbers are called Carmichael numbers.
     The first Carmichael number is 561 = 3·11·17. In 1992, Alford, Granville, and
     Pomerance proved that there are an infinite number of Carmichael numbers [4].
     However, Carmichael numbers are very rare. There are only 2163 Carmichael
     numbers less than 25 × 109 . For more sophisticated primality tests, see [1],
     [6], or [7].

References and Suggested Readings
 [1] Bressoud, D. M. Factorization and Primality Testing. Springer-Verlag, New
     York, 1989.
 [2] Diffie, W. and Hellman, M. E. “New Directions in Cryptography,” IEEE
     Trans. Inform. Theory 22 (1976), 644–54.
 [3] Gardner, M. “Mathematical games: A new kind of cipher that would take
     millions of years to break,” Scientific American 237 (1977), 120–24.
 [4] Granville, A. “Primality Testing and Carmichael Numbers,” Notices of the
     American Mathematical Society 39(1992), 696–700.
114             CHAPTER 7       INTRODUCTION TO CRYPTOGRAPHY

  [5] Hellman, M. E. “The Mathematics of Public Key Cryptography,” Scientific
      American 241 (1979), 130–39.
  [6] Koblitz, N. A Course in Number Theory and Cryptography. 2nd ed. Springer,
      New York, 1994.
  [7] Pomerance, C., ed. Cryptology and Computational Number Theory. Proceed-
      ings of Symposia in Applied Mathematics, vol. 42. American Mathematical
      Society, Providence, RI, 1990.
  [8] Rivest, R. L., Shamir, A., and Adleman, L., “A Method for Obtaining
      Signatures and Public-key Cryptosystems,” Comm. ACM 21(1978), 120–26.

Sage With Sage’s excellent implementations of basic number-theory com-
putations, it is easy to work non-trivial examples of RSA and the exercises
about primality and factoring.
                                      8
      Algebraic Coding Theory



Coding theory is an application of algebra that has become increasingly
important over the last several decades. When we transmit data, we are
concerned about sending a message over a channel that could be affected
by “noise.” We wish to be able to encode and decode the information in a
manner that will allow the detection, and possibly the correction, of errors
caused by noise. This situation arises in many areas of communications,
including radio, telephone, television, computer communications, and even
compact disc player technology. Probability, combinatorics, group theory,
linear algebra, and polynomial rings over finite fields all play important roles
in coding theory.


8.1     Error-Detecting and Correcting Codes
Let us examine a simple model of a communications system for transmitting
and receiving coded messages (Figure 8.1).
    Uncoded messages may be composed of letters or characters, but typically
they consist of binary m-tuples. These messages are encoded into codewords,
consisting of binary n-tuples, by a device called an encoder. The message
is transmitted and then decoded. We will consider the occurrence of errors
during transmission. An error occurs if there is a change in one or more
bits in the codeword. A decoding scheme is a method that either converts
an arbitrarily received n-tuple into a meaningful decoded message or gives
an error message for that n-tuple. If the received message is a codeword
(one of the special n-tuples allowed to be transmitted), then the decoded
message must be the unique message that was encoded into the codeword.
For received non-codewords, the decoding scheme will give an error indication,
or, if we are more clever, will actually try to correct the error and reconstruct


                                      115
116                                  CHAPTER 8               ALGEBRAIC CODING THEORY

                                            m-digit message


                                                   Encoder

                                            n-digit code word

                                                Transmitter

                                                     Noise

                                                  Receiver

                                         n-digit received word

                                                   Decoder


                               m-digit received message or error

                     Figure 8.1. Encoding and decoding messages



the original message. Our goal is to transmit error-free messages as cheaply
and quickly as possible.

Example 1. One possible coding scheme would be to send a message several
times and to compare the received copies with one another. Suppose that the
message to be encoded is a binary n-tuple (x1 , x2 , . . . , xn ). The message is
encoded into a binary 3n-tuple by simply repeating the message three times:

         (x1 , x2 , . . . , xn ) 7→ (x1 , x2 , . . . , xn , x1 , x2 , . . . , xn , x1 , x2 , . . . , xn ).

To decode the message, we choose as the ith digit the one that appears in the
ith place in at least two of the three transmissions. For example, if the original
message is (0110), then the transmitted message will be (0110 0110 0110).
If there is a transmission error in the fifth digit, then the received codeword
will be (0110 1110 0110), which will be correctly decoded as (0110).1 This
  1
      We will adopt the convention that bits are numbered left to right in binary n-tuples.
8.1   ERROR-DETECTING AND CORRECTING CODES                                  117

triple-repetition method will automatically detect and correct all single errors,
but it is slow and inefficient: to send a message consisting of n bits, 2n extra
bits are required, and we can only detect and correct single errors. We will
see that it is possible to find an encoding scheme that will encode a message
of n bits into m bits with m much smaller than 3n.                            

Example 2. Even parity, a commonly used coding scheme, is much
more efficient than the simple repetition scheme. The ASCII (American
Standard Code for Information Interchange) coding system uses binary 8-
tuples, yielding 28 = 256 possible 8-tuples. However, only seven bits are
needed since there are only 27 = 128 ASCII characters. What can or should
be done with the extra bit? Using the full eight bits, we can detect single
transmission errors. For example, the ASCII codes for A, B, and C are

                            A = 6510 = 010000012 ,
                            B = 6610 = 010000102 ,
                            C = 6710 = 010000112 .

Notice that the leftmost bit is always set to 0; that is, the 128 ASCII
characters have codes

                              000000002 = 010 ,
                                       ..
                                        .
                              011111112 = 12710 .

The bit can be used for error checking on the other seven bits. It is set to
either 0 or 1 so that the total number of 1 bits in the representation of a
character is even. Using even parity, the codes for A, B, and C now become

                               A = 010000012 ,
                                B = 010000102 ,
                                C = 110000112 .

Suppose an A is sent and a transmission error in the sixth bit is caused by
noise over the communication channel so that (0100 0101) is received. We
know an error has occurred since the received word has an odd number of
1’s, and we can now request that the codeword be transmitted again. When
used for error checking, the leftmost bit is called a parity check bit.
     By far the most common error-detecting codes used in computers are
based on the addition of a parity bit. Typically, a computer stores information
118                       CHAPTER 8         ALGEBRAIC CODING THEORY

in m-tuples called words. Common word lengths are 8, 16, and 32 bits.
One bit in the word is set aside as the parity check bit, and is not used to
store information. This bit is set to either 0 or 1, depending on the number
of 1’s in the word.
    Adding a parity check bit allows the detection of all single errors because
changing a single bit either increases or decreases the number of 1’s by one,
and in either case the parity has been changed from even to odd, so the new
word is not a codeword. (We could also construct an error detection scheme
based on odd parity ; that is, we could set the parity check bit so that a
codeword always has an odd number of 1’s.)                                   
    The even parity system is easy to implement, but has two drawbacks.
First, multiple errors are not detectable. Suppose an A is sent and the first
and seventh bits are changed from 0 to 1. The received word is a codeword,
but will be decoded into a C instead of an A. Second, we do not have the
ability to correct errors. If the 8-tuple (1001 1000) is received, we know that
an error has occurred, but we have no idea which bit has been changed. We
will now investigate a coding scheme that will not only allow us to detect
transmission errors but will actually correct the errors.

                                            Received Word
                          000   001   010     011 100 101     110   111
      Transmitted   000    0     1     1       2     1    2    2     3
      Codeword      111    3     2     2       1     2    1    1     0

                       Table 8.1. A repetition code



Example 3. Suppose that our original message is either a 0 or a 1, and
that 0 encodes to (000) and 1 encodes to (111). If only a single error occurs
during transmission, we can detect and correct the error. For example, if a
101 is received, then the second bit must have been changed from a 1 to a 0.
The originally transmitted codeword must have been (111). This method
will detect and correct all single errors.
    In Table 8.1, we present all possible words that might be received for the
transmitted codewords (000) and (111). Table 8.1 also shows the number of
bits by which each received 3-tuple differs from each original codeword. 
8.1   ERROR-DETECTING AND CORRECTING CODES                                      119

Maximum-Likelihood Decoding
The coding scheme presented in Example 3 is not a complete solution to the
problem because it does not account for the possibility of multiple errors.
For example, either a (000) or a (111) could be sent and a (001) received.
We have no means of deciding from the received word whether there was a
single error in the third bit or two errors, one in the first bit and one in the
second. No matter what coding scheme is used, an incorrect message could
be received: we could transmit a (000), have errors in all three bits, and
receive the codeword (111). It is important to make explicit assumptions
about the likelihood and distribution of transmission errors so that, in a
particular application, it will be known whether a given error detection
scheme is appropriate. We will assume that transmission errors are rare, and,
that when they do occur, they occur independently in each bit; that is, if p
is the probability of an error in one bit and q is the probability of an error
in a different bit, then the probability of errors occurring in both of these
bits at the same time is pq. We will also assume that a received n-tuple is
decoded into a codeword that is closest to it; that is, we assume that the
receiver uses maximum-likelihood decoding .

                                         p
                              0                      0
                                             q

                                             q
                              1          p           1



                    Figure 8.2. Binary symmetric channel

    A binary symmetric channel is a model that consists of a transmitter
capable of sending a binary signal, either a 0 or a 1, together with a receiver.
Let p be the probability that the signal is correctly received. Then q = 1 − p
is the probability of an incorrect reception. If a 1 is sent, then the probability
that a 1 is received is p and the probability that a 0 is received is q (Figure 8.2).
The probability that no errors occur during the transmission of a binary
codeword of length n is pn . For example, if p = 0.999 and a message
consisting of 10,000 bits is sent, then the probability of a perfect transmission
is
                             (0.999)10,000 ≈ 0.00005.
120                       CHAPTER 8        ALGEBRAIC CODING THEORY

Theorem 8.1 If a binary n-tuple (x1 , . . . , xn ) is transmitted across a bi-
nary symmetric channel with probability p that no error will occur in each
coordinate, then the probability that there are errors in exactly k coordinates is
                                   
                                    n k n−k
                                        q p    .
                                    k
Proof. Fix k different coordinates. We first compute the probability that
an error has occurred in this fixed set of coordinates. The probability of an
error occurring in a particular one of these k coordinates is q; the probability
that an error will not occur in any of the remaining n − k coordinates is
p. The probability of each of these n independent events is q k pn−k . The
number of possible error patterns with exactly k errors occurring is equal to
                               
                                n          n!
                                   =              ,
                                k      k!(n − k)!
the number of combinations of n things taken k at a time. Each of these
error patterns has probability q k pn−k of occurring; hence, the probability of
all of these error patterns is
                                  
                                    n k n−k
                                      q p     .
                                    k
                                                                               

Example 4. Suppose that p = 0.995 and a 500-bit message is sent. The
probability that the message was sent error-free is

                           pn = (0.995)500 ≈ 0.082.

The probability of exactly one error occurring is
                 
                  n
                     qpn−1 = 500(0.005)(0.995)499 ≈ 0.204.
                  1
The probability of exactly two errors is
            
              n 2 n−2 500 · 499
                 q p     =          (0.005)2 (0.995)498 ≈ 0.257.
              2                2
The probability of more than two errors is approximately

                      1 − 0.082 − 0.204 − 0.257 = 0.457.

                                                                               
8.1   ERROR-DETECTING AND CORRECTING CODES                                   121

Block Codes
If we are to develop efficient error-detecting and error-correcting codes, we
will need more sophisticated mathematical tools. Group theory will allow
faster methods of encoding and decoding messages. A code is an (n, m)-block
code if the information that is to be coded can be divided into blocks of
m binary digits, each of which can be encoded into n binary digits. More
specifically, an (n, m)-block code consists of an encoding function

                                    E : Zm    n
                                         2 → Z2

and a decoding function

                                    D : Zn2 → Zm
                                               2 .

A codeword is any element in the image of E. We also require that E be
one-to-one so that two information blocks will not be encoded into the same
codeword. If our code is to be error-correcting, then D must be onto.

Example 5. The even-parity coding system developed to detect single errors
in ASCII characters is an (8, 7)-block code. The encoding function is

                     E(x7 , x6 , . . . , x1 ) = (x8 , x7 , . . . , x1 ),

where x8 = x7 + x6 + · · · + x1 with addition in Z2 .                         
    Let x = (x1 , . . . , xn ) and y = (y1 , . . . , yn ) be binary n-tuples. The
Hamming distance or distance, d(x, y), between x and y is the number
of bits in which x and y differ. The distance between two codewords is the
minimum number of transmission errors required to change one codeword into
the other. The minimum distance for a code, dmin , is the minimum of all
distances d(x, y), where x and y are distinct codewords. The weight, w(x),
of a binary codeword x is the number of 1’s in x. Clearly, w(x) = d(x, 0),
where 0 = (00 · · · 0).

Example 6. Let x = (10101), y = (11010), and z = (00011) be all of the
codewords in some code C. Then we have the following Hamming distances:

                d(x, y) = 4,          d(x, z) = 3,            d(y, z) = 3.

The minimum distance for this code is 3. We also have the following weights:

                   w(x) = 3,           w(y) = 3,            w(z) = 2.
122                        CHAPTER 8         ALGEBRAIC CODING THEORY

                                                                            
    The following proposition lists some basic properties about the weight of
a codeword and the distance between two codewords. The proof is left as an
exercise.

Proposition 8.2 Let x, y, and z be binary n-tuples. Then

   1. w(x) = d(x, 0);

   2. d(x, y) ≥ 0;

   3. d(x, y) = 0 exactly when x = y;

   4. d(x, y) = d(y, x);

   5. d(x, y) ≤ d(x, z) + d(z, y).

    The weights in a particular code are usually much easier to compute than
the Hamming distances between all codewords in the code. If a code is set
up carefully, we can use this fact to our advantage.
    Suppose that x = (1101) and y = (1100) are codewords in some code. If
we transmit (1101) and an error occurs in the rightmost bit, then (1100) will
be received. Since (1100) is a codeword, the decoder will decode (1100) as
the transmitted message. This code is clearly not very appropriate for error
detection. The problem is that d(x, y) = 1. If x = (1100) and y = (1010)
are codewords, then d(x, y) = 2. If x is transmitted and a single error occurs,
then y can never be received. Table 8.2 gives the distances between all 4-bit
codewords in which the first three bits carry information and the fourth is
an even parity check bit. We can see that the minimum distance here is 2;
hence, the code is suitable as a single error-correcting code.

                 0000   0011   0101   0110    1001   1010   1100   1111
         0000      0      2      2      2       2      2      2      4
         0011      2      0      2      2       2      2      4      2
         0101      2      2      0      2       2      4      2      2
         0110      2      2      2      0       4      2      2      2
         1001      2      2      2      4       0      2      2      2
         1010      2      2      4      2       2      0      2      2
         1100      2      4      2      2       2      2      0      2
         1111      4      2      2      2       2      2      2      0

                Table 8.2. Distances between 4-bit codewords
8.1   ERROR-DETECTING AND CORRECTING CODES                                    123

    To determine exactly what the error-detecting and error-correcting ca-
pabilities for a code are, we need to analyze the minimum distance for the
code. Let x and y be codewords. If d(x, y) = 1 and an error occurs where
x and y differ, then x is changed to y. The received codeword is y and no
error message is given. Now suppose d(x, y) = 2. Then a single error cannot
change x to y. Therefore, if dmin = 2, we have the ability to detect single
errors. However, suppose that d(x, y) = 2, y is sent, and a noncodeword z is
received such that
                            d(x, z) = d(y, z) = 1.
Then the decoder cannot decide between x and y. Even though we are aware
that an error has occurred, we do not know what the error is.
    Suppose dmin ≥ 3. Then the maximum-likelihood decoding scheme
corrects all single errors. Starting with a codeword x, an error in the
transmission of a single bit gives y with d(x, y) = 1, but d(z, y) ≥ 2 for any
other codeword z 6= x. If we do not require the correction of errors, then
we can detect multiple errors when a code has a minimum distance that is
greater than 3.

Theorem 8.3 Let C be a code with dmin = 2n + 1. Then C can correct any
n or fewer errors. Furthermore, any 2n or fewer errors can be detected in C.

Proof. Suppose that a codeword x is sent and the word y is received with
at most n errors. Then d(x, y) ≤ n. If z is any codeword other than x, then

              2n + 1 ≤ d(x, z) ≤ d(x, y) + d(y, z) ≤ n + d(y, z).

Hence, d(y, z) ≥ n + 1 and y will be correctly decoded as x. Now suppose
that x is transmitted and y is received and that at least one error has
occurred, but not more than 2n errors. Then 1 ≤ d(x, y) ≤ 2n. Since the
minimum distance between codewords is 2n + 1, y cannot be a codeword.
Consequently, the code can detect between 1 and 2n errors.            

Example 7. In Table 8.3, the codewords c1 = (00000), c2 = (00111),
c3 = (11100), and c4 = (11011) determine a single error-correcting code. 


                               Historical Note

Modern coding theory began in 1948 with C. Shannon’s paper, “A Mathematical
Theory of Information” [7]. This paper offered an example of an algebraic code, and
Shannon’s Theorem proclaimed exactly how good codes could be expected to be.
124                         CHAPTER 8        ALGEBRAIC CODING THEORY

                             00000   00111    11100   11011
                    00000      0       3        3       4
                    00111      3       0        4       3
                    11100      3       4        0       3
                    11011      4       3        3       0

       Table 8.3. Hamming distances for an error-correcting code



Richard Hamming began working with linear codes at Bell Labs in the late 1940s
and early 1950s after becoming frustrated because the programs that he was running
could not recover from simple errors generated by noise. Coding theory has grown
tremendously in the past several years. The Theory of Error-Correcting Codes,
by MacWilliams and Sloane [5], published in 1977, already contained over 1500
references. Linear codes (Reed-Muller (32, 6)-block codes) were used on NASA’s
Mariner space probes. More recent space probes such as Voyager have used what
are called convolution codes. Currently, very active research is being done with
Goppa codes, which are heavily dependent on algebraic geometry.


8.2     Linear Codes
To gain more knowledge of a particular code and develop more efficient
techniques of encoding, decoding, and error detection, we need to add
additional structure to our codes. One way to accomplish this is to require
that the code also be a group. A group code is a code that is also a subgroup
of Zn2 .
     To check that a code is a group code, we need only verify one thing. If
we add any two elements in the code, the result must be an n-tuple that is
again in the code. It is not necessary to check that the inverse of the n-tuple
is in the code, since every codeword is its own inverse, nor is it necessary to
check that 0 is a codeword. For instance,

                   (11000101) + (11000101) = (00000000).


Example 8. Suppose that we have          a code that consists of the following
7-tuples:
           (0000000) (0001111)           (0010101) (0011010)
           (0100110) (0101001)           (0110011) (0111100)
           (1000011) (1001100)           (1010110) (1011001)
           (1100101) (1101010)           (1110000) (1111111).
8.2   LINEAR CODES                                                         125

It is a straightforward though tedious task to verify that this code is also
a subgroup of Z72 and, therefore, a group code. This code is a single error-
detecting and single error-correcting code, but it is a long and tedious process
to compute all of the distances between pairs of codewords to determine
that dmin = 3. It is much easier to see that the minimum weight of all the
nonzero codewords is 3. As we will soon see, this is no coincidence. However,
the relationship between weights and distances in a particular code is heavily
dependent on the fact that the code is a group.                               

Lemma 8.4 Let x and y be binary n-tuples. Then w(x + y) = d(x, y).

Proof. Suppose that x and y are binary n-tuples. Then the distance
between x and y is exactly the number of places in which x and y differ.
But x and y differ in a particular coordinate exactly when the sum in the
coordinate is 1, since

                                  1+1=0
                                  0+0=0
                                  1+0=1
                                  0 + 1 = 1.

Consequently, the weight of the sum must be the distance between the two
codewords.                                                             

Theorem 8.5 Let dmin be the minimum distance for a group code C. Then
dmin is the minimum of all the nonzero weights of the nonzero codewords in
C. That is,
                       dmin = min{w(x) : x 6= 0}.

Proof. Observe that

                     dmin = min{d(x, y) : x 6= y}
                          = min{d(x, y) : x + y 6= 0}
                          = min{w(x + y) : x + y 6= 0}
                          = min{w(z) : z 6= 0}.

                                                                             
126                           CHAPTER 8          ALGEBRAIC CODING THEORY

Linear Codes
From Example 8, it is now easy to check that the minimum nonzero weight
is 3; hence, the code does indeed detect and correct all single errors. We
have now reduced the problem of finding “good” codes to that of generating
group codes. One easy way to generate group codes is to employ a bit of
matrix theory.
    Define the inner product of two binary n-tuples to be

                              x · y = x1 y1 + · · · + xn yn ,

where x = (x1 , x2 , . . . , xn )t and y = (y1 , y2 , . . . , yn )t are column vectors.2
For example, if x = (011001)t and y = (110101)t , then x · y = 0. We can
also look at an inner product as the product of a row matrix with a column
matrix; that is,

                         x · y = xt y
                                                            
                                                          y1
                                                         y2 
                                                           
                                = x1 x2 · · ·        xn  . 
                                                         .. 
                                                              yn
                                = x1 y1 + x2 y2 + · · · + xn yn .


Example 9. Suppose that the words to be encoded consist of all binary
3-tuples and that our encoding scheme is even-parity. To encode an arbitrary
3-tuple, we add a fourth bit to obtain an even number of 1’s. Notice that
an arbitrary n-tuple x = (x1 , x2 , . . . , xn )t has an even number of 1’s exactly
when x1 + x2 + · · · + xn = 0; hence, a 4-tuple x = (x1 , x2 , x3 , x4 )t has an
even number of 1’s if x1 + x2 + x3 + x4 = 0, or
                                                          
                                                           1
                                                           1
                 x · 1 = xt 1 = x1 x2 x3 x4 
                                                        
                                                         1 = 0.
                                                            

                                                           1

This example leads us to hope that there is a connection between matrices
and coding theory.                                                     
   2
     Since we will be working with matrices, we will write binary n-tuples as column vectors
for the remainder of this chapter.
8.2   LINEAR CODES                                                           127

    Let Mm×n (Z2 ) denote the set of all m × n matrices with entries in Z2 . We
do matrix operations as usual except that all our addition and multiplication
operations occur in Z2 . Define the null space of a matrix H ∈ Mm×n (Z2 )
to be the set of all binary n-tuples x such that Hx = 0. We denote the null
space of a matrix H by Null(H).

Example 10. Suppose that
                                         
                                0 1 0 1 0
                           H = 1 1 1 1 0 .
                                0 0 1 1 1

For a 5-tuple x = (x1 , x2 , x3 , x4 , x5 )t to be in the null space of H, Hx = 0.
Equivalently, the following system of equations must be satisfied:
                                       x2 + x4 = 0
                            x1 + x2 + x3 + x4 = 0
                                  x3 + x4 + x5 = 0.
The set of binary 5-tuples satisfying these equations is
                (00000)      (11110)      (10101)      (01011).
This code is easily determined to be a group code.                             

Theorem 8.6 Let H be in Mm×n (Z2 ). Then the null space of H is a
group code.

Proof. Since each element of Zn2 is its own inverse, the only thing that really
needs to be checked here is closure. Let x, y ∈ Null(H) for some matrix H
in Mm×n (Z2 ). Then Hx = 0 and Hy = 0. So
                     H(x + y) = Hx + Hy = 0 + 0 = 0.
Hence, x + y is in the null space of H and therefore must be a codeword.
                                                                      
   A code is a linear code if it is determined by the null space of some
matrix H ∈ Mm×n (Z2 ).

Example 11. Let C be the code        given by the matrix
                                                  
                           0         0 0 1 1 1
                    H = 0           1 1 0 1 1 .
                           1         0 1 0 0 1
128                     CHAPTER 8       ALGEBRAIC CODING THEORY

Suppose that the 6-tuple x = (010011)t is received. It is a simple matter of
matrix multiplication to determine whether or not x is a codeword. Since
                                     
                                       0
                               Hx = 1 ,
                                       1

the received word is not a codeword. We must either attempt to correct the
word or request that it be transmitted again.                           


8.3    Parity-Check and Generator Matrices
We need to find a systematic way of generating linear codes as well as fast
methods of decoding. By examining the properties of a matrix H and by
carefully choosing H, it is possible to develop very efficient methods of
encoding and decoding messages. To this end, we will introduce standard
generator and canonical parity-check matrices.
    Suppose that H is an m × n matrix with entries in Z2 and n > m.
If the last m columns of the matrix form the m × m identity matrix, Im ,
then the matrix is a canonical parity-check matrix . More specifically,
H = (A | Im ), where A is the m × (n − m) matrix
                                                
                          a11 a12 · · · a1,n−m
                        a21 a22 · · · a2,n−m 
                                                
                        ..    .. . . ..         
                        .      . .    .         
                         am1 am2 · · · am,n−m

and Im is the m × m identity matrix
                                            
                            1 0 ···         0
                          0 1 · · ·        0
                                             .
                                            
                           .. .. . . .
                           . . . ..         
                            0 0 ···         1

With each canonical parity-check matrix we can associate an n × (n − m)
standard generator matrix
                                       
                                   In−m
                             G=           .
                                     A
8.3   PARITY-CHECK AND GENERATOR MATRICES                                   129

Our goal will be to show that Gx = y if and only if Hy = 0. Given a
message block x to be encoded, G will allow us to quickly encode it into a
linear codeword y.

Example 12. Suppose that we have the following eight words to be encoded:

                        (000), (001), (010), . . . , (111).

For                                     
                                   0 1 1
                              A = 1 1 0 ,
                                   1 0 1
the associated standard generator and      canonical parity-check matrices are
                                              
                                   1       0 0
                                  0       1 0
                                              
                                  0       0 1
                             G=  0
                                               
                                          1 1
                                  1       1 0
                                   1       0 1

and                                      
                              0 1 1 1 0 0
                         H = 1 1 0 0 1 0  ,
                              1 0 1 0 0 1
respectively.
    Observe that the rows in H represent the parity checks on certain bit
positions in a 6-tuple. The 1’s in the identity matrix serve as parity checks
for the 1’s in the same row. If x = (x1 , x2 , x3 , x4 , x5 , x6 ), then
                                                       
                                     x2 + x3 + x4
                        0 = Hx = x1 + x2 + x5  ,
                                     x1 + x3 + x6

which yields a system of equations:

                              x2 + x3 + x4 = 0
                              x1 + x2 + x5 = 0
                              x1 + x3 + x6 = 0.

Here x4 serves as a check bit for x2 and x3 ; x5 is a check bit for x1 and x2 ;
and x6 is a check bit for x1 and x3 . The identity matrix keeps x4 , x5 , and x6
130                      CHAPTER 8        ALGEBRAIC CODING THEORY

from having to check on each other. Hence, x1 , x2 , and x3 can be arbitrary
but x4 , x5 , and x6 must be chosen to ensure parity. The null space of H is
easily computed to be

                 (000000) (001101) (010110) (011011)
                 (100011) (101110) (110101) (111000).

An even easier way to compute the null space is with the generator matrix
G (Table 8.4).                                                         

                          Message Word    Codeword
                                x            Gx
                               000         000000
                               001         001101
                               010         010110
                               011         011011
                               100         100011
                               101         101110
                               110         110101
                               111         111000


                   Table 8.4. A matrix-generated code


Theorem 8.7 If H ∈ Mm×n (Z2 ) is a canonical parity-check matrix, then
Null(H) consists of all x ∈ Zn2 whose first n − m bits are arbitrary but whose
last m bits are determined by Hx = 0. Each of the last m bits serves as an
even parity check bit for some of the first n − m bits. Hence, H gives rise to
an (n, n − m)-block code.

    We leave the proof of this theorem as an exercise. In light of the theorem,
the first n − m bits in x are called information bits and the last m bits
are called check bits. In Example 12, the first three bits are the information
bits and the last three are the check bits.

Theorem    8.8 Suppose that G is an n × k standard generator matrix. Then
C = y : Gx = y for x ∈ Zk2 is an (n, k)-block code. More specifically, C
      

is a group code.

Proof. Let Gx1 = y1 and Gx2 = y2 be two codewords. Then y1 + y2 is in
C since
                G(x1 + x2 ) = Gx1 + Gx2 = y1 + y2 .
8.3   PARITY-CHECK AND GENERATOR MATRICES                                      131

We must also show that two message blocks cannot be encoded into the same
codeword. That is, we must show that if Gx = Gy, then x = y. Suppose
that Gx = Gy. Then

                            Gx − Gy = G(x − y) = 0.

However, the first k coordinates in G(x − y) are exactly x1 − y1 , . . . , xk − yk ,
since they are determined by the identity matrix, Ik , part of G. Hence,
G(x − y) = 0 exactly when x = y.                                                 
   Before we can prove the relationship between canonical parity-check
matrices and standard generating matrices, we need to prove a lemma.

              H = (A | Im ) be an m × n canonical parity-check matrix
Lemma 8.9 Let
        In−m
and G =   A    be the corresponding n × (n − m) standard generator matrix.
Then HG = 0.

Proof. Let C = HG. The ijth entry in C is
                           n
                           X
                   cij =         hik gkj
                           k=1
                           n−m
                           X                    n
                                                X
                      =          hik gkj +             hik gkj
                           k=1               k=n−m+1
                           n−m
                           X                   Xn
                      =          aik δkj +             δi−(m−n),k akj
                           k=1               k=n−m+1
                      = aij + aij
                      = 0,

where                                     (
                                           1,   i=j
                                    δij =
                                           0,   i 6= j
is the Kronecker delta.                                                          

Theorem 8.10 Let  H = (A | Im ) be an m × n canonical parity-check matrix
             In−m
and let G =    A    be the n × (n − m) standard generator matrix associated
with H. Let C be the code generated by G. Then y is in C if and only if
Hy = 0. In particular, C is a linear code with canonical parity-check matrix
H.
132                         CHAPTER 8         ALGEBRAIC CODING THEORY

Proof. First suppose that y ∈ C. Then Gx = y for some x ∈ Zm                 2 . By
Lemma 8.9, Hy = HGx = 0.
    Conversely, suppose that y = (y1 , . . . , yn )t is in the null space of H. We
need to find an x in Zn−m
                      2    such that Gxt = y. Since Hy = 0, the following
set of equations must be satisfied:

                a11 y1 + a12 y2 + · · · + a1,n−m yn−m + yn−m+1 = 0
                a21 y1 + a22 y2 + · · · + a2,n−m yn−m + yn−m+1 = 0
                                                              ..
                                                               .
              am1 y1 + am2 y2 + · · · + am,n−m yn−m + yn−m+1 = 0.

Equivalently, yn−m+1 , . . . , yn are determined by y1 , . . . , yn−m :

                yn−m+1 = a11 y1 + a12 y2 + · · · + a1,n−m yn−m
                yn−m+1 = a21 y1 + a22 y2 + · · · + a2,n−m yn−m
                      ..
                       .
                yn−m+1 = am1 y1 + am2 y2 + · · · + am,n−m yn−m .

Consequently, we can let xi = yi for i = 1, . . . , n − m.                      
   It would be helpful if we could compute the minimum distance of a linear
code directly from its matrix H in order to determine the error-detecting
and error-correcting capabilities of the code. Suppose that

                                 e1 = (100 · · · 00)t
                                 e2 = (010 · · · 00)t
                                   ..
                                    .
                                 en = (000 · · · 01)t

are the n-tuples in Zn2 of weight 1. For an m × n binary matrix H, Hei is
exactly the ith column of the matrix H.

Example 13. Observe that
                                     
                                  0      
                         1 1 1 0 0 1
                                          1
                        1 0 0 1 0 0 = 0 .
                                     
                         1 1 0 0 1 0     1
                                     0
8.3   PARITY-CHECK AND GENERATOR MATRICES                                133

                                                                           
   We state this result in the following proposition and leave the proof as
an exercise.

Proposition 8.11 Let ei be the binary n-tuple with a 1 in the ith coordinate
and 0’s elsewhere and suppose that H ∈ Mm×n (Z2 ). Then Hei is the ith
column of the matrix H.

Theorem 8.12 Let H be an m × n binary matrix. Then the null space of
H is a single error-detecting code if and only if no column of H consists
entirely of zeros.

Proof. Suppose that Null(H) is a single error-detecting code. Then the
minimum distance of the code must be at least 2. Since the null space is a
group code, it is sufficient to require that the code contain no codewords of
less than weight 2 other than the zero codeword. That is, ei must not be a
codeword for i = 1, . . . , n. Since Hei is the ith column of H, the only way
in which ei could be in the null space of H would be if the ith column were
all zeros, which is impossible; hence, the code must have the capability to
detect at least single errors.
    Conversely, suppose that no column of H is the zero column. By Propo-
sition 8.11, Hei 6= 0.                                                     

Example 14. If we consider the matrices
                                        
                               1 1 1 0 0
                       H1 = 1 0 0 1 0
                               1 1 0 0 1

and                                     
                               1 1 1 0 0
                         H2 = 1 0 0 0 0 ,
                               1 1 0 0 1
then the null space of H1 is a single error-detecting code and the null space
of H2 is not.                                                              
   We can even do better than Theorem 8.12. This theorem gives us
conditions on a matrix H that tell us when the minimum weight of the code
134                      CHAPTER 8        ALGEBRAIC CODING THEORY

formed by the null space of H is 2. We can also determine when the minimum
distance of a linear code is 3 by examining the corresponding matrix.

Example 15. If we let
                                        
                                  1 1 1 0
                             H = 1 0 0 1
                                  1 1 0 0

and want to determine whether or not H is the canonical parity-check matrix
for an error-correcting code, it is necessary to make certain that Null(H) does
not contain any 4-tuples of weight 2. That is, (1100), (1010), (1001), (0110),
(0101), and (0011) must not be in Null(H). The next theorem states that
we can indeed determine that the code generated by H is error-correcting by
examining the columns of H. Notice in this example that not only does H
have no zero columns, but also that no two columns are the same.             

Theorem 8.13 Let H be a binary matrix. The null space of H is a single
error-correcting code if and only if H does not contain any zero columns and
no two columns of H are identical.

Proof. The n-tuple ei + ej has 1’s in the ith and jth entries and 0’s
elsewhere, and w(ei + ej ) = 2 for i 6= j. Since

                        0 = H(ei + ej ) = Hei + Hej

can only occur if the ith and jth columns are identical, the null space of H
is a single error-correcting code.                                         
    Suppose now that we have a canonical parity-check matrix H with three
rows. Then we might ask how many more columns we can add to the
matrix and still have a null space that is a single error-detecting and single
error-correcting code. Since each column has three entries, there are 23 = 8
possible distinct columns. We cannot add the columns
                                
                           0      1      0      0
                         0 , 0 , 1 , 0 .
                           0      0      0      1

So we can add as many as four columns and still maintain a minimum
distance of 3.
    In general, if H is an m × n canonical parity-check matrix, then there
are n − m information positions in each codeword. Each column has m
8.4   EFFICIENT DECODING                                                    135

bits, so there are 2m possible distinct columns. It is necessary that the
columns 0, e1 , . . . , em be excluded, leaving 2m − (1 + m) remaining columns
for information if we are still to maintain the ability not only to detect but
also to correct single errors.


8.4     Efficient Decoding
We are now at the stage where we are able to generate linear codes that
detect and correct errors fairly easily, but it is still a time-consuming process
to decode a received n-tuple and determine which is the closest codeword,
because the received n-tuple must be compared to each possible codeword
to determine the proper decoding. This can be a serious impediment if the
code is very large.

Example 16. Given the binary matrix
                                      
                             1 1 1 0 0
                      H = 0 1 0 1 0
                             1 0 0 0 1

and the 5-tuples x = (11011)t and y = (01011)t , we can compute
                                                 
                           0                        1
                   Hx = 0       and     Hy = 0 .
                                                  
                           0                        1

Hence, x is a codeword and y is not, since x is in the null space and y is not.
Notice that Hy is identical to the first column of H. In fact, this is where
the error occurred. If we flip the first bit in y from 0 to 1, then we obtain x.
                                                                              
    If H is an m × n matrix and x ∈ Zn2 , then we say that the syndrome of
x is Hx. The following proposition allows the quick detection and correction
of errors.

Proposition 8.14 Let the m × n binary matrix H determine a linear code
and let x be the received n-tuple. Write x as x = c + e, where c is the
transmitted codeword and e is the transmission error. Then the syndrome
Hx of the received codeword x is also the syndrome of the error e.

Proof. Hx = H(c + e) = Hc + He = 0 + He = He.                                 
136                      CHAPTER 8        ALGEBRAIC CODING THEORY

    This proposition tells us that the syndrome of a received word depends
solely on the error and not on the transmitted codeword. The proof of the
following theorem follows immediately from Proposition 8.14 and from the
fact that He is the ith column of the matrix H.
Theorem 8.15 Let H ∈ Mm×n (Z2 ) and suppose that the linear code corre-
sponding to H is single error-correcting. Let r be a received n-tuple that was
transmitted with at most one error. If the syndrome of r is 0, then no error
has occurred; otherwise, if the syndrome of r is equal to some column of H,
say the ith column, then the error has occurred in the ith bit.

Example 17. Consider the matrix
                                      
                           1 0 1 1 0 0
                    H = 0 1 1 0 1 0
                           1 1 1 0 0 1
and suppose that the 6-tuples x = (111110)t , y = (111111)t , and z =
(010111)t have been received. Then
                                            
                          1          1          1
                  Hx = 1 , Hy = 1 , Hz = 0 .
                                           
                          1          0          0
Hence, x has an error in the third bit and z has an error in the fourth bit. The
transmitted codewords for x and z must have been (110110) and (010011),
respectively. The syndrome of y does not occur in any of the columns of the
matrix H, so multiple errors must have occurred to produce y.                 


Coset Decoding
We can use group theory to obtain another way of decoding messages. A
linear code C is a subgroup of Zn2 . Coset or standard decoding uses
the cosets of C in Zn2 to implement maximum-likelihood decoding. Suppose
that C is an (n, m)-linear code. A coset of C in Zn2 is written in the form
x + C, where x ∈ Zn2 . By Lagrange’s Theorem (Theorem 6.5), there are
2n−m distinct cosets of C in Zn2 .

Example 18. Let C be the (5, 3)-linear code given by the parity-check
matrix                                   
                           0 1 1 0 0
                    H = 1 0 0 1 0 .
                           1 1 0 0 1
8.4   EFFICIENT DECODING                                                    137


                                                 Cosets
                     C             (00000)   (01101) (10011)   (11110)
                (10000)   +   C    (10000)   (11101) (00011)   (01110)
                (01000)   +   C    (01000)   (00101) (11011)   (10110)
                (00100)   +   C    (00100)   (01001) (10111)   (11010)
                (00010)   +   C    (00010)   (01111) (10001)   (11100)
                (00001)   +   C    (00001)   (01100) (10010)   (11111)
                (10100)   +   C    (00111)   (01010) (10100)   (11001)
                (00110)   +   C    (00110)   (01011) (10101)   (11000)


                              Table 8.5. Cosets of C

The code consists of the codewords

                    (00000)       (01101)     (10011)   (11110).

There are 25−2 = 23 cosets of C in Z52 , each with order 22 = 4. These cosets
are listed in Table 8.5.                                                   
    Our task is to find out how knowing the cosets might help us to decode
a message. Suppose that x was the original codeword sent and that r is the
n-tuple received. If e is the transmission error, then r = e+x or, equivalently,
x = e + r. However, this is exactly the statement that r is an element in the
coset e + C. In maximum-likelihood decoding we expect the error e to be as
small as possible; that is, e will have the least weight. An n-tuple of least
weight in a coset is called a coset leader . Once we have determined a coset
leader for each coset, the decoding process becomes a task of calculating
r + e to obtain x.

Example 19. In Table 8.5, notice that we have chosen a representative
of the least possible weight for each coset. These representatives are coset
leaders. Now suppose that r = (01111) is the received word. To decode r,
we find that it is in the coset (00010) + C; hence, the originally transmitted
codeword must have been (01101) = (01111) + (00010).                        
    A potential problem with this method of decoding is that we might have
to examine every coset for the received codeword. The following proposition
gives a method of implementing coset decoding. It states that we can
associate a syndrome with each coset; hence, we can make a table that
designates a coset leader corresponding to each syndrome. Such a list is
called a decoding table.
138                      CHAPTER 8          ALGEBRAIC CODING THEORY

                             Syndrome     Coset Leader
                               (000)        (00000)
                               (001)        (00001)
                               (010)        (00010)
                               (011)        (10000)
                               (100)        (00100)
                               (101)        (01000)
                               (110)        (00110)
                               (111)        (10100)


                   Table 8.6. Syndromes for each coset


Proposition 8.16 Let C be an (n, k)-linear code given by the matrix H and
suppose that x and y are in Zn2 . Then x and y are in the same coset of C if
and only if Hx = Hy. That is, two n-tuples are in the same coset if and
only if their syndromes are the same.

Proof. Two n-tuples x and y are in the same coset of C exactly when
x − y ∈ C; however, this is equivalent to H(x − y) = 0 or Hx = Hy. 

Example 20. Table 8.6 is a decoding table for the code C given in Exam-
ple 18. If x = (01111) is received, then its syndrome can be computed to
be                                     
                                        0
                                Hx = 1 .
                                      
                                        1
Examining the decoding table, we determine that the coset leader is (00010).
It is now easy to decode the received codeword.                          
    Given an (n, k)-block code, the question arises of whether or not coset
decoding is a manageable scheme. A decoding table requires a list of cosets
and syndromes, one for each of the 2n−k cosets of C. Suppose that we have
a (32, 24)-block code. We have a huge number of codewords, 224 , yet there
are only 232−24 = 28 = 256 cosets.


Exercises
  1. Why is the following encoding scheme not acceptable?

        Information:    0      1     2      3     4       5     6     7     8
        Codeword:      000    001   010    011   101     110   111   000   001
EXERCISES                                                                                             139

  2. Without doing any addition, explain why the following set of 4-tuples in Z42
     cannot be a group code.

                                      (0110)        (1001)   (1010)   (1100)

  3. Compute the Hamming distances between the following pairs of n-tuples.

      (a) (011010), (011100)                                  (c) (00110), (01111)
      (b) (11110101), (01010100)                              (d) (1001), (0111)

  4. Compute the weights of the following n-tuples.

      (a) (011010)                                            (c) (01111)
      (b) (11110101)                                          (d) (1011)

  5. Suppose that a linear code C has a minimum weight of 7. What are the
     error-detection and error-correction capabilities of C?
  6. In each of the following codes, what is the minimum distance for the code?
     What is the best situation we might hope for in connection with error detection
     and error correction?
      (a) (011010) (011100) (110111) (110000)
      (b) (011100) (011011) (111011) (100011)
          (000000) (010101) (110100) (110011)
      (c) (000000) (011100) (110101) (110001)
      (d) (0110110) (0111100) (1110000) (1111111)
          (1001001) (1000011) (0001111) (0000000)
  7. Compute the null space of each of the following matrices. What type of
     (n, k)-block codes are the null spaces? Can you find a matrix (not necessarily
     a standard generator matrix) that generates each code? Are your generator
     matrices unique?

      (a)                                                   (c)                              
                  0       1       0       0       0                         1   0   0   1   1
                 1       0       1       0       1                        0   1   0   1   1
                  1       0       0       1       0
                                                              (d)
      (b)
                                                                                                     
                                                                     0    0   0   1   1   1       1
                 1    0       1       0       0    0                  0
               1                                                           1   1   0   0   1       1
                      1       0       1       0    0                 
                                                                      1
                                                                                                      
               
               0
                                                                           0   1   0   1   0       1
                      1       0       0       1    0
                                                                       0    1   1   0   0   1       1
                 1    1       0       0       0    1
140                                   CHAPTER 8                     ALGEBRAIC CODING THEORY

  8. Construct a (5, 2)-block code. Discuss both the error-detection and error-
     correction capabilities of your code.
  9. Let C be the code obtained from the null                            space of the matrix
                                                                             
                                     0 1 0                                0 1
                             H = 1 0 1                                   0 1 .
                                     0 0 1                                1 1

      Decode the message

                                          01111             10101   01110    00011

      if possible.
 10. Suppose that a 1000-bit binary message is transmitted. Assume that the
     probability of a single error is p and that the errors occurring in different
     bits are independent of one another. If p = 0.01, what is the probability of
     more than one error occurring? What is the probability of exactly two errors
     occurring? Repeat this problem for p = 0.0001.
 11. Which matrices are canonical parity-check matrices? For those matrices
     that are canonical parity-check matrices, what are the corresponding stan-
     dard generator matrices? What are the error-detection and error-correction
     capabilities of the code generated by each of these matrices?

       (a)                                                         (c)
                      1       1       0       0       0                              
                                                                                         1       1       1       0
                                                                                                                     
                     0       0       1       0       0
                                                                                       1       0       0       1
                     0       0       0       1       0
                      1       0       0       0       1
                                                                     (d)
       (b)
                                                                                                                          
                                                                              0    0       0       1       0       0   0
                  0       1       1       0       0    0                      0
                 1                                                                  1       1       0       1       0   0
                          1       0       1       0    0                     
                                                                              1
                                                                                                                           
                 
                 0
                                                                                    0       1       0       0       1   0
                          1       0       0       1    0
                                                                                0    1       1       0       0       0   1
                  1       1       0       0       0    1

 12. List all possible syndromes for the codes generated by each of the matrices in
     the previous exercise.
 13. Let                                                                      
                                                       0        1    1   1   1
                                                  H = 0        0    0   1   1 .
                                                       1        0    1   0   1
      Compute the syndrome caused by each of the following transmission errors.
       (a) An error in the first bit
EXERCISES                                                                             141

      (b) An error in the third bit
      (c) An error in the last bit
      (d) Errors in the third and fourth bits
 14. Let C be the group code in Z32 defined by the codewords (000) and (111).
     Compute the cosets of H in Z32 . Why was there no need to specify right or
     left cosets? Give the single transmission error, if any, to which each coset
     corresponds.
 15. For each of the following matrices, find the cosets of the corresponding code
     C. Give a decoding table for each code if possible.

      (a)                                     (c)                            
                  0    1   0   0   0                        1   0   0   1   1
                 1    0   1   0   1                       0   1   0   1   1
                  1    0   0   1   0
                                                (d)
      (b)                                                                          
                   0   0   1   0   0                   1    0   0   1   1   1       1
                 1    1   0   1   0                 1    1   1   0   0   1       1
                                                                                   
                 0    1   0   1   0                 1    0   1   0   1   0       1
                   1   1   0   0   1                   1    1   1   0   0   1       0


 16. Let x, y, and z be binary n-tuples. Prove each of the following statements.
      (a) w(x) = d(x, 0)
      (b) d(x, y) = d(x + z, y + z)
      (c) d(x, y) = w(x − y)
 17. A metric on a set X is a map d : X × X → R satisfying the following
     conditions.
      (a) d(x, y) ≥ 0 for all x, y ∈ X;
      (b) d(x, y) = 0 exactly when x = y;
      (c) d(x, y) = d(y, x);
      (d) d(x, y) ≤ d(x, z) + d(z, y).
     In other words, a metric is simply a generalization of the notion of distance.
     Prove that Hamming distance is a metric on Zn2 . Decoding a message actually
     reduces to deciding which is the closest codeword in terms of distance.
 18. Let C be a linear code. Show that either the ith coordinates in the codewords
     of C are all zeros or exactly half of them are zeros.
 19. Let C be a linear code. Show that either every codeword has even weight or
     exactly half of the codewords have even weight.
142                       CHAPTER 8         ALGEBRAIC CODING THEORY

 20. Show that the codewords of even weight in a linear code C are also a linear
     code.
 21. If we are to use an error-correcting linear code to transmit the 128 ASCII
     characters, what size matrix must be used? What size matrix must be used
     to transmit the extended ASCII character set of 256 characters? What if we
     require only error detection in both cases?
 22. Find the canonical parity-check matrix that gives the even parity check bit code
     with three information positions. What is the matrix for seven information
     positions? What are the corresponding standard generator matrices?
 23. How many check positions are needed for a single error-correcting code with
     20 information positions? With 32 information positions?
 24. Let ei be the binary n-tuple with a 1 in the ith coordinate and 0’s elsewhere
     and suppose that H ∈ Mm×n (Z2 ). Show that Hei is the ith column of the
     matrix H.
 25. Let C be an (n, k)-linear code. Define the dual or orthogonal code of C
     to be
                      C ⊥ = {x ∈ Zn2 : x · y = 0 for all y ∈ C}.
      (a) Find the dual code of the linear code     C where C is given by the matrix
                                                       
                                      1 1 1         0 0
                                   0 0 1           0 1 .
                                      1 0 0         1 0

      (b) Show that C ⊥ is an (n, n − k)-linear code.
      (c) Find the standard generator and parity-check matrices of C and C ⊥ .
          What happens in general? Prove your conjecture.
 26. Let H be an m × n matrix over Z2 , where the ith column is the number i
     written in binary with m bits. The null space of such a matrix is called a
     Hamming code.
      (a) Show that the matrix
                                                              
                                      0     0   0    1   1   1
                                 H = 0     1   1    0   0   1
                                      1     0   1    0   1   0
          generates a Hamming code. What are the error-correcting properties of
          a Hamming code?
      (b) The column corresponding to the syndrome also marks the bit that
          was in error; that is, the ith column of the matrix is i written as a
          binary number, and the syndrome immediately tells us which bit is in
          error. If the received word is (101011), compute the syndrome. In which
          bit did the error occur in this case, and what codeword was originally
          transmitted?
EXERCISES                                                                       143

       (c) Give a binary matrix H for the Hamming code with six information
           positions and four check positions. What are the check positions and
           what are the information positions? Encode the messages (101101) and
           (001001). Decode the received words (0010000101) and (0000101100).
           What are the possible syndromes for this code?
       (d) What is the number of check bits and the number of information bits in
           an (m, n)-block Hamming code? Give both an upper and a lower bound
           on the number of information bits in terms of the number of check bits.
           Hamming codes having the maximum possible number of information
           bits with k check bits are called perfect. Every possible syndrome
           except 0 occurs as a column. If the number of information bits is less
           than the maximum, then the code is called shortened . In this case,
           give an example showing that some syndromes can represent multiple
           errors.

Programming Exercises
Write a program to implement a (16, 12)-linear code. Your program should be
able to encode and decode messages using coset decoding. Once your program is
written, write a program to simulate a binary symmetric channel with transmission
noise. Compare the results of your simulation with the theoretically predicted error
probability.

References and Suggested Readings
  [1] Blake, I. F. “Codes and Designs,” Mathematics Magazine 52 (1979), 81–95.
  [2] Hill, R. A First Course in Coding Theory. Oxford University Press, Oxford,
      1990.
  [3] Levinson, N. “Coding Theory: A Counterexample to G. H. Hardy’s Conception
      of Applied Mathematics,” American Mathematical Monthly 77 (1970), 249–58.
  [4] Lidl, R. and Pilz, G. Applied Abstract Algebra. 2nd ed. Springer, New York,
      1998.
  [5] MacWilliams, F. J. and Sloane, N. J. A. The Theory of Error-Correcting
      Codes. North-Holland Mathematical Library, 16, Elsevier, Amsterdam, 1983.
  [6] Roman, S. Coding and Information Theory. Springer-Verlag, New York, 1992.
  [7] Shannon, C. E. “A Mathematical Theory of Communication,” Bell System
      Technical Journal 27 (1948), 379–423, 623–56.
  [8] Thompson, T. M. From Error-Correcting Codes through Sphere Packing to
      Simple Groups. Carus Monograph Series, No. 21. Mathematical Association
      of America, Washington, DC, 1983.
  [9] van Lint, J. H. Introduction to Coding Theory. Springer, New York, 1999.
                                    9
                    Isomorphisms



Many groups may appear to be different at first glance, but can be shown to
be the same by a simple renaming of the group elements. For example, Z4
and the subgroup of the circle group T generated by i can be shown to be the
same by demonstrating a one-to-one correspondence between the elements
of the two groups and between the group operations. In such a case we say
that the groups are isomorphic.


9.1     Definition and Examples
Two groups (G, ·) and (H, ◦) are isomorphic if there exists a one-to-one
and onto map φ : G → H such that the group operation is preserved; that is,

                           φ(a · b) = φ(a) ◦ φ(b)

for all a and b in G. If G is isomorphic to H, we write G ∼
                                                          = H. The map φ
is called an isomorphism.

Example 1. To show that Z4 ∼ = hii, define a map φ : Z4 → hii by φ(n) = in .
We must show that φ is bijective and preserves the group operation. The
map φ is one-to-one and onto because

                                φ(0) = 1
                                φ(1) = i
                                φ(2) = −1
                                φ(3) = −i.

Since
                  φ(m + n) = im+n = im in = φ(m)φ(n),

                                    144
9.1   DEFINITION AND EXAMPLES                                           145

the group operation is preserved.                                         

Example 2. We can define an isomorphism φ from the additive group of
real numbers (R, +) to the multiplicative group of positive real numbers
(R+ , ·) with the exponential map; that is,

                   φ(x + y) = ex+y = ex ey = φ(x)φ(y).

Of course, we must still show that φ is one-to-one and onto, but this can be
determined using calculus.                                                

Example 3. The integers are isomorphic to the subgroup of Q∗ consisting
of elements of the form 2n . Define a map φ : Z → Q∗ by φ(n) = 2n . Then

                  φ(m + n) = 2m+n = 2m 2n = φ(m)φ(n).

By definition the map φ is onto the subset {2n : n ∈ Z} of Q∗ . To show that
the map is injective, assume that m =6 n. If we can show that φ(m) 6= φ(n),
then we are done. Suppose that m > n and assume that φ(m) = φ(n). Then
2m = 2n or 2m−n = 1, which is impossible since m − n > 0.                 

Example 4. The groups Z8 and Z12 cannot be isomorphic since they have
different orders; however, it is true that U (8) ∼
                                                 = U (12). We know that

                            U (8) = {1, 3, 5, 7}
                           U (12) = {1, 5, 7, 11}.

An isomorphism φ : U (8) → U (12) is then given by

                                    1 7→ 1
                                    3 7→ 5
                                    5 7→ 7
                                    7 7→ 11.

The map φ is not the only possible isomorphism between these two groups.
We could define another isomorphism ψ by ψ(1) = 1, ψ(3) = 11, ψ(5) = 5,
ψ(7) = 7. In fact, both of these groups are isomorphic to Z2 × Z2 (see
Example 14 in Chapter 3).                                            

Example 5. Even though S3 and Z6 possess the same number of elements,
we would suspect that they are not isomorphic, because Z6 is abelian and
146                                            CHAPTER 9         ISOMORPHISMS

S3 is nonabelian. To demonstrate that this is indeed the case, suppose that
φ : Z6 → S3 is an isomorphism. Let a, b ∈ S3 be two elements such that
ab 6= ba. Since φ is an isomorphism, there exist elements m and n in Z6
such that
                        φ(m) = a and φ(n) = b.
However,

           ab = φ(m)φ(n) = φ(m + n) = φ(n + m) = φ(n)φ(m) = ba,

which contradicts the fact that a and b do not commute.                          

Theorem 9.1 Let φ : G → H be an isomorphism of two groups. Then the
following statements are true.

  1. φ−1 : H → G is an isomorphism.

  2. |G| = |H|.

  3. If G is abelian, then H is abelian.

  4. If G is cyclic, then H is cyclic.

  5. If G has a subgroup of order n, then H has a subgroup of order n.

Proof. Assertions (1) and (2) follow from the fact that φ is a bijection. We
will prove (3) here and leave the remainder of the theorem to be proved in
the exercises.
    (3) Suppose that h1 and h2 are elements of H. Since φ is onto, there
exist elements g1 , g2 ∈ G such that φ(g1 ) = h1 and φ(g2 ) = h2 . Therefore,

         h1 h2 = φ(g1 )φ(g2 ) = φ(g1 g2 ) = φ(g2 g1 ) = φ(g2 )φ(g1 ) = h2 h1 .

                                                                                 
      We are now in a position to characterize all cyclic groups.

Theorem 9.2 All cyclic groups of infinite order are isomorphic to Z.

Proof. Let G be a cyclic group with infinite order and suppose that a is a
generator of G. Define a map φ : Z → G by φ : n 7→ an . Then

                     φ(m + n) = am+n = am an = φ(m)φ(n).
9.1   DEFINITION AND EXAMPLES                                              147

To show that φ is injective, suppose that m and n are two elements in Z,
where m = 6 n. We can assume that m > n. We must show that am 6= an .
Let us suppose the contrary; that is, am = an . In this case am−n = e, where
m − n > 0, which contradicts the fact that a has infinite order. Our map
is onto since any element in G can be written as an for some integer n and
φ(n) = an .                                                               

Theorem 9.3 If G is a cyclic group of order n, then G is isomorphic to Zn .

Proof. Let G be a cyclic group of order n generated by a and define a
map φ : Zn → G by φ : k 7→ ak , where 0 ≤ k < n. The proof that φ is an
isomorphism is one of the end-of-chapter exercises.                   

Corollary 9.4 If G is a group of order p, where p is a prime number, then
G is isomorphic to Zp .

Proof. The proof is a direct result of Corollary 6.7.                        
    The main goal in group theory is to classify all groups; however, it makes
sense to consider two groups to be the same if they are isomorphic. We state
this result in the following theorem, whose proof is left as an exercise.

Theorem 9.5 The isomorphism of groups determines an equivalence rela-
tion on the class of all groups.

   Hence, we can modify our goal of classifying all groups to classifying all
groups up to isomorphism; that is, we will consider two groups to be the
same if they are isomorphic.

Cayley’s Theorem
Cayley proved that if G is a group, it is isomorphic to a group of permutations
on some set; hence, every group is a permutation group. Cayley’s Theorem
is what we call a representation theorem. The aim of representation theory
is to find an isomorphism of some group G that we wish to study into a
group that we know a great deal about, such as a group of permutations or
matrices.

Example 6. Consider the group Z3 . The Cayley table for Z3 is as follows.
                                +    0   1   2
                                0    0   1   2
                                1    1   2   0
                                2    2   0   1
148                                        CHAPTER 9         ISOMORPHISMS

The addition table of Z3 suggests that it is the same as the permutation
group G = {(0), (012), (021)}. The isomorphism here is
                                      
                                0 1 2
                          0 7→           = (0)
                                0 1 2
                                      
                                0 1 2
                          1 7→           = (012)
                                1 2 0
                                      
                                0 1 2
                          2 7→           = (021).
                                2 0 1
                                                                         

Theorem 9.6 (Cayley) Every group is isomorphic to a group of permuta-
tions.

Proof. Let G be a group. We must find a group of permutations G that is
isomorphic to G. For any g ∈ G, define a function λg : G → G by λg (a) = ga.
We claim that λg is a permutation of G. To show that λg is one-to-one,
suppose that λg (a) = λg (b). Then

                          ga = λg (a) = λg (b) = gb.

Hence, a = b. To show that λg is onto, we must prove that for each a ∈ G,
there is a b such that λg (b) = a. Let b = g −1 a.
   Now we are ready to define our group G. Let

                             G = {λg : g ∈ G}.

We must show that G is a group under composition of functions and find
an isomorphism between G and G. We have closure under composition of
functions since

                  (λg ◦ λh )(a) = λg (ha) = gha = λgh (a).

Also,
                               λe (a) = ea = a
and
              (λg−1 ◦ λg )(a) = λg−1 (ga) = g −1 ga = a = λe (a).
   We can define an isomorphism from G to G by φ : g 7→ λg . The group
operation is preserved since

                      φ(gh) = λgh = λg λh = φ(g)φ(h).
9.2   DIRECT PRODUCTS                                                            149

It is also one-to-one, because if φ(g)(a) = φ(h)(a), then

                              ga = λg a = λh a = ha.

Hence, g = h. That φ is onto follows from the fact that φ(g) = λg for any
λg ∈ G.                                                                
    The isomorphism g 7→ λg is known as the left regular representation
of G.

                                 Historical Note

Arthur Cayley was born in England in 1821, though he spent much of the first
part of his life in Russia, where his father was a merchant. Cayley was educated at
Cambridge, where he took the first Smith’s Prize in mathematics. A lawyer for much
of his adult life, he wrote several papers in his early twenties before entering the
legal profession at the age of 25. While practicing law he continued his mathematical
research, writing more than 300 papers during this period of his life. These included
some of his best work. In 1863 he left law to become a professor at Cambridge.
Cayley wrote more than 900 papers in fields such as group theory, geometry, and
linear algebra. His legal knowledge was very valuable to Cambridge; he participated
in the writing of many of the university’s statutes. Cayley was also one of the people
responsible for the admission of women to Cambridge.


9.2     Direct Products
Given two groups G and H, it is possible to construct a new group from the
Cartesian product of G and H, G × H. Conversely, given a large group, it is
sometimes possible to decompose the group; that is, a group is sometimes
isomorphic to the direct product of two smaller groups. Rather than studying
a large group G, it is often easier to study the component groups of G.

External Direct Products
If (G, ·) and (H, ◦) are groups, then we can make the Cartesian product of
G and H into a new group. As a set, our group is just the ordered pairs
(g, h) ∈ G × H where g ∈ G and h ∈ H. We can define a binary operation
on G × H by
                      (g1 , h1 )(g2 , h2 ) = (g1 · g2 , h1 ◦ h2 );
that is, we just multiply elements in the first coordinate as we do in G and
elements in the second coordinate as we do in H. We have specified the
150                                             CHAPTER 9           ISOMORPHISMS

particular operations · and ◦ in each group here for the sake of clarity; we
usually just write (g1 , h1 )(g2 , h2 ) = (g1 g2 , h1 h2 ).

Proposition 9.7 Let G and H be groups. The set G × H is a group under
the operation (g1 , h1 )(g2 , h2 ) = (g1 g2 , h1 h2 ) where g1 , g2 ∈ G and h1 , h2 ∈ H.

Proof. Clearly the binary operation defined above is closed. If eG and eH
are the identities of the groups G and H respectively, then (eG , eH ) is the
identity of G × H. The inverse of (g, h) ∈ G × H is (g −1 , h−1 ). The fact
that the operation is associative follows directly from the associativity of G
and H.                                                                       

Example 7. Let R be the group of real numbers under addition. The
Cartesian product of R with itself, R × R = R2 , is also a group, in which the
group operation is just addition in each coordinate; that is, (a, b) + (c, d) =
(a + c, b + d). The identity is (0, 0) and the inverse of (a, b) is (−a, −b). 

Example 8. Consider

                      Z2 × Z2 = {(0, 0), (0, 1), (1, 0), (1, 1)}.

Although Z2 × Z2 and Z4 both contain four elements, it is easy to see
that they are not isomorphic since for every element (a, b) in Z2 × Z2 ,
(a, b) + (a, b) = (0, 0), but Z4 is cyclic.                          
   The group G × H is called the external direct product of G and H.
Notice that there is nothing special about the fact that we have used only
two groups to build a new group. The direct product
                           n
                           Y
                                 Gi = G1 × G 2 × · · · × Gn
                           i=1

of the groups G1 , G2 , . . . , Gn is defined in exactly the same manner. If
G = G1 = G2 = · · · = Gn , we often write Gn instead of G1 × G2 × · · · × Gn .

Example 9. The group Zn2 , considered as a set, is just the set of all binary
n-tuples. The group operation is the “exclusive or” of two binary n-tuples.
For example,
                 (01011101) + (01001011) = (00010110).
This group is important in coding theory, in cryptography, and in many
areas of computer science.                                          
9.2   DIRECT PRODUCTS                                                             151

Theorem 9.8 Let (g, h) ∈ G × H. If g and h have finite orders r and s
respectively, then the order of (g, h) in G × H is the least common multiple
of r and s.

Proof. Suppose that m is the least common multiple of r and s and let
n = |(g, h)|. Then
                          (g, h)m = (g m , hm ) = (eG , eH )
                          (g n , hn ) = (g, h)n = (eG , eH ).
Hence, n must divide m, and n ≤ m. However, by the second equation, both
r and s must divide n; therefore, n is a common multiple of r and s. Since
m is the least common multiple of r and s, m ≤ n. Consequently, m must
be equal to n.                                                                      
                                        Q
Corollary 9.9 Let (g1 , . . . ,Q  gn ) ∈ Gi . If gi has finite order ri in Gi , then
the order of (g1 , . . . , gn ) in Gi is the least common multiple of r1 , . . . , rn .


Example 10. Let (8, 56) ∈ Z12 × Z60 . Since gcd(8, 12) = 4, the order of 8
is 12/4 = 3 in Z12 . Similarly, the order of 56 in Z60 is 15. The least common
multiple of 3 and 15 is 15; hence, (8, 56) has order 15 in Z12 × Z60 .       

Example 11. The group Z2 × Z3 consists of the pairs
                 (0, 0), (0, 1), (0, 2), (1, 0), (1, 1), (1, 2).
In this case, unlike that of Z2 × Z2 and Z4 , it is true that Z2 × Z3 ∼
                                                                      = Z6 .
We need only show that Z2 × Z3 is cyclic. It is easy to see that (1, 1) is a
generator for Z2 × Z3 .                                                   
   The next theorem tells us exactly when the direct product of two cyclic
groups is cyclic.

Theorem 9.10 The group Zm × Zn is isomorphic to Zmn if and only if
gcd(m, n) = 1.

Proof. Assume first that if Zm × Zn ∼    = Zmn , then gcd(m, n) = 1. To
show this, we will prove the contrapositive; that is, we will show that if
gcd(m, n) = d > 1, then Zm × Zn cannot be cyclic. Notice that mn/d is
divisible by both m and n; hence, for any element (a, b) ∈ Zm × Zn ,
                       (a, b) + (a, b) + · · · + (a, b) = (0, 0).
                       |             {z               }
                                 mn/d times
152                                              CHAPTER 9         ISOMORPHISMS

Therefore, no (a, b) can generate all of Zm × Zn .
   The converse follows directly from Theorem 9.8 since lcm(m, n) = mn if
and only if gcd(m, n) = 1.                                            

Corollary 9.11 Let n1 , . . . , nk be positive integers. Then
                                 k
                                        Zni ∼
                                 Y
                                            = Zn1 ···nk
                                 i=1

if and only if gcd(ni , nj ) = 1 for i 6= j.

Corollary 9.12 If
                                  m = pe11 · · · pekk ,
where the pi s are distinct primes, then

                             Zm ∼
                                = Zpe11 × · · · × Zpek .
                                                          k

                                                               e
Proof. Since the greatest common divisor of pei i and pj j is 1 for i 6= j, the
proof follows from Corollary 9.11.                                           
    In Chapter 13, we will prove that all finite abelian groups are isomorphic
to direct products of the form

                                 Zpe1 × · · · × Zpek
                                    1                k


where p1 , . . . , pk are (not necessarily distinct) primes.

Internal Direct Products
The external direct product of two groups builds a large group out of
two smaller groups. We would like to be able to reverse this process and
conveniently break down a group into its direct product components; that
is, we would like to be able to say when a group is isomorphic to the direct
product of two of its subgroups.
    Let G be a group with subgroups H and K satisfying the following
conditions.

      • G = HK = {hk : h ∈ H, k ∈ K};

      • H ∩ K = {e};

      • hk = kh for all k ∈ K and h ∈ H.
9.2   DIRECT PRODUCTS                                                      153

Then G is the internal direct product of H and K.

Example 12. The group U (8) is the internal direct product of
                       H = {1, 3}     and K = {1, 5}.
                                                                             

Example 13. The dihedral group D6 is an internal direct product of its
two subgroups
              H = {id, r3 }   and K = {id, r2 , r4 , s, r2 s, r4 s}.
It can easily be shown that K ∼
                              = S3 ; consequently, D6 ∼
                                                      = Z2 × S3 .            

Example 14. Not every group can be written as the internal direct product
of two of its proper subgroups. If the group S3 were an internal direct product
of its proper subgroups H and K, then one of the subgroups, say H, would
have to have order 3. In this case H is the subgroup {(1), (123), (132)}. The
subgroup K must have order 2, but no matter which subgroup we choose for
K, the condition that hk = kh will never be satisfied for h ∈ H and k ∈ K.
                                                                             

Theorem 9.13 Let G be the internal direct product of subgroups H and K.
Then G is isomorphic to H × K.
Proof. Since G is an internal direct product, we can write any element g ∈ G
as g = hk for some h ∈ H and some k ∈ K. Define a map φ : G → H × K
by φ(g) = (h, k).
    The first problem that we must face is to show that φ is a well-defined
map; that is, we must show that h and k are uniquely determined by g.
Suppose that g = hk = h0 k 0 . Then h−1 h0 = k(k 0 )−1 is in both H and K, so
it must be the identity. Therefore, h = h0 and k = k 0 , which proves that φ is,
indeed, well-defined.
    To show that φ preserves the group operation, let g1 = h1 k1 and g2 = h2 k2
and observe that
                          φ(g1 g2 ) = φ(h1 k1 h2 k2 )
                                   = φ(h1 h2 k1 k2 )
                                   = (h1 h2 , k1 k2 )
                                   = (h1 , k1 )(h2 , k2 )
                                   = φ(g1 )φ(g2 ).
154                                             CHAPTER 9       ISOMORPHISMS

We will leave the proof that φ is one-to-one and onto as an exercise.             

Example 15. The group Z6 is an internal direct product isomorphic to
{0, 2, 4} × {0, 3}.                                               
    We can extend the definition of an internal direct product of G to a
collection of subgroups H1 , H2 , . . . , Hn of G, by requiring that
      • G = H1 H2 · · · Hn = {h1 h2 · · · hn : hi ∈ Hi };

      • Hi ∩ h∪j6=i Hj i = {e};

      • hi hj = hj hi for all hi ∈ Hi and hj ∈ Hj .
We will leave the proof of the following theorem as an exercise.

Theorem 9.14 Let G be the internal direct   Q product of subgroups Hi , where
i = 1, 2, . . . , n. Then G is isomorphic to i Hi .



Exercises
   1. Prove that Z ∼
                   = nZ for n 6= 0.
   2. Prove that C∗ is isomorphic to the subgroup of GL2 (R) consisting of matrices
      of the form                             
                                          a b
                                          −b a

   3. Prove or disprove: U (8) ∼
                               = Z4 .
   4. Prove that U (8) is isomorphic to the group of matrices
                                                       
                        1 0      1 0         −1 0      −1 0
                              ,           ,          ,          .
                        0 1      0 −1         0 1       0 −1

   5. Show that U (5) is isomorphic to U (10), but U (12) is not.
   6. Show that the nth roots of unity are isomorphic to Zn .
   7. Show that any cyclic group of order n is isomorphic to Zn .
   8. Prove that Q is not isomorphic to Z.
   9. Let G = R \ {−1} and define a binary operation on G by

                                      a ∗ b = a + b + ab.

        Prove that G is a group under this operation. Show that (G, ∗) is isomorphic
        to the multiplicative group of nonzero real numbers.
EXERCISES                                                                        155

 10. Show that the matrices
                                                           
                       1 0      0       1    0   0     0   1   0
                    0 1        0     0    0   1   1   0   0
                       0 0      1       0    1   0     0   0   1
                                                           
                       0 0      1       0    0   1     0   1   0
                    1 0        0     0    1   0   0   0   1
                       0 1      0       1    0   0     1   0   0

     form a group. Find an isomorphism of G with a more familiar group of
     order 6.
 11. Find five non-isomorphic groups of order 8.
 12. Prove S4 is not isomorphic to D12 .
 13. Let ω = cis(2π/n) be a primitive nth root of unity. Prove that the matrices
                                                        
                              ω    0                   0 1
                       A=                 and B =
                              0 ω −1                   1 0

     generate a multiplicative group isomorphic to Dn .
 14. Show that the set of all matrices of the form
                                              
                                        ±1 k
                                                 ,
                                         0 1

     is a group isomorphic to Dn , where all entries in the matrix are in Zn .
 15. List all of the elements of Z4 × Z2 .
 16. Find the order of each of the following elements.

      (a) (3, 4) in Z4 × Z6
      (b) (6, 15, 4) in Z30 × Z45 × Z24
      (c) (5, 10, 15) in Z25 × Z25 × Z25
      (d) (8, 8, 8) in Z10 × Z24 × Z80

 17. Prove that D4 cannot be the internal direct product of two of its proper
     subgroups.
 18. Prove that the subgroup of Q∗ consisting of elements of the form 2m 3n for
     m, n ∈ Z is an internal direct product isomorphic to Z × Z.
 19. Prove that S3 × Z2 is isomorphic to D6 . Can you make a conjecture about
     D2n ? Prove your conjecture. [Hint: Draw the picture.]
 20. Prove or disprove: Every abelian group of order divisible by 3 contains a
     subgroup of order 3.
156                                         CHAPTER 9         ISOMORPHISMS

 21. Prove or disprove: Every nonabelian group of order divisible by 6 contains a
     subgroup of order 6.
 22. Let G be a group of order 20. If G has subgroups H and K of orders 4 and 5
     respectively such that hk = kh for all h ∈ H and k ∈ K, prove that G is the
     internal direct product of H and K.
 23. Prove or disprove the following assertion. Let G, H, and K be groups. If
     G×K ∼  = H × K, then G ∼ = H.
 24. Prove or disprove: There is a noncyclic abelian group of order 51.
 25. Prove or disprove: There is a noncyclic abelian group of order 52.
 26. Let φ : G1 → G2 be a group isomorphism. Show that φ(x) = e if and only if
     x = e.
 27. Let G ∼= H. Show that if G is cyclic, then so is H.
 28. Prove that any group G of order p, p prime, must be isomorphic to Zp .
 29. Show that Sn is isomorphic to a subgroup of An+2 .
 30. Prove that Dn is isomorphic to a subgroup of Sn .
 31. Let φ : G1 → G2 and ψ : G2 → G3 be isomorphisms. Show that φ−1 and
     ψ ◦ φ are both isomorphisms. Using these results, show that the isomorphism
     of groups determines an equivalence relation on the class of all groups.
                 ∼ Z4 . Can you generalize this result to show that U (p) ∼
 32. Prove U (5) =                                                        = Zp−1 ?
 33. Write out the permutations associated with each element of S3 in the proof
     of Cayley’s Theorem.
 34. An automorphism of a group G is an isomorphism with itself. Prove that
     complex conjugation is an automorphism of the additive group of complex
     numbers; that is, show that the map φ(a + bi) = a − bi is an isomorphism
     from C to C.
 35. Prove that a + ib 7→ a − ib is an automorphism of C∗ .
 36. Prove that A 7→ B −1 AB is an automorphism of SL2 (R) for all B in GL2 (R).
 37. We will denote the set of all automorphisms of G by Aut(G). Prove that
     Aut(G) is a subgroup of SG , the group of permutations of G.
 38. Find Aut(Z6 ).
 39. Find Aut(Z).
 40. Find two nonisomorphic groups G and H such that Aut(G) ∼
                                                            = Aut(H).
 41. Let G be a group and g ∈ G. Define a map ig : G → G by ig (x) = gxg −1 .
     Prove that ig defines an automorphism of G. Such an automorphism is called
     an inner automorphism. The set of all inner automorphisms is denoted
     by Inn(G).
EXERCISES                                                                           157

 42. Prove that Inn(G) is a subgroup of Aut(G).
 43. What are the inner automorphisms of the quaternion group Q8 ? Is Inn(G) =
     Aut(G) in this case?
 44. Let G be a group and g ∈ G. Define maps λg : G → G and ρg : G → G by
     λg (x) = gx and ρg (x) = xg −1 . Show that ig = ρg ◦ λg is an automorphism of
     G. The isomorphism g 7→ ρg is called the right regular representation of
     G.
 45. Let G be the internal direct product of subgroups H and K. Show that the
     map φ : G → H × K defined by φ(g) = (h, k) for g = hk, where h ∈ H and
     k ∈ K, is one-to-one and onto.
 46. Let G and H be isomorphic groups. If G has a subgroup of order n, prove
     that H must also have a subgroup of order n.
 47. If G ∼
          = G and H ∼
                    = H, show that G × H ∼
                                         = G × H.
 48. Prove that G × H is isomorphic to H × G.
 49. Let n1 , . . . , nk be positive integers. Show that
                                      k
                                            Zni ∼
                                      Y
                                                = Zn1 ···nk
                                      i=1

     if and only if gcd(ni , nj ) = 1 for i 6= j.
 50. Prove that A × B is abelian if and only if A and B are abelian.
 51. If G is the
              Q internal direct product of H1 , H2 , . . . , Hn , prove that G is isomor-
     phic to i Hi .
 52. Let H1 and H2 be subgroups of G1 and G2 , respectively. Prove that H1 × H2
     is a subgroup of G1 × G2 .
 53. Let m, n ∈ Z. Prove that hm, ni = hdi if and only if d = gcd(m, n).
 54. Let m, n ∈ Z. Prove that hmi ∩ hni = hli if and only if l = lcm(m, n).
 55. Groups of order 2p. In this series of exercises we will classify all groups of
     order 2p, where p is an odd prime.
       (a) Assume G is a group of order 2p, where p is an odd prime. If a ∈ G,
           show that A must have order 1, 2, p, or 2p.
      (b) Suppose that G an element of order 2p. Prove that G isomorphic to
          Z2p . Hence, G is cyclic.
       (c) Suppose that G does not contain an element of order 2p. Show that
           G must contain an element of order p. Hint: Assume that G does not
           contain an element of order p.
158                                            CHAPTER 9         ISOMORPHISMS

      (d) Suppose that G does not contain an element of order 2p. Show that G
          must contain an element of order 2.
       (e) Let P be a subgroup of G with order p and y ∈ G have order 2. Show
           that yP = P y.
       (f) Suppose that G does not contain an element of order 2p and P = hzi
           is a subgroup of order p generated by z. If y is an element of order 2,
           then yz = z k y for some 2 ≤ k < p.
       (g) Suppose that G does not contain an element of order 2p. Prove that G
           is not abelian.
      (h) Suppose that G does not contain an element of order 2p and P = hzi
          is a subgroup of order p generated by z and y is an element of order 2.
          Show that we can list the elements of G as {z i y j | 0 ≤ i < p, 0 ≤ j < 2}.
       (i) Suppose that G does not contain an element of order 2p and P = hzi
           is a subgroup of order p generated by z and y is an element of order 2.
           Prove that the product (z i y j )(z r y s ) can be expressed as a uniquely as
           z m y n for some non negative integers m, n. Thus, conclude that there is
           only one possibility for a non-abelian group of order 2p, it must therefore
           be the one we have seen already, the dihedral group.

Sage Sage can quickly determine if two permutation groups are isomorphic,
even though this should, in theory, be a very difficult computation.
                                    10
        Normal Subgroups and
           Factor Groups


If H is a subgroup of a group G, then right cosets are not always the same
as left cosets; that is, it is not always the case that gH = Hg for all g ∈ G.
The subgroups for which this property holds play a critical role in group
theory: they allow for the construction of a new class of groups, called factor
or quotient groups. Factor groups may be studied by using homomorphisms,
a generalization of isomorphisms.


10.1     Factor Groups and Normal Subgroups
Normal Subgroups
A subgroup H of a group G is normal in G if gH = Hg for all g ∈ G.
That is, a normal subgroup of a group G is one in which the right and left
cosets are precisely the same.
Example 1. Let G be an abelian group. Every subgroup H of G is a normal
subgroup. Since gh = hg for all g ∈ G and h ∈ H, it will always be the case
that gH = Hg.                                                            

Example 2. Let H be the subgroup of S3 consisting of elements (1) and
(12). Since
          (123)H = {(123), (13)}     and H(123) = {(123), (23)},
H cannot be a normal subgroup of S3 . However, the subgroup N , consisting
of the permutations (1), (123), and (132), is normal since the cosets of N are
                          N = {(1), (123), (132)}
                    (12)N = N (12) = {(12), (13), (23)}.

                                     159
160   CHAPTER 10        NORMAL SUBGROUPS AND FACTOR GROUPS

                                                                              
   The following theorem is fundamental to our understanding of normal
subgroups.

Theorem 10.1 Let G be a group and N be a subgroup of G. Then the
following statements are equivalent.

   1. The subgroup N is normal in G.

   2. For all g ∈ G, gN g −1 ⊂ N .

   3. For all g ∈ G, gN g −1 = N .

Proof. (1) ⇒ (2). Since N is normal in G, gN = N g for all g ∈ G. Hence,
for a given g ∈ G and n ∈ N , there exists an n0 in N such that gn = n0 g.
Therefore, gng −1 = n0 ∈ N or gN g −1 ⊂ N .
    (2) ⇒ (3). Let g ∈ G. Since gN g −1 ⊂ N , we need only show N ⊂ gN g −1 .
For n ∈ N , g −1 ng = g −1 n(g −1 )−1 ∈ N . Hence, g −1 ng = n0 for some n0 ∈ N .
Therefore, n = gn0 g −1 is in gN g −1 .
    (3) ⇒ (1). Suppose that gN g −1 = N for all g ∈ G. Then for any n ∈ N
there exists an n0 ∈ N such that gng −1 = n0 . Consequently, gn = n0 g or
gN ⊂ N g. Similarly, N g ⊂ gN .                                               

Factor Groups
If N is a normal subgroup of a group G, then the cosets of N in G form
a group G/N under the operation (aN )(bN ) = abN . This group is called
the factor or quotient group of G and N . Our first task is to prove that
G/N is indeed a group.

Theorem 10.2 Let N be a normal subgroup of a group G. The cosets of N
in G form a group G/N of order [G : N ].

Proof. The group operation on G/N is (aN )(bN ) = abN . This operation
must be shown to be well-defined; that is, group multiplication must be
independent of the choice of coset representative. Let aN = bN and cN = dN .
We must show that

                   (aN )(cN ) = acN = bdN = (bN )(dN ).
10.1   FACTOR GROUPS AND NORMAL SUBGROUPS                                 161

Then a = bn1 and c = dn2 for some n1 and n2 in N . Hence,

                               acN = bn1 dn2 N
                                     = bn1 dN
                                     = bn1 N d
                                     = bN d
                                     = bdN.

The remainder of the theorem is easy: eN = N is the identity and g −1 N is
the inverse of gN . The order of G/N is, of course, the number of cosets of
N in G.                                                                  
    It is very important to remember that the elements in a factor group are
sets of elements in the original group.

Example 3. Consider the normal subgroup of S3 , N = {(1), (123), (132)}.
The cosets of N in S3 are N and (12)N . The factor group S3 /N has the
following multiplication table.
                                        N        (12)N
                             N          N        (12)N
                           (12)N      (12)N        N
This group is isomorphic to Z2 . At first, multiplying cosets seems both
complicated and strange; however, notice that S3 /N is a smaller group. The
factor group displays a certain amount of information about S3 . Actually,
N = A3 , the group of even permutations, and (12)N = {(12), (13), (23)} is the
set of odd permutations. The information captured in G/N is parity; that is,
multiplying two even or two odd permutations results in an even permutation,
whereas multiplying an odd permutation by an even permutation yields an
odd permutation.                                                            

Example 4. Consider the normal subgroup 3Z of Z. The cosets of 3Z in Z
are

                       0 + 3Z = {. . . , −3, 0, 3, 6, . . .}
                       1 + 3Z = {. . . , −2, 1, 4, 7, . . .}
                       2 + 3Z = {. . . , −1, 2, 5, 8, . . .}.

The group Z/3Z is given by the multiplication table below.
162   CHAPTER 10       NORMAL SUBGROUPS AND FACTOR GROUPS

                       +       0 + 3Z   1 + 3Z    2 + 3Z
                     0 + 3Z    0 + 3Z   1 + 3Z    2 + 3Z
                     1 + 3Z    1 + 3Z   2 + 3Z    0 + 3Z
                     2 + 3Z    2 + 3Z   0 + 3Z    1 + 3Z
In general, the subgroup nZ of Z is normal. The cosets of Z/nZ are

                                     nZ
                                   1 + nZ
                                   2 + nZ
                                      ..
                                       .
                                (n − 1) + nZ.

The sum of the cosets k + Z and l + Z is k + l + Z. Notice that we have
written our cosets additively, because the group operation is integer addition.
                                                                             

Example 5. Consider the dihedral group Dn , generated by the two elements
r and s, satisfying the relations

                                  rn = id
                                   s2 = id
                                 srs = r−1 .

The element r actually generates the cyclic subgroup of rotations, Rn , of Dn .
Since srs−1 = srs = r−1 ∈ Rn , the group of rotations is a normal subgroup
of Dn ; therefore, Dn /Rn is a group. Since there are exactly two elements in
this group, it must be isomorphic to Z2 .                                   


10.2     The Simplicity of the Alternating Group
Of special interest are groups with no nontrivial normal subgroups. Such
groups are called simple groups. Of course, we already have a whole
class of examples of simple groups, Zp , where p is prime. These groups are
trivially simple since they have no proper subgroups other than the subgroup
consisting solely of the identity. Other examples of simple groups are not
so easily found. We can, however, show that the alternating group, An , is
simple for n ≥ 5. The proof of this result requires several lemmas.

Lemma 10.3 The alternating group An is generated by 3-cycles for n ≥ 3.
10.2   THE SIMPLICITY OF THE ALTERNATING GROUP                                 163

Proof. To show that the 3-cycles generate An , we need only show that
any pair of transpositions can be written as the product of 3-cycles. Since
(ab) = (ba), every pair of transpositions must be one of the following:

                             (ab)(ab) = id
                             (ab)(cd) = (acb)(acd)
                             (ab)(ac) = (acb).

                                                                                 

Lemma 10.4 Let N be a normal subgroup of An , where n ≥ 3. If N
contains a 3-cycle, then N = An .

Proof. We will first show that An is generated by 3-cycles of the specific
form (ijk), where i and j are fixed in {1, 2, . . . , n} and we let k vary. Every
3-cycle is the product of 3-cycles of this form, since

                         (iaj) = (ija)2
                         (iab) = (ijb)(ija)2
                        (jab) = (ijb)2 (ija)
                        (abc) = (ija)2 (ijc)(ijb)2 (ija).

Now suppose that N is a nontrivial normal subgroup of An for n ≥ 3 such
that N contains a 3-cycle of the form (ija). Using the normality of N , we
see that
                   [(ij)(ak)](ija)2 [(ij)(ak)]−1 = (ijk)
is in N . Hence, N must contain all of the 3-cycles (ijk) for 1 ≤ k ≤ n. By
Lemma 10.3, these 3-cycles generate An ; hence, N = An .                  

Lemma 10.5 For n ≥ 5, every nontrivial normal subgroup N of An contains
a 3-cycle.

Proof. Let σ be an arbitrary element in a normal subgroup N . There are
several possible cycle structures for σ.

   • σ is a 3-cycle.

   • σ is the product of disjoint cycles, σ = τ (a1 a2 · · · ar ) ∈ N , where r > 3.

   • σ is the product of disjoint cycles, σ = τ (a1 a2 a3 )(a4 a5 a6 ).
164     CHAPTER 10            NORMAL SUBGROUPS AND FACTOR GROUPS

      • σ = τ (a1 a2 a3 ), where τ is the product of disjoint 2-cycles.

      • σ = τ (a1 a2 )(a3 a4 ), where τ is the product of an even number of disjoint
        2-cycles.

If σ is a 3-cycle, then we are done. If N contains a product of disjoint
cycles, σ, and at least one of these cycles has length greater than 3, say
σ = τ (a1 a2 · · · ar ), then

                                     (a1 a2 a3 )σ(a1 a2 a3 )−1

is in N since N is normal; hence,

                                  σ −1 (a1 a2 a3 )σ(a1 a2 a3 )−1

is also in N . Since

                σ −1 (a1 a2 a3 )σ(a1 a2 a3 )−1
                 = σ −1 (a1 a2 a3 )σ(a1 a3 a2 )
                 = (a1 a2 · · · ar )−1 τ −1 (a1 a2 a3 )τ (a1 a2 · · · ar )(a1 a3 a2 )
                 = (a1 ar ar−1 · · · a2 )(a1 a2 a3 )(a1 a2 · · · ar )(a1 a3 a2 )
                 = (a1 a3 ar ),

N must contain a 3-cycle; hence, N = An .
  Now suppose that N contains a disjoint product of the form

                                   σ = τ (a1 a2 a3 )(a4 a5 a6 ).

Then
                              σ −1 (a1 a2 a4 )σ(a1 a2 a4 )−1 ∈ N
since
                                  (a1 a2 a4 )σ(a1 a2 a4 )−1 ∈ N.
So

         σ −1 (a1 a2 a4 )σ(a1 a2 a4 )−1
          = [τ (a1 a2 a3 )(a4 a5 a6 )]−1 (a1 a2 a4 )τ (a1 a2 a3 )(a4 a5 a6 )(a1 a2 a4 )−1
          = (a4 a6 a5 )(a1 a3 a2 )τ −1 (a1 a2 a4 )τ (a1 a2 a3 )(a4 a5 a6 )(a1 a4 a2 )
          = (a4 a6 a5 )(a1 a3 a2 )(a1 a2 a4 )(a1 a2 a3 )(a4 a5 a6 )(a1 a4 a2 )
          = (a1 a4 a2 a6 a3 ).
10.2   THE SIMPLICITY OF THE ALTERNATING GROUP                                   165

So N contains a disjoint cycle of length greater than 3, and we can apply
the previous case.
    Suppose N contains a disjoint product of the form σ = τ (a1 a2 a3 ), where
τ is the product of disjoint 2-cycles. Since σ ∈ N , σ 2 ∈ N , and

                             σ 2 = τ (a1 a2 a3 )τ (a1 a2 a3 )
                                   = (a1 a3 a2 ).

So N contains a 3-cycle.
   The only remaining possible case is a disjoint product of the form

                                   σ = τ (a1 a2 )(a3 a4 ),

where τ is the product of an even number of disjoint 2-cycles. But

                              σ −1 (a1 a2 a3 )σ(a1 a2 a3 )−1

is in N since (a1 a2 a3 )σ(a1 a2 a3 )−1 is in N ; and so

             σ −1 (a1 a2 a3 )σ(a1 a2 a3 )−1
             = τ −1 (a1 a2 )(a3 a4 )(a1 a2 a3 )τ (a1 a2 )(a3 a4 )(a1 a2 a3 )−1
             = (a1 a3 )(a2 a4 ).

Since n ≥ 5, we can find b ∈ {1, 2, . . . , n} such that b =
                                                           6 a1 , a2 , a3 , a4 . Let
µ = (a1 a3 b). Then

                       µ−1 (a1 a3 )(a2 a4 )µ(a1 a3 )(a2 a4 ) ∈ N

and

                   µ−1 (a1 a3 )(a2 a4 )µ(a1 a3 )(a2 a4 )
                   = (a1 ba3 )(a1 a3 )(a2 a4 )(a1 a3 b)(a1 a3 )(a2 a4 )
                   = (a1 a3 b).

Therefore, N contains a 3-cycle. This completes the proof of the lemma. 

Theorem 10.6 The alternating group, An , is simple for n ≥ 5.

Proof. Let N be a normal subgroup of An . By Lemma 10.5, N contains
a 3-cycle. By Lemma 10.4, N = An ; therefore, An contains no proper
nontrivial normal subgroups for n ≥ 5.                           
166    CHAPTER 10         NORMAL SUBGROUPS AND FACTOR GROUPS

                                  Historical Note

One of the foremost problems of group theory has been to classify all simple finite
groups. This problem is over a century old and has been solved only in the last few
years. In a sense, finite simple groups are the building blocks of all finite groups. The
first nonabelian simple groups to be discovered were the alternating groups. Galois
was the first to prove that A5 was simple. Later mathematicians, such as C. Jordan
and L. E. Dickson, found several infinite families of matrix groups that were simple.
Other families of simple groups were discovered in the 1950s. At the turn of the
century, William Burnside conjectured that all nonabelian simple groups must have
even order. In 1963, W. Feit and J. Thompson proved Burnside’s conjecture and
published their results in the paper “Solvability of Groups of Odd Order,” which
appeared in the Pacific Journal of Mathematics. Their proof, running over 250
pages, gave impetus to a program in the 1960s and 1970s to classify all finite simple
groups. Daniel Gorenstein was the organizer of this remarkable effort. One of the
last simple groups was the “Monster,” discovered by R. Greiss. The Monster, a
196,833 × 196,833 matrix group, is one of the 26 sporadic, or special, simple groups.
These sporadic simple groups are groups that fit into no infinite family of simple
groups.


Exercises
   1. For each of the following groups G, determine whether H is a normal subgroup
      of G. If H is a normal subgroup, write out a Cayley table for the factor group
      G/H.
        (a) G = S4 and H = A4
        (b) G = A5 and H = {(1), (123), (132)}
        (c) G = S4 and H = D4
        (d) G = Q8 and H = {1, −1, I, −I}
        (e) G = Z and H = 5Z
   2. Find all the subgroups of D4 . Which subgroups are normal? What are all
      the factor groups of D4 up to isomorphism?
   3. Find all the subgroups of the quaternion group, Q8 . Which subgroups are
      normal? What are all the factor groups of Q8 up to isomorphism?
   4. Let T be the group of nonsingular upper triangular 2 × 2 matrices with entries
      in R; that is, matrices of the form
                                              
                                           a b
                                                 ,
                                           0 c
EXERCISES                                                                      167

     where a, b, c ∈ R and ac 6= 0. Let U consist of matrices of the form
                                            
                                         1 x
                                               ,
                                         0 1

     where x ∈ R.
      (a) Show that U is a subgroup of T .
      (b) Prove that U is abelian.
      (c) Prove that U is normal in T .
      (d) Show that T /U is abelian.
      (e) Is T normal in GL2 (R)?
  5. Show that the intersection of two normal subgroups is a normal subgroup.
  6. If G is abelian, prove that G/H must also be abelian.
  7. Prove or disprove: If H is a normal subgroup of G such that H and G/H are
     abelian, then G is abelian.
  8. If G is cyclic, prove that G/H must also be cyclic.
  9. Prove or disprove: If H and G/H are cyclic, then G is cyclic.
 10. Let H be a subgroup of index 2 of a group G. Prove that H must be a normal
     subgroup of G. Conclude that Sn is not simple for n ≥ 3.
 11. If a group G has exactly one subgroup H of order k, prove that H is normal
     in G.
 12. Define the centralizer of an element g in a group G to be the set

                              C(g) = {x ∈ G : xg = gx}.

     Show that C(g) is a subgroup of G. If g generates a normal subgroup of G,
     prove that C(g) is normal in G.
 13. Recall that the center of a group G is the set

                       Z(G) = {x ∈ G : xg = gx for all g ∈ G }.

      (a) Calculate the center of S3 .
      (b) Calculate the center of GL2 (R).
      (c) Show that the center of any group G is a normal subgroup of G.
      (d) If G/Z(G) is cyclic, show that G is abelian.
 14. Let G be a group and let G0 = haba−1 b−1 i; that is, G0 is the subgroup of all
     finite products of elements in G of the form aba−1 b−1 . The subgroup G0 is
     called the commutator subgroup of G.
168   CHAPTER 10       NORMAL SUBGROUPS AND FACTOR GROUPS

       (a) Show that G0 is a normal subgroup of G.
       (b) Let N be a normal subgroup of G. Prove that G/N is abelian if and
           only if N contains the commutator subgroup of G.

Sage Sage can easily determine if a subgroup is normal or not. If so, it
can create the quotient group. However, the construction creates a new
permuation group, isomorphic to the quotient group, so its utility is limited.
                                     11
                Homomorphisms



11.1     Group Homomorphisms
One of the basic ideas of algebra is the concept of a homomorphism, a
natural generalization of an isomorphism. If we relax the requirement
that an isomorphism of groups be bijective, we have a homomorphism. A
homomorphism between groups (G, ·) and (H, ◦) is a map φ : G → H
such that
                        φ(g1 · g2 ) = φ(g1 ) ◦ φ(g2 )
for g1 , g2 ∈ G. The range of φ in H is called the homomorphic image of φ.
    Two groups are related in the strongest possible way if they are isomorphic;
however, a weaker relationship may exist between two groups. For example,
the symmetric group Sn and the group Z2 are related by the fact that Sn can
be divided into even and odd permutations that exhibit a group structure
like that Z2 , as shown in the following multiplication table.
                                     even   odd
                              even   even   odd
                              odd    odd    even
We use homomorphisms to study relationships such as the one we have just
described.

Example 1. Let G be a group and g ∈ G. Define a map φ : Z → G by
φ(n) = g n . Then φ is a group homomorphism, since

                  φ(m + n) = g m+n = g m g n = φ(m)φ(n).

This homomorphism maps Z onto the cyclic subgroup of G generated by g.
                                                                   

                                     169
170                                   CHAPTER 11         HOMOMORPHISMS

Example 2. Let G = GL2 (R). If
                                               
                                          a b
                                 A=
                                          c d

is in G, then the determinant is nonzero; that is, det(A) = ad − bc 6= 0.
Also, for any two elements A and B in G, det(AB) = det(A) det(B). Using
the determinant, we can define a homomorphism φ : GL2 (R) → R∗ by
A 7→ det(A).                                                           

Example 3. Recall that the circle group T consists of all complex numbers
z such that |z| = 1. We can define a homomorphism φ from the additive
group of real numbers R to T by φ : θ 7→ cos θ + i sin θ. Indeed,

      φ(α + β) = cos(α + β) + i sin(α + β)
               = (cos α cos β − sin α sin β) + i(sin α cos β + cos α sin β)
               = (cos α + i sin α) + (cos β + i sin β)
               = φ(α)φ(β).

Geometrically, we are simply wrapping the real line around the circle in a
group-theoretic fashion.                                                
   The following proposition lists some basic properties of group homomor-
phisms.

Proposition 11.1 Let φ : G1 → G2 be a homomorphism of groups. Then

  1. If e is the identity of G1 , then φ(e) is the identity of G2 ;

  2. For any element g ∈ G1 , φ(g −1 ) = [φ(g)]−1 ;

  3. If H1 is a subgroup of G1 , then φ(H1 ) is a subgroup of G2 ;

  4. If H2 is a subgroup of G2 , then φ−1 (H2 ) = {g ∈ G1 : φ(g) ∈ H2 } is a
     subgroup of G1 . Furthermore, if H2 is normal in G2 , then φ−1 (H2 ) is
     normal in G1 .

Proof. (1) Suppose that e and e0 are the identities of G1 and G2 , respectively;
then
                   e0 φ(e) = φ(e) = φ(ee) = φ(e)φ(e).
By cancellation, φ(e) = e0 .
11.1   GROUP HOMOMORPHISMS                                                171

   (2) This statement follows from the fact that

                     φ(g −1 )φ(g) = φ(g −1 g) = φ(e) = e0 .

    (3) The set φ(H1 ) is nonempty since the identity of G2 is in φ(H1 ).
Suppose that H1 is a subgroup of G1 and let x and y be in φ(H1 ). There
exist elements a, b ∈ H1 such that φ(a) = x and φ(b) = y. Since

                  xy −1 = φ(a)[φ(b)]−1 = φ(ab−1 ) ∈ φ(H1 ),

φ(H1 ) is a subgroup of G2 by Proposition 3.10.
   (4) Let H2 be a subgroup of G2 and define H1 to be φ−1 (H2 ); that is,
H1 is the set of all g ∈ G1 such that φ(g) ∈ H2 . The identity is in H1 since
φ(e) = e0 . If a and b are in H1 , then φ(ab−1 ) = φ(a)[φ(b)]−1 is in H2 since
H2 is a subgroup of G2 . Therefore, ab−1 ∈ H1 and H1 is a subgroup of G1 . If
H2 is normal in G2 , we must show that g −1 hg ∈ H1 for h ∈ H1 and g ∈ G1 .
But
                      φ(g −1 hg) = [φ(g)]−1 φ(h)φ(g) ∈ H2 ,
since H2 is a normal subgroup of G2 . Therefore, g −1 hg ∈ H1 .             
   Let φ : G → H be a group homomorphism and suppose that e is the
identity of H. By Proposition 11.1, φ−1 ({e}) is a subgroup of G. This
subgroup is called the kernel of φ and will be denoted by ker φ. In fact, this
subgroup is a normal subgroup of G since the trivial subgroup is normal in
H. We state this result in the following theorem, which says that with every
homomorphism of groups we can naturally associate a normal subgroup.

Theorem 11.2 Let φ : G → H be a group homomorphism. Then the kernel
of φ is a normal subgroup of G.


Example 4. Let us examine the homomorphism φ : GL2 (R) → R∗ defined by
A 7→ det(A). Since 1 is the identity of R∗ , the kernel of this homomorphism
is all 2 × 2 matrices having determinant one. That is, ker φ = SL2 (R).
                                                                           

Example 5. The kernel of the group homomorphism φ : R → C∗ defined
by φ(θ) = cos θ + i sin θ is {2πn : n ∈ Z}. Notice that ker φ ∼
                                                              = Z. 

Example 6. Suppose that we wish to determine all possible homomorphisms
φ from Z7 to Z12 . Since the kernel of φ must be a subgroup of Z7 , there are
172                                   CHAPTER 11         HOMOMORPHISMS

only two possible kernels, {0} and all of Z7 . The image of a subgroup of
Z7 must be a subgroup of Z12 . Hence, there is no injective homomorphism;
otherwise, Z12 would have a subgroup of order 7, which is impossible. Conse-
quently, the only possible homomorphism from Z7 to Z12 is the one mapping
all elements to zero.                                                     

Example 7. Let G be a group. Suppose that g ∈ G and φ is the homomor-
phism from Z to G given by φ(n) = g n . If the order of g is infinite, then the
kernel of this homomorphism is {0} since φ maps Z onto the cyclic subgroup
of G generated by g. However, if the order of g is finite, say n, then the
kernel of φ is nZ.                                                           


11.2     The Isomorphism Theorems
Though at first it is not evident that factor groups correspond exactly to
homomorphic images, we can use factor groups to study homomorphisms.
We already know that with every group homomorphism φ : G → H we can
associate a normal subgroup of G, ker φ; the converse is also true. Every
normal subgroup of a group G gives rise to homomorphism of groups.
   Let H be a normal subgroup of G. Define the natural or canonical
homomorphism
                               φ : G → G/H
by
                                 φ(g) = gH.
This is indeed a homomorphism, since

                 φ(g1 g2 ) = g1 g2 H = g1 Hg2 H = φ(g1 )φ(g2 ).

The kernel of this homomorphism is H. The following theorems describe the
relationships among group homomorphisms, normal subgroups, and factor
groups.

Theorem 11.3 (First Isomorphism Theorem) If ψ : G → H is a group
homomorphism with K = ker ψ, then K is normal in G. Let φ : G → G/K
be the canonical homomorphism. Then there exists a unique isomorphism
η : G/K → ψ(G) such that ψ = ηφ.
11.2   THE ISOMORPHISM THEOREMS                                               173

Proof. We already know that K is normal in G. Define η : G/K → ψ(G)
by η(gK) = ψ(g). We first show that η is a well-defined map. If g1 K = g2 K,
then for some k ∈ K, g1 k = g2 ; consequently,

         η(g1 K) = ψ(g1 ) = ψ(g1 )ψ(k) = ψ(g1 k) = ψ(g2 ) = η(g2 K).

Thus, η does not depend on the choice of coset representatives and the map
η : G/K → ψ(G) is uniquely defined since ψ = ηφ. We must also show that
η is a homomorphism, but

                        η(g1 Kg2 K) = η(g1 g2 K)
                                      = ψ(g1 g2 )
                                      = ψ(g1 )ψ(g2 )
                                      = η(g1 K)η(g2 K).

Clearly, η is onto ψ(G). To show that η is one-to-one, suppose that η(g1 K) =
η(g2 K). Then ψ(g1 ) = ψ(g2 ). This implies that ψ(g1−1 g2 ) = e, or g1−1 g2 is in
the kernel of ψ; hence, g1−1 g2 K = K; that is, g1 K = g2 K.                    
   Mathematicians often use diagrams called commutative diagrams to
describe such theorems. The following diagram “commutes” since ψ = ηφ.

                                       ψ
                              G                     H

                                  φ           η

                                      G/K



Example 8. Let G be a cyclic group with generator g. Define a map
φ : Z → G by n 7→ g n . This map is a surjective homomorphism since

                   φ(m + n) = g m+n = g m g n = φ(m)φ(n).

Clearly φ is onto. If |g| = m, then g m = e. Hence, ker φ = mZ and
Z/ ker φ = Z/mZ ∼ = G. On the other hand, if the order of g is infinite, then
ker φ = 0 and φ is an isomorphism of G and Z. Hence, two cyclic groups are
isomorphic exactly when they have the same order. Up to isomorphism, the
only cyclic groups are Z and Zn .                                          
174                                     CHAPTER 11          HOMOMORPHISMS

Theorem 11.4 (Second Isomorphism Theorem) Let H be a subgroup
of a group G (not necessarily normal in G) and N a normal subgroup of G.
Then HN is a subgroup of G, H ∩ N is a normal subgroup of H, and

                             H/H ∩ N ∼
                                     = HN/N.

Proof. We will first show that HN = {hn : h ∈ H, n ∈ N } is a subgroup of
G. Suppose that h1 n1 , h2 n2 ∈ HN . Since N is normal, (h2 )−1 n1 h2 ∈ N . So

                    (h1 n1 )(h2 n2 ) = h1 h2 ((h2 )−1 n1 h2 )n2

is in HN . The inverse of hn ∈ HN is in HN since

                    (hn)−1 = n−1 h−1 = h−1 (hn−1 h−1 ).

    Next, we prove that H ∩ N is normal in H. Let h ∈ H and n ∈ H ∩ N .
Then h−1 nh ∈ H since each element is in H. Also, h−1 nh ∈ N since N is
normal in G; therefore, h−1 nh ∈ H ∩ N .
    Now define a map φ from H to HN/N by h 7→ hN . The map φ is onto,
since any coset hnN = hN is the image of h in H. We also know that φ is a
homomorphism because

                   φ(hh0 ) = hh0 N = hN h0 N = φ(h)φ(h0 ).

By the First Isomorphism Theorem, the image of φ is isomorphic to H/ ker φ;
that is,
                       HN/N = φ(H) ∼   = H/ ker φ.
Since
                    ker φ = {h ∈ H : h ∈ N } = H ∩ N,
HN/N = φ(H) ∼
            = H/H ∩ N .                                                     

Theorem 11.5 (Correspondence Theorem) Let N be a normal sub-
group of a group G. Then H 7→ H/N is a one-to-one correspondence
between the set of subgroups H containing N and the set of subgroups of
G/N . Furthermore, the normal subgroups of G containing N correspond to
normal subgroups of G/N .

Proof. Let H be a subgroup of G containing N . Since N is normal
in H, H/N makes sense. Let aN and bN be elements of H/N . Then
(aN )(b−1 N ) = ab−1 N ∈ H/N ; hence, H/N is a subgroup of G/N .
EXERCISES                                                              175

    Let S be a subgroup of G/N . This subgroup is a set of cosets of N . If
H = {g ∈ G : gN ∈ S}, then for h1 , h2 ∈ H, we have that (h1 N )(h2 N ) =
h1 h2 N ∈ S and h−1
                  1 N ∈ S. Therefore, H must be a subgroup of G. Clearly,
H contains N . Therefore, S = H/N . Consequently, the map H 7→ H/N is
onto.
    Suppose that H1 and H2 are subgroups of G containing N such that
H1 /N = H2 /N . If h1 ∈ H1 , then h1 N ∈ H1 /N . Hence, h1 N = h2 N ⊂ H2
for some h2 in H2 . However, since N is contained in H2 , we know that
h1 ∈ H2 or H1 ⊂ H2 . Similarly, H2 ⊂ H1 . Since H1 = H2 , the map
H 7→ H/N is one-to-one.
    Suppose that H is normal in G and N is a subgroup of H. Then it
is easy to verify that the map G/N → G/H defined by gN 7→ gH is a
homomorphism. The kernel of this homomorphism is H/N , which proves
that H/N is normal in G/N .
    Conversely, suppose that H/N is normal in G/N . The homomorphism
given by
                                         G/N
                            G → G/N →
                                         H/N
has kernel H. Hence, H must be normal in G.                              
   Notice that in the course of the proof of Theorem 11.5, we have also
proved the following theorem.

Theorem 11.6 (Third Isomorphism Theorem) Let G be a group and
N and H be normal subgroups of G with N ⊂ H. Then

                                    G/N
                              G/H ∼
                                  =     .
                                    H/N


Example 9. By the Third Isomorphism Theorem,

                     Z/mZ ∼
                          = (Z/mnZ)/(mZ/mnZ).

Since |Z/mnZ| = mn and |Z/mZ| = m, we have |mZ/mnZ| = n.                 


Exercises
  1. Prove that det(AB) = det(A) det(B) for A, B ∈ GL2 (R). This shows that
     the determinant is a homomorphism from GL2 (R) to R∗ .
176                                       CHAPTER 11            HOMOMORPHISMS

  2. Which of the following maps are homomorphisms? If the map is a homomor-
     phism, what is the kernel?
      (a) φ : R∗ → GL2 (R) defined by
                                                          
                                                     1   0
                                       φ(a) =
                                                     0   a

      (b) φ : R → GL2 (R) defined by
                                                        
                                                     1 0
                                       φ(a) =
                                                     a 1

      (c) φ : GL2 (R) → R defined by
                                                   
                                       a           b
                                  φ                     =a+d
                                       c           d

      (d) φ : GL2 (R) → R∗ defined by
                                               
                                      a        b
                                 φ                  = ad − bc
                                      c        d

      (e) φ : M2 (R) → R defined by
                                                    
                                               a    b
                                      φ                  = b,
                                               c    d

          where M2 (R) is the additive group of 2 × 2 matrices with entries in R.
  3. Let A be an m × n matrix. Show that matrix multiplication, x 7→ Ax, defines
     a homomorphism φ : Rn → Rm .
  4. Let φ : Z → Z be given by φ(n) = 7n. Prove that φ is a group homomorphism.
     Find the kernel and the image of φ.
  5. Describe all of the homomorphisms from Z24 to Z18 .
  6. Describe all of the homomorphisms from Z to Z12 .
  7. In the group Z24 , let H = h4i and N = h6i.
      (a) List the elements in HN (we usually write H + N for these additive
          groups) and H ∩ N .
      (b) List the cosets in HN/N , showing the elements in each coset.
      (c) List the cosets in H/(H ∩ N ), showing the elements in each coset.
      (d) Give the correspondence between HN/N and H/(H ∩ N ) described in
          the proof of the Second Isomorphism Theorem.
EXERCISES                                                                   177

  8. If G is an abelian group and n ∈ N, show that φ : G → G defined by g 7→ g n
     is a group homomorphism.
  9. If φ : G → H is a group homomorphism and G is abelian, prove that φ(G) is
     also abelian.
 10. If φ : G → H is a group homomorphism and G is cyclic, prove that φ(G) is
     also cyclic.
 11. Show that a homomorphism defined on a cyclic group is completely determined
     by its action on the generator of the group.
 12. Let G be a group of order p2 , where p is a prime number. If H is a subgroup
     of G of order p, show that H is normal in G. Prove that G must be abelian.
 13. If a group G has exactly one subgroup H of order k, prove that H is normal
     in G.
 14. Prove or disprove: Q/Z ∼
                            = Q.
 15. Let G be a finite group and N a normal subgroup of G. If H is a subgroup
     of G/N , prove that φ−1 (H) is a subgroup in G of order |H| · |N |, where
     φ : G → G/N is the canonical homomorphism.
 16. Let G1 and G2 be groups, and let H1 and H2 be normal subgroups of G1 and
     G2 respectively. Let φ : G1 → G2 be a homomorphism. Show that φ induces
     a natural homomorphism φ : (G1 /H1 ) → (G2 /H2 ) if φ(H1 ) ⊆ H2 .
 17. If H and K are normal subgroups of G and H ∩ K = {e}, prove that G is
     isomorphic to a subgroup of G/H × G/K.
 18. Let φ : G1 → G2 be a surjective group homomorphism. Let H1 be a normal
     subgroup of G1 and suppose that φ(H1 ) = H2 . Prove or disprove that
     G1 /H1 ∼= G2 /H2 .
 19. Let φ : G → H be a group homomorphism. Show that φ is one-to-one if and
     only if φ−1 (e) = {e}.
 20. Given a homomorphism φ : G → H define a relation ∼ on G by a ∼ b if
     φ(a) = φ(b) for a, b ∈ G. Show this relation is an equivalence relation and
     describe the equivalence classes.

Additional Exercises: Automorphisms
  1. Let Aut(G) be the set of all automorphisms of G; that is, isomorphisms from
     G to itself. Prove this set forms a group and is a subgroup of the group of
     permutations of G; that is, Aut(G) ≤ SG .
  2. An inner automorphism of G,

                                     ig : G → G,
178                                    CHAPTER 11         HOMOMORPHISMS

      is defined by the map
                                    ig (x) = gxg −1 ,
      for g ∈ G. Show that ig ∈ Aut(G).
   3. The set of all inner automorphisms is denoted by Inn(G). Show that Inn(G)
      is a subgroup of Aut(G).
   4. Find an automorphism of a group G that is not an inner automorphism.
   5. Let G be a group and ig be an inner automorphism of G, and define a map

                                     G → Aut(G)

      by
                                        g 7→ ig .
      Prove that this map is a homomorphism with image Inn(G) and kernel Z(G).
      Use this result to conclude that

                                  G/Z(G) ∼
                                         = Inn(G).

   6. Compute Aut(S3 ) and Inn(S3 ). Do the same thing for D4 .
   7. Find all of the homomorphisms φ : Z → Z. What is Aut(Z)?
   8. Find all of the automorphisms of Z8 . Prove that Aut(Z8 ) ∼
                                                                = U (8).
   9. For k ∈ Zn , define a map φk : Zn → Zn by a 7→ ka. Prove that φk is a
      homomorphism.
 10. Prove that φk is an isomorphism if and only if k is a generator of Zn .
 11. Show that every automorphism of Zn is of the form φk , where k is a generator
     of Zn .
 12. Prove that ψ : U (n) → Aut(Zn ) is an isomorphism, where ψ : k 7→ φk .

Sage Sage can create homomorphisms between groups, which can be used
directly as functions, and then queried for their kernels and images. So there
is great potential for exploring the many fundamental relationships between
groups, normal subgroups, quotient groups and properties of homomorphisms.
                                        12
              Matrix Groups and
                 Symmetry



When Felix Klein (1849–1925) accepted a chair at the University of Erlangen,
he outlined in his inaugural address a program to classify different geometries.
Central to Klein’s program was the theory of groups: he considered geometry
to be the study of properties that are left invariant under transformation
groups. Groups, especially matrix groups, have now become important in
the study of symmetry and have found applications in such disciplines as
chemistry and physics. In the first part of this chapter, we will examine some
of the classical matrix groups, such as the general linear group, the special
linear group, and the orthogonal group. We will then use these matrix groups
to investigate some of the ideas behind geometric symmetry.


12.1       Matrix Groups
Some Facts from Linear Algebra
Before we study matrix groups, we must recall some basic facts from linear
algebra. One of the most fundamental ideas of linear algebra is that of a linear
transformation. A linear transformation or linear map T : Rn → Rm
is a map that preserves vector addition and scalar multiplication; that is, for
vectors x and y in Rn and a scalar α ∈ R,

                             T (x + y) = T (x) + T (y)
                                T (αy) = αT (y).

An m × n matrix with entries in R represents a linear transformation from
Rn to Rm . If we write vectors x = (x1 , . . . , xn )t and y = (y1 , . . . , yn )t in Rn

                                          179
180                 CHAPTER 12             MATRIX GROUPS AND SYMMETRY

as column matrices, then an m × n matrix
                                                              
                            a11 a12 · · ·                  a1n
                           a21 a22 · · ·                  a2n 
                      A= .
                                                              
                                   ..  ..                   .. 
                           ..      .     .                  . 
                                    am1 am2 · · ·          amn

maps the vectors to Rm linearly by matrix multiplication. Observe that if α
is a real number,

              A(x + y) = Ax + Ay                 and       αAx = A(αx),

where                                          
                                             x1
                                            x2 
                                       x =  . .
                                            
                                            .. 
                                                 xn
We will often abbreviate the matrix A by writing (aij ).
   Conversely, if T : Rn → Rm is a linear map, we can associate a matrix A
with T by considering what T does to the vectors

                      e1 = (1, 0, . . . , 0)t
                      e2 = (0, 1, . . . , 0)t
                        ..
                         .
                     en = (0, 0, . . . , 1)t .

We can write any vector x = (x1 , . . . , xn )t as

                             x1 e1 + x2 e2 + · · · + xn en .

Consequently, if

                 T (e1 ) = (a11 , a21 , . . . , am1 )t ,
                 T (e2 ) = (a12 , a22 , . . . , am2 )t ,
                        ..
                         .
                 T (en ) = (a1n , a2n , . . . , amn )t ,
12.1   MATRIX GROUPS                                                      181

then

                T (x) = T (x1 e1 + x2 e2 + · · · + xn en )
                      = x1 T (e1 ) + x2 T (e2 ) + · · · + xn T (en )
                           n                    n
                                                         !t
                          X                     X
                      =        a1k xk , . . . ,   amk xk
                           k=1                 k=1
                      = Ax.


Example 1. If we let T : R2 → R2 be the map given by

                    T (x1 , x2 ) = (2x1 + 5x2 , −4x1 + 3x2 ),

the axioms that T must satisfy to be a linear transformation are easily
verified. The column vectors T e1 = (2, −4)t and T e2 = (5, 3)t tell us that T
is given by the matrix                    
                                      2 5
                              A=             .
                                     −4 3
                                                                            
   Since we are interested in groups of matrices, we need to know which
matrices have multiplicative inverses. Recall that an n × n matrix A is
invertible exactly when there exists another matrix A−1 such that AA−1 =
A−1 A = I, where                                
                                 1 0 ··· 0
                               0 1 · · · 0
                          I = . . .
                                                
                                .. ..   . . ... 
                                                 
                                       0 0 ···       1
is the n × n identity matrix. From linear algebra we know that A is invertible
if and only if the determinant of A is nonzero. Sometimes an invertible
matrix is said to be nonsingular .

Example 2. If A is the matrix
                                           
                                        2 1
                                              ,
                                        5 3

then the inverse of A is
                                                
                                  −1        3 −1
                              A        =           .
                                           −5 2
182                  CHAPTER 12       MATRIX GROUPS AND SYMMETRY

We are guaranteed that A−1 exists, since det(A) = 2 · 3 − 5 · 1 = 1 is nonzero.
                                                                            
    Some other facts about determinants will also prove useful in the course
of this chapter. Let A and B be n × n matrices. From linear algebra we have
the following properties of determinants.
      • The determinant is a homomorphism into the multiplicative group of
        real numbers; that is, det(AB) = (det A)(det B).
      • If A is an invertible matrix, then det(A−1 ) = 1/ det A.
      • If we define the transpose of a matrix A = (aij ) to be At = (aji ), then
        det(At ) = det A.
      • Let T be the linear transformation associated with an n × n matrix A.
        Then T multiplies volumes by a factor of | det A|. In the case of R2 ,
        this means that T multiplies areas by | det A|.
     Linear maps, matrices, and determinants are covered in any elementary
linear algebra text; however, if you have not had a course in linear algebra,
it is a straightforward process to verify these properties directly for 2 × 2
matrices, the case with which we are most concerned.

The General and Special Linear Groups
The set of all n × n invertible matrices forms a group called the general
linear group. We will denote this group by GLn (R). The general linear
group has several important subgroups. The multiplicative properties of
the determinant imply that the set of matrices with determinant one is a
subgroup of the general linear group. Stated another way, suppose that
det(A) = 1 and det(B) = 1. Then det(AB) = det(A) det(B) = 1 and
det(A−1 ) = 1/ det A = 1. This subgroup is called the special linear group
and is denoted by SLn (R).

Example 3. Given a 2 × 2 matrix
                                          
                                      a b
                                  A=         ,
                                       c d
the determinant of A is ad − bc. The group GL2 (R) consists of those matrices
in which ad − bc 6= 0. The inverse of A is
                                                
                           −1       1      d −b
                         A =                       .
                                 ad − bc −c a
12.1   MATRIX GROUPS                                                        183

If A is in SL2 (R), then                    
                                        d −b
                                A−1 =          .
                                        −c a
Geometrically, SL2 (R) is the group that preserves the areas of parallelograms.
Let                                       
                                       1 1
                                 A=
                                       0 1
be in SL2 (R). In Figure 12.1, the unit square corresponding to the vectors
x = (1, 0)t and y = (0, 1)t is taken by A to the parallelogram with sides
(1, 0)t and (1, 1)t ; that is, Ax = (1, 0)t and Ay = (1, 1)t . Notice that these
two parallelograms have the same area.                                        

                 y                                   y


                                                           (1, 1)
        (0, 1)



                       (1, 0)     x                        (1, 0)     x



                 Figure 12.1. SL2 (R) acting on the unit square


The Orthogonal Group O(n)
Another subgroup of GLn (R) is the orthogonal group. A matrix A is or-
thogonal if A−1 = At . The orthogonal group consists of the set of all
orthogonal matrices. We write O(n) for the n × n orthogonal group. We
leave as an exercise the proof that O(n) is a subgroup of GLn (R).

Example 4. The following matrices are orthogonal:
                                             √           √ 
                            √ 
                                        
                                       −1/√ 2    0√ 1/√2
   3/5 −4/5         √1/2 − 3/2 ,  1/ 6 −2/ 6 1/ 6 .
              ,                              √      √    √
   4/5 3/5            3/2   1/2
                                          1/ 3    1/ 3 1/ 3

                                                                              
184                 CHAPTER 12         MATRIX GROUPS AND SYMMETRY

   There is a more geometric way of viewing the group O(n). The orthogonal
matrices are exactly those matrices that preserve the length of vectors. We
can define the length of a vector using the Euclidean inner product, or
dot product, of two vectors. The Euclidean inner product of two vectors
x = (x1 , . . . , xn )t and y = (y1 , . . . , yn )t is
                                                     
                                                       y1
                                                     y2 
          hx, yi = xt y = (x1 , x2 , . . . , xn )  .  = x1 y1 + · · · + xn yn .
                                                     
                                                     .. 
                                                       yn

We define the length of a vector x = (x1 , . . . , xn )t to be
                           p          q
                    kxk = hx, xi = x21 + · · · + x2n .

Associated with the notion of the length of a vector is the idea of the distance
between two vectors. We define the distance between two vectors x and y
to be kx − yk. We leave as an exercise the proof of the following proposition
about the properties of Euclidean inner products.

Proposition 12.1 Let x, y, and w be vectors in Rn and α ∈ R. Then

   1. hx, yi = hy, xi.

   2. hx, y + wi = hx, yi + hx, wi.

   3. hαx, yi = hx, αyi = αhx, yi.

   4. hx, xi ≥ 0 with equality exactly when x = 0.

   5. If hx, yi = 0 for all x in Rn , then y = 0.

                                                     √
Example 5. The vector x = (3, 4)t has length             32 + 42 = 5. We can also
see that the orthogonal matrix
                                         
                                 3/5 −4/5
                           A=
                                 4/5 3/5

preserves the length of this vector. The vector Ax = (−7/5, 24/5)t also has
length 5.                                                                
12.1   MATRIX GROUPS                                                        185

   Since det(AAt ) = det(I) = 1 and det(A) = det(At ), the determinant of
any orthogonal matrix is either 1 or −1. Consider the column vectors
                                      
                                       a1j
                                      a2j 
                               aj =  . 
                                      
                                      .. 
                                        anj

of the orthogonal matrix A = (aij ). Since AAt = I, har , as i = δrs , where
                                   
                                      1 r=s
                           δrs =
                                      0 r 6= s
is the Kronecker delta. Accordingly, column vectors of an orthogonal matrix
all have length 1; and the Euclidean inner product of distinct column vectors is
zero. Any set of vectors satisfying these properties is called an orthonormal
set. Conversely, given an n×n matrix A whose columns form an orthonormal
set, A−1 = At .
     We say that a matrix A is distance-preserving , length-preserving ,
or inner product-preserving when kT x − T yk = kx − yk, kT xk = kxk, or
hT x, T yi = hx, yi, respectively. The following theorem, which characterizes
the orthogonal group, says that these notions are the same.

Theorem 12.2 Let A be an n × n matrix. The following statements are
equivalent.
  1. The columns of the matrix A form an orthonormal set.

  2. A−1 = At .

  3. For vectors x and y, hAx, Ayi = hx, yi.

  4. For vectors x and y, kAx − Ayk = kx − yk.

  5. For any vector x, kAxk = kxk.

Proof. We have already shown (1) and (2) to be equivalent.
  (2) ⇒ (3).

                            hAx, Ayi = (Ax)t Ay
                                       = xt At Ay
                                       = xt y
                                       = hx, yi.
186                 CHAPTER 12        MATRIX GROUPS AND SYMMETRY

      (3) ⇒ (2). Since

                                hx, xi = hAx, Axi
                                     = xt At Ax
                                     = hx, At Axi,

we know that hx, (At A − I)xi = 0 for all x. Therefore, At A − I = 0 or
A−1 = At .
    (3) ⇒ (4). If A is inner product-preserving, then A is distance-preserving,
since

                     kAx − Ayk2 = kA(x − y)k2
                                    = hA(x − y), A(x − y)i
                                    = hx − y, x − yi
                                    = kx − yk2 .

   (4) ⇒ (5). If A is distance-preserving, then A is length-preserving.
Letting y = 0, we have

                    kAxk = kAx − Ayk = kx − yk = kxk.

   (5) ⇒ (3). We use the following identity to show that length-preserving
implies inner product-preserving:
                                1
                                  kx + yk2 − kxk2 − kyk2 .
                                                        
                     hx, yi =
                                2
Observe that
                           1
                              kAx + Ayk2 − kAxk2 − kAyk2
                                                          
                hAx, Ayi =
                           2
                           1
                              kA(x + y)k2 − kAxk2 − kAyk2
                                                          
                         =
                           2
                           1
                              kx + yk2 − kxk2 − kyk2
                                                     
                         =
                           2
                         = hx, yi.

                                                                            

Example 6. Let us examine the orthogonal group on R2 a bit more closely.
An element T ∈ O(2) is determined by its action on e1 = (1, 0)t and
12.1   MATRIX GROUPS                                                                187

               y                                          y

                                       (sin θ, − cos θ)

                          (a, b)                                   (cos θ, sin θ)
                                                              θ
                                   x                                      x
                          (a, −b)



                        Figure 12.2. O(2) acting on R2


e2 = (0, 1)t . If T (e1 ) = (a, b)t , then a2 + b2 = 1 and T (e2 ) = (−b, a)t . Hence,
T can be represented by
                                                          
                                a −b           cos θ − sin θ
                         A=               =                    ,
                                b a            sin θ cos θ

where 0 ≤ θ < 2π. A matrix T in O(2) either reflects or rotates a vector
in R2 (Figure 12.2). A reflection about the horizontal axis is given by the
matrix                                 
                                  1 0
                                          ,
                                  0 −1
whereas a rotation by an angle θ in a counterclockwise direction must come
from a matrix of the form
                                           
                              cos θ sin θ
                                              .
                              sin θ − cos θ

A reflection about a line ` is simply a reflection about the horizontal axis
followed by a rotation. If det A = −1, then A gives a reflection.         
    Two of the other matrix or matrix-related groups that we will consider
are the special orthogonal group and the group of Euclidean motions. The
special orthogonal group, SO(n), is just the intersection of O(n) and
SLn (R); that is, those elements in O(n) with determinant one. The Eu-
clidean group, E(n), can be written as ordered pairs (A, x), where A is in
O(n) and x is in Rn . We define multiplication by

                          (A, x)(B, y) = (AB, Ay + x).
188                CHAPTER 12        MATRIX GROUPS AND SYMMETRY

The identity of the group is (I, 0); the inverse of (A, x) is (A−1 , −A−1 x). In
Exercise 6, you are asked to check that E(n) is indeed a group under this
operation.

               y                                     y
                                                                    x+y


                         x

                                x                                     x




                      Figure 12.3. Translations in R2



12.2      Symmetry
An isometry or rigid motion in Rn is a distance-preserving function f
from Rn to Rn . This means that f must satisfy

                          kf (x) − f (y)k = kx − yk

for all x, y ∈ Rn . It is not difficult to show that f must be a one-to-one map.
By Theorem 12.2, any element in O(n) is an isometry on Rn ; however, O(n)
does not include all possible isometries on Rn . Translation by a vector x,
Ty (x) = x + y is also an isometry (Figure 12.3); however, T cannot be in
O(n) since it is not a linear map.
    We are mostly interested in isometries in R2 . In fact, the only isome-
tries in R2 are rotations and reflections about the origin, translations, and
combinations of the two. For example, a glide reflection is a translation
followed by a reflection (Figure 12.4). In Rn all isometries are given in the
same manner. The proof is very easy to generalize.

Lemma 12.3 An isometry f that fixes the origin in R2 is a linear transfor-
mation. In particular, f is given by an element in O(2).
12.2    SYMMETRY                                                                          189

                 y                                          y




                            x

                                     x                                          x
                                                                              T (x)




                         Figure 12.4. Glide reflections


Proof. Let f be an isometry in R2 fixing the origin. We will first show that
f preserves inner products. Since f (0) = 0, kf (x)k = kxk; therefore,

       kxk2 − 2hf (x), f (y)i + kyk2 = kf (x)k2 − 2hf (x), f (y)i + kf (y)k2
                                         = hf (x) − f (y), f (x) − f (y)i
                                         = kf (x) − f (y)k2
                                         = kx − yk2
                                         = hx − y, x − yi
                                         = kxk2 − 2hx, yi + kyk2 .

Consequently,
                                hf (x), f (y)i = hx, yi.
Now let e1 and e2 be (1, 0)t and (0, 1)t , respectively. If

                            x = (x1 , x2 ) = x1 e1 + x2 e2 ,

then

   f (x) = hf (x), f (e1 )if (e1 ) + hf (x), f (e2 )if (e2 ) = x1 f (e1 ) + x2 f (e2 ).

The linearity of f easily follows.                                                         
   For any arbitrary isometry, f , Tx f will fix the origin for some vector
x in R2 ; hence, Tx f (y) = Ay for some matrix A ∈ O(2). Consequently,
190               CHAPTER 12        MATRIX GROUPS AND SYMMETRY

f (y) = Ay + x. Given the isometries

                              f (y) = Ay + x1
                              g(y) = By + x2 ,

their composition is

                f (g(y)) = f (By + x2 ) = ABy + Ax2 + x1 .

This last computation allows us to identify the group of isometries on R2
with E(2).

Theorem 12.4 The group of isometries on R2 is the Euclidean group, E(2).

    A symmetry group in Rn is a subgroup of the group of isometries on
Rn that fixes a set of points X ⊂ R2 . It is important to realize that the
symmetry group of X depends both on Rn and on X. For example, the
symmetry group of the origin in R1 is Z2 , but the symmetry group of the
origin in R2 is O(2).

Theorem 12.5 The only finite symmetry groups in R2 are Zn and Dn .

Proof. Any finite symmetry group G in R2 must be a finite subgroup of
O(2); otherwise, G would have an element in E(2) of the form (A, x), where
x 6= 0. Such an element must have infinite order.
    By Example 6, elements in O(2) are either rotations of the form
                                              
                                 cos θ − sin θ
                          Rθ =
                                 sin θ cos θ

or reflections of the form
                                                     
                    cos φ − sin φ   1 0    cos φ sin φ
            Tφ =                         =                  .
                    sin φ cos φ     0 −1    sin φ − cos φ

Notice that det(Rθ ) = 1, det(Tφ ) = −1, and Tφ2 = I. We can divide the
proof up into two cases. In the first case, all of the elements in G have
determinant one. In the second case, there exists at least one element in G
with determinant −1.
   Case 1. The determinant of every element in G is one. In this case every
element in G must be a rotation. Since G is finite, there is a smallest angle,
say θ0 , such that the corresponding element Rθ0 is the smallest rotation in
12.2   SYMMETRY                                                           191

the positive direction. We claim that Rθ0 generates G. If not, then for some
positive integer n there is an angle θ1 between nθ0 and (n + 1)θ0 . If so, then
(n + 1)θ0 − θ1 corresponds to a rotation smaller than θ0 , which contradicts
the minimality of θ0 .
    Case 2. The group G contains a reflection T . The kernel of the homo-
morphism φ : G → {−1, 1} given by A 7→ det(A) consists of elements whose
determinant is 1. Therefore, |G/ ker φ| = 2. We know that the kernel is cyclic
by the first case and is a subgroup of G of, say, order n. Hence, |G| = 2n.
The elements of G are

                       Rθ , . . . , Rθn−1 , T Rθ , . . . , T Rθn−1 .

These elements satisfy the relation

                                   T Rθ T = Rθ−1 .

Consequently, G must be isomorphic to Dn in this case.                      




                  Figure 12.5. A wallpaper pattern in R2


The Wallpaper Groups
Suppose that we wish to study wallpaper patterns in the plane or crystals in
three dimensions. Wallpaper patterns are simply repeating patterns in the
plane (Figure 12.5). The analogs of wallpaper patterns in R3 are crystals,
which we can think of as repeating patterns of molecules in three dimensions
(Figure 12.6). The mathematical equivalent of a wallpaper or crystal pattern
is called a lattice.
    Let us examine wallpaper patterns in the plane a little more closely.
Suppose that x and y are linearly independent vectors in R2 ; that is, one
192                CHAPTER 12        MATRIX GROUPS AND SYMMETRY




                   Figure 12.6. A crystal structure in R3


vector cannot be a scalar multiple of the other. A lattice of x and y is the
set of all linear combinations mx + ny, where m and n are integers. The
vectors x and y are said to be a basis for the lattice.



                           (−1, 1)                 (1, 1)



                                                      (2, 0)

                                 (−1, −1)




                        Figure 12.7. A lattice in R2

     Notice that a lattice can have several bases. For example, the vectors
(1, 1)t and (2, 0)t have the same lattice as the vectors (−1, 1)t and (−1, −1)t
(Figure 12.7). However, any lattice is completely determined by a basis.
Given two bases for the same lattice, say {x1 , x2 } and {y1 , y2 }, we can write

                              y1 = α1 x1 + α2 x2
                              y2 = β1 x1 + β2 x2 ,
12.2   SYMMETRY                                                            193

where α1 , α2 , β1 , and β2 are integers. The matrix corresponding to this
transformation is                          
                                     α1 α2
                               U=             .
                                      β1 β2
If we wish to give x1 and x2 in terms of y1 and y2 , we need only calculate
U −1 ; that is,                    
                             −1 y1        x1
                           U          =       .
                                  y2      x2
Since U has integer entries, U −1 must also have integer entries; hence the
determinants of both U and U −1 must be integers. Because U U −1 = I,

                     det(U U −1 ) = det(U ) det(U −1 ) = 1;

consequently, det(U ) = ±1. A matrix with determinant ±1 and integer
entries is called unimodular . For example, the matrix
                                      
                                   3 1
                                   5 2

is unimodular. It should be clear that there is a minimum length for vectors
in a lattice.
    We can classify lattices by studying their symmetry groups. The sym-
metry group of a lattice is the subgroup of E(2) that maps the lattice to
itself. We consider two lattices in R2 to be equivalent if they have the same
symmetry group. Similarly, classification of crystals in R3 is accomplished
by associating a symmetry group, called a space group, with each type of
crystal. Two lattices are considered different if their space groups are not the
same. The natural question that now arises is how many space groups exist.
    A space group is composed of two parts: a translation subgroup and
a point group. The translation subgroup is an infinite abelian subgroup
of the space group made up of the translational symmetries of the crystal;
the point group is a finite group consisting of rotations and reflections of
the crystal about a point. More specifically, a space group is a subgroup of
G ⊂ E(2) whose translations are a set of the form {(I, t) : t ∈ L}, where L
is a lattice. Space groups are, of course, infinite. Using geometric arguments,
we can prove the following theorem (see [5] or [6]).

Theorem 12.6 Every translation group in R2 is isomorphic to Z × Z.

   The point group of G is G0 = {A : (A, b) ∈ G for some b}. In particular,
G0 must be a subgroup of O(2). Suppose that x is a vector in a lattice
194                CHAPTER 12        MATRIX GROUPS AND SYMMETRY

                             Rectangular
         Square                                        Rhombic




            Parallelogram
                                           Hexagonal




                    Figure 12.8. Types of lattices in R2


L with space group G, translation group H, and point group G0 . For any
element (A, y) in G,

             (A, y)(I, x)(A, y)−1 = (A, Ax + y)(A−1 , −A−1 y)
                                   = (AA−1 , −AA−1 y + Ax + y)
                                   = (I, Ax);

hence, (I, Ax) is in the translation group of G. More specifically, Ax must
be in the lattice L. It is important to note that G0 is not usually a subgroup
of the space group G; however, if T is the translation subgroup of G, then
G/T ∼= G0 . The proof of the following theorem can be found in [2], [5], or [6].

Theorem 12.7 The point group in the wallpaper groups is isomorphic to
Zn or Dn , where n = 1, 2, 3, 4, 6.

    To answer the question of how the point groups and the translation
groups can be combined, we must look at the different types of lattices.
Lattices can be classified by the structure of a single lattice cell. The possible
cell shapes are parallelogram, rectangular, square, rhombic, and hexagonal
(Figure 12.8). The wallpaper groups can now be classified according to the
12.2   SYMMETRY                                                               195

types of reflections that occur in each group: these are ordinarily reflections,
glide reflections, both, or none.

                      Table 12.1. The 17 wallpaper groups
       Notation and                                   Reflections
       Space Groups     Point Group   Lattice Type    or Glide Reflections?
       p1               Z1            parallelogram   none
       p2               Z2            parallelogram   none
       p3               Z3            hexagonal       none
       p4               Z4            square          none
       p6               Z6            hexagonal       none
       pm               D1            rectangular     reflections
       pg               D1            rectangular     glide reflections
       cm               D1            rhombic         both
       pmm              D2            rectangular     reflections
       pmg              D2            rectangular     glide reflections
       pgg              D2            rectangular     both
       c2mm             D2            rhombic         both
       p3m1, p31m       D3            hexagonal       both
       p4m, p4g         D4            square          both
       p6m              D6            hexagonal       both




Theorem 12.8 There are exactly 17 wallpaper groups.




                  p4m                                     p4g


             Figure 12.9. The wallpaper groups p4m and p4g

   The 17 wallpaper groups are listed in Table 12.1. The groups p3m1 and
p31m can be distinguished by whether or not all of their threefold centers lie
196                 CHAPTER 12             MATRIX GROUPS AND SYMMETRY

on the reflection axes: those of p3m1 must, whereas those of p31m may not.
Similarly, the fourfold centers of p4m must lie on the reflection axes whereas
those of p4g need not (Figure 12.9). The complete proof of this theorem can
be found in several of the references at the end of this chapter, including [5],
[6], [10], and [11].

                                   Historical Note

Symmetry groups have intrigued mathematicians for a long time. Leonardo da Vinci
was probably the first person to know all of the point groups. At the International
Congress of Mathematicians in 1900, David Hilbert gave a now-famous address
outlining 23 problems to guide mathematics in the twentieth century. Hilbert’s
eighteenth problem asked whether or not crystallographic groups in n dimensions
were always finite. In 1910, L. Bieberbach proved that crystallographic groups
are finite in every dimension. Finding out how many of these groups there are in
each dimension is another matter. In R3 there are 230 different space groups; in
R4 there are 4783. No one has been able to compute the number of space groups
for R5 and beyond. It is interesting to note that the crystallographic groups were
found mathematically for R3 before the 230 different types of crystals were actually
discovered in nature.


Exercises
   1. Prove the identity
                                        1
                                          kx + yk2 − kxk2 − kyk2 .
                                                                
                             hx, yi =
                                        2

   2. Show that O(n) is a group.
   3. Prove that the following matrices are orthogonal. Are any of these matrices
      in SO(n)?

       (a)                                         (c)
                        √         √                        √               √ 
                  
                      1/√2     −1/√ 2                      4/ √5       0   3/√5
                                                          −3/ 5       0   4/ 5
                      1/ 2      1/ 2
                                                             0        −1     0
                                                   (d)
       (b)                                                                     
                       √         √                        1/3      2/3   −2/3
                      1/ √5     2/√5                       −2/3     2/3    1/3 
                      −2/ 5     1/ 5                        −2/3     1/3    2/3
EXERCISES                                                                         197

  4. Determine the symmetry group of each of the figures in Figure 12.10.




               (a)
                                                                    (c)



                                          (b)


                                 Figure 12.10.

  5. Let x, y, and w be vectors in Rn and α ∈ R. Prove each of the following
     properties of inner products.
      (a) hx, yi = hy, xi.
      (b) hx, y + wi = hx, yi + hx, wi.
      (c) hαx, yi = hx, αyi = αhx, yi.
      (d) hx, xi ≥ 0 with equality exactly when x = 0.
      (e) If hx, yi = 0 for all x in Rn , then y = 0.
  6. Verify that
                        E(n) = {(A, x) : A ∈ O(n) and x ∈ Rn }
     is a group.
  7. Prove that {(2, 1), (1, 1)} and {(12, 5), (7, 3)} are bases for the same lattice.
  8. Let G be a subgroup of E(2) and suppose that T is the translation subgroup
     of G. Prove that the point group of G is isomorphic to G/T .
  9. Let A ∈ SL2 (R) and suppose that the vectors x and y form two sides of a
     parallelogram in R2 . Prove that the area of this parallelogram is the same as
     the area of the parallelogram with sides Ax and Ay.
 10. Prove that SO(n) is a normal subgroup of O(n).
 11. Show that any isometry f in Rn is a one-to-one map.
                                                              6 0, has infinite
 12. Show that an element in E(2) of the form (A, x), where x =
     order.
 13. Prove or disprove: There exists an infinite abelian subgroup of O(n).
198                 CHAPTER 12          MATRIX GROUPS AND SYMMETRY

 14. Let x = (x1 , x2 ) be a point on the unit circle in R2 ; that is, x21 + x22 = 1. If
     A ∈ O(2), show that Ax is also a point on the unit circle.
 15. Let G be a group with a subgroup H (not necessarily normal) and a normal
     subgroup N . Then G is a semidirect product of N by H if
         • H ∩ N = {id};
         • HN = G.
      Show that each of the following is true.
       (a) S3 is the semidirect product of A3 by H = {(1), (12)}.
       (b) The quaternion group, Q8 , cannot be written as a semidirect product.
       (c) E(2) is the semidirect product of O(2) by H, where H consists of all
           translations in R2 .
 16. Determine which of the 17 wallpaper groups preserves the symmetry of the
     pattern in Figure 12.5.




                                 Figure 12.11.

 17. Determine which of the 17 wallpaper groups preserves the symmetry of the
     pattern in Figure 12.11.
 18. Find the rotation group of a dodecahedron.
 19. For each of the 17 wallpaper groups, draw a wallpaper pattern having that
     group as a symmetry group.

References and Suggested Readings
 [1] Coxeter, H. M. and Moser, W. O. J. Generators and Relations for Discrete
     Groups, 3rd ed. Springer-Verlag, New York, 1972.
 [2] Grove, L. C. and Benson, C. T. Finite Reflection Groups. 2nd ed. Springer-
     Verlag, New York, 1985.
EXERCISES                                                                   199

 [3] Hiller, H. “Crystallography and Cohomology of Groups,” American Mathe-
     matical Monthly 93 (1986), 765–79.
 [4] Lockwood, E. H. and Macmillan, R. H. Geometric Symmetry. Cambridge
     University Press, Cambridge, 1978.
 [5] Mackiw, G. Applications of Abstract Algebra. Wiley, New York, 1985.
 [6] Martin, G. Transformation Groups: An Introduction to Symmetry. Springer-
     Verlag, New York, 1982.
 [7] Milnor, J. “Hilbert’s Problem 18: On Crystallographic Groups, Fundamental
     Domains, and Sphere Packing,” Proceedings of Symposia in Pure Mathematics
     18, American Mathematical Society, 1976.
 [8] Phillips, F. C. An Introduction to Crystallography. 4th ed. Wiley, New York,
     1971.
 [9] Rose, B. I. and Stafford, R. D. “An Elementary Course in Mathematical
     Symmetry,” American Mathematical Monthly 88 (1980), 54–64.
[10] Schattschneider, D. “The Plane Symmetry Groups: Their Recognition and
     Their Notation,” American Mathematical Monthly 85 (1978), 439–50.
[11] Schwarzenberger, R. L. “The 17 Plane Symmetry Groups,” Mathematical
     Gazette 58 (1974), 123–31.
[12] Weyl, H. Symmetry. Princeton University Press, Princeton, NJ, 1952.
                                     13
      The Structure of Groups



The ultimate goal of group theory is to classify all groups up to isomorphism;
that is, given a particular group, we should be able to match it up with a
known group via an isomorphism. For example, we have already proved that
any finite cyclic group of order n is isomorphic to Zn ; hence, we “know” all
finite cyclic groups. It is probably not reasonable to expect that we will ever
know all groups; however, we can often classify certain types of groups or
distinguish between groups in special cases.
     In this chapter we will characterize all finite abelian groups. We shall also
investigate groups with sequences of subgroups. If a group has a sequence of
subgroups, say

                  G = Hn ⊃ Hn−1 ⊃ · · · ⊃ H1 ⊃ H0 = {e},

where each subgroup Hi is normal in Hi+1 and each of the factor groups
Hi+1 /Hi is abelian, then G is a solvable group. In addition to allowing us to
distinguish between certain classes of groups, solvable groups turn out to be
central to the study of solutions to polynomial equations.


13.1      Finite Abelian Groups
In our investigation of cyclic groups we found that every group of prime order
was isomorphic to Zp , where p was a prime number. We also determined
that Zmn ∼= Zm × Zn when gcd(m, n) = 1. In fact, much more is true. Every
finite abelian group is isomorphic to a direct product of cyclic groups of
prime power order; that is, every finite abelian group is isomorphic to a
group of the type
                               Zpα1 × · · · × Zpαnn .
                                 1




                                       200
13.1   FINITE ABELIAN GROUPS                                                    201

    First, let us examine a slight generalization of finite abelian groups.
Suppose that G is a group and let {gi } be a set of elements in G, where i
is in some index set I (not necessarily finite). The smallest subgroup of G
containing all of the gi ’s is the subgroup of G generated by the gi ’s. If this
subgroup of G is in fact all of G, then G is generated by the set {gi : i ∈ I}.
In this case the gi ’s are said to be the generators of G. If there is a finite
set {gi : i ∈ I} that generates G, then G is finitely generated .

Example 1. Obviously, all finite groups are finitely generated. For example,
the group S3 is generated by the permutations (12) and (123). The group
Z × Zn is an infinite group but is finitely generated by {(1, 0), (0, 1)}. 

Example 2. Not all groups are finitely generated. Consider the rational
numbers Q under the operation of addition. Suppose that Q is finitely
generated with generators p1 /q1 , . . . , pn /qn , where each pi /qi is a fraction
expressed in its lowest terms. Let p be some prime that does not divide
any of the denominators q1 , . . . , qn . We claim that 1/p cannot be in the
subgroup of Q that is generated by p1 /q1 , . . . , pn /qn , since p does not divide
the denominator of any element in this subgroup. This fact is easy to see
since the sum of any two generators is

                      pi /qi + pj /qj = (pi qj + pj qi )/(qi qj ).

                                                                                 

Theorem 13.1 Let H be the subgroup of a group G that is generated by
{gi ∈ G : i ∈ I}. Then h ∈ H exactly when it is a product of the form

                                  h = giα11 · · · giαnn ,

where the gik s are not necessarily distinct.

    The reason that powers of a fixed gi may occur several times in the
product is that we may have a nonabelian group. However, if the group is
abelian, then the gi s need occur only once. For example, a product such as
a−3 b5 a7 could always be simplified (in this case, to a4 b5 ).
Proof. Let K be the set of all products of the form giα11 · · · giαnn , where the
gik s are not necessarily distinct. Certainly K is a subset of H. We need only
show that K is a subgroup of G. If this is the case, then K = H, since H is
the smallest subgroup containing all the gi s.
202                         CHAPTER 13               THE STRUCTURE OF GROUPS

   Clearly, the set K is closed under the group operation. Since gi0 = 1,
the identity is in K. It remains to show that the inverse of an element
g = gik11 · · · giknn in K must also be in K. However,

                     g −1 = (gik11 · · · giknn )−1 = (gi−k
                                                        n
                                                           n
                                                             · · · gi−k
                                                                     1
                                                                        1
                                                                          ).

                                                                                    
    Now let us restrict our attention to finite abelian groups. We can express
any finite abelian group as a finite direct product of cyclic groups. More
specifically, letting p be prime, we define a group G to be a p-group if every
element in G has as its order a power of p. For example, both Z2 × Z2 and
Z4 are 2-groups, whereas Z27 is a 3-group. We shall prove that every finite
abelian group is isomorphic to a direct product of cyclic p-groups. Before we
state the main theorem concerning finite abelian groups, we shall consider a
special case.

Theorem 13.2 Every finite abelian group G is the internal direct product
of p-groups.

Proof. If |G| = 1, then the theorem is trivial. Suppose that the order of G
is greater than 1, say
                             |G| = pα1 1 · · · pαnn ,
where p1 , . . . , pn are all prime, and define Gi to be the set of elements in G of
order pki for some integer k. Since G is an abelian group, we are guaranteed
that Gi is a subgroup of G for i = 1, . . . , n. We must show that

                                    G = G1 G 2 · · · G n .

That is, we must be able to write every g ∈ G as a unique product gp1 · · · gpn
where gpi is of the order of some power of pi . Since the order of g divides
the order of G, we know that

                                   |g| = pβ1 1 pβ2 2 · · · pβnn

for integers β1 , . . . , βn . Letting ai = |g|/pβi i , the ai ’s are relatively prime;
hence, there exist integers b1 , . . . , bn such that a1 b1 + · · · + an bn = 1. Conse-
quently,
                           g = g a1 b1 +···+an bn = g a1 b1 · · · g an bn .
Since                                      βi
                                 g (ai bi )pi = g bi |g| = e,
13.1   FINITE ABELIAN GROUPS                                                   203

it follows that g ai bi must be in Gi . Let gi = g ai bi . Then g = g1 · · · gn and
Gi ∩ Gj = {e} for i 6= j.
    To show uniqueness, suppose that g = g1 · · · gn = h1 · · · hn , with hi ∈ Gi .
Then
                e = (g1 · · · gn )(h1 · · · hn )−1 = g1 h−1          −1
                                                         1 · · · gn hn .

The order of gi h−1                                           −1          −1
                 i is a power of pi ; hence, the order of g1 h1 · · · gn hn is the
                                                 −1
least common multiple of the orders of the gi hi . This must be 1, since the
order of the identity is 1. Therefore, |gi h−1
                                            i | = 1 or gi = hi for i = 1, . . . , n.
                                                                                 
    We shall now state the Fundamental Theorem of Finite Abelian Groups.

Theorem 13.3 (Fundamental Theorem of Finite Abelian Groups)
Every finite abelian group G is isomorphic to a direct product of cyclic groups
of the form
                           Zpα1 × Zpα2 × · · · × Zpαnn
                              1       2

where the pi ’s are primes (not necessarily distinct).


Example 3. Suppose that we wish to classify all abelian groups of order
540 = 22 · 33 · 5. The Fundamental Theorem of Finite Abelian Groups tells
us that we have the following six possibilities.

   • Z2 × Z2 × Z3 × Z3 × Z3 × Z5 ;

   • Z2 × Z2 × Z3 × Z9 × Z5 ;

   • Z2 × Z2 × Z27 × Z5 ;

   • Z4 × Z3 × Z3 × Z3 × Z5 ;

   • Z4 × Z3 × Z9 × Z5 ;

   • Z4 × Z27 × Z5 .

                                                                                 
    The proof of the Fundamental Theorem relies on the following lemma.

Lemma 13.4 Let G be a finite abelian p-group and suppose that g ∈ G has
maximal order. Then G is isomorphic to hgi × H for some subgroup H of G.
204                     CHAPTER 13               THE STRUCTURE OF GROUPS

Proof. Suppose that the order of G is pn . We shall induct on n. If n = 1,
then G is cyclic of order p and must be generated by g. Suppose now that
the statement of the lemma holds for all integers k with 1 ≤ k < n and
                                                         m
let g be of maximal order in G, say |g| = pm . Then ap = e for all a ∈ G.
Now choose h in G such that h ∈    / hgi, where h has the smallest possible
order. Certainly such an h exists; otherwise, G = hgi and we are done. Let
H = hhi.
    We claim that hgi ∩ H = {e}. It suffices to show that |H| = p. Since
|h | = |h|/p, the order of hp is smaller than the order of h and must be in
  p

hgi by the minimality of h; that is, hp = g r for some number r. Hence,
                                m−1          m−1          m
                      (g r )p         = (hp )p     = hp = e,

and the order of g r must be less than or equal to pm−1 . Therefore, g r cannot
generate hgi. Notice that p must occur as a factor of r, say r = ps, and
hp = g r = g ps . Define a to be g −s h. Then a cannot be in hgi; otherwise, h
would also have to be in hgi. Also,

                     ap = g −sp hp = g −r hp = h−p hp = e.

We have now formed an element a with order p such that a ∈    / hgi. Since h
was chosen to have the smallest order of all of the elements that are not in
hgi, |H| = p.
    Now we will show that the order of gH in the factor group G/H must
be the same as the order of g in G. If |gH| < |g| = pm , then
                                           m−1          m−1
                          H = (gH)p              = gp         H;
         m−1
hence, g p    must be in hgi ∩ H = {e}, which contradicts the fact that the
order of g is pm . Therefore, gH must have maximal order in G/H. By the
Correspondence Theorem and our induction hypothesis,

                                G/H ∼
                                    = hgHi × K/H

for some subgroup K of G containing H. We claim that hgi ∩ K = {e}. If
b ∈ hgi ∩ K, then bH ∈ hgHi ∩ K/H = {H} and b ∈ hgi ∩ H = {e}. It
follows that G = hgiK implies that G ∼
                                     = hgi × K.                     
    The proof of the Fundamental Theorem of Finite Abelian Groups follows
very quickly from Lemma 13.4. Suppose that G is a finite abelian group and
let g be an element of maximal order in G. If hgi = G, then we are done;
otherwise, G ∼= Z|g| × H for some subgroup H contained in G by the lemma.
Since |H| < |G|, we can apply mathematical induction.
13.2    SOLVABLE GROUPS                                                      205

   We now state the more general theorem for all finitely generated abelian
groups. The proof of this theorem can be found in any of the references at
the end of this chapter.

Theorem 13.5 (The Fundamental Theorem of Finitely Generated
Abelian Groups) Every finitely generated abelian group G is isomorphic to
a direct product of cyclic groups of the form

                    Zpα1 × Zpα2 × · · · × Zpαnn × Z × · · · × Z,
                      1       2

where the pi ’s are primes (not necessarily distinct).


13.2       Solvable Groups
A subnormal series of a group G is a finite sequence of subgroups

                   G = Hn ⊃ Hn−1 ⊃ · · · ⊃ H1 ⊃ H0 = {e},

where Hi is a normal subgroup of Hi+1 . If each subgroup Hi is normal in G,
then the series is called a normal series. The length of a subnormal or
normal series is the number of proper inclusions.

Example 4. Any series of subgroups of an abelian group is a normal series.
Consider the following series of groups:

                          Z ⊃ 9Z ⊃ 45Z ⊃ 180Z ⊃ {0},
                          Z24 ⊃ h2i ⊃ h6i ⊃ h12i ⊃ {0}.

                                                                              

Example 5. A subnormal series need not be a normal series. Consider the
following subnormal series of the group D4 :

       D4 ⊃ {(1), (12)(34), (13)(24), (14)(23)} ⊃ {(1), (12)(34)} ⊃ {(1)}.

The subgroup {(1), (12)(34)} is not normal in D4 ; consequently, this series is
not a normal series.                                                         
   A subnormal (normal) series {Kj } is a refinement of a subnormal
(normal) series {Hi } if {Hi } ⊂ {Kj }. That is, each Hi is one of the Kj .

Example 6. The series

                   Z ⊃ 3Z ⊃ 9Z ⊃ 45Z ⊃ 90Z ⊃ 180Z ⊃ {0}
206                      CHAPTER 13        THE STRUCTURE OF GROUPS

is a refinement of the series

                        Z ⊃ 9Z ⊃ 45Z ⊃ 180Z ⊃ {0}.

                                                                               
   The correct way to study a subnormal or normal series of subgroups,
{Hi } of G, is actually to study the factor groups Hi+1 /Hi . We say that two
subnormal (normal) series {Hi } and {Kj } of a group G are isomorphic if
there is a one-to-one correspondence between the collections of factor groups
{Hi+1 /Hi } and {Kj+1 /Kj }.

Example 7. The two normal series

                            Z60 ⊃ h3i ⊃ h15i ⊃ {0}
                            Z60 ⊃ h4i ⊃ h20i ⊃ {0}

of the group Z60 are isomorphic since

                           Z60 /h3i ∼
                                    = h20i/{0} ∼
                                               = Z3
                           h3i/h15i = h4i/h20i ∼
                                    ∼          = Z5
                          h15i/{0} ∼
                                   = Z60 /h4i ∼
                                              = Z4 .

                                                                               
    A subnormal series {Hi } of a group G is a composition series if all
the factor groups are simple; that is, if none of the factor groups of the series
contains a normal subgroup. A normal series {Hi } of G is a principal
series if all the factor groups are simple.

Example 8. The group Z60 has a composition series

                        Z60 ⊃ h3i ⊃ h15i ⊃ h30i ⊃ {0}

with factor groups

                                  Z60 /h3i ∼
                                           = Z3
                                 h3i/h15i =∼ Z5
                                h15i/h30i ∼
                                          = Z2
                                 h30i/{0} ∼
                                          = Z2 .
13.2   SOLVABLE GROUPS                                                     207

Since Z60 is an abelian group, this series is automatically a principal series.
Notice that a composition series need not be unique. The series

                        Z60 ⊃ h2i ⊃ h4i ⊃ h20i ⊃ {0}

is also a composition series.                                                

Example 9. For n ≥ 5, the series

                                Sn ⊃ An ⊃ {(1)}

is a composition series for Sn since Sn /An ∼
                                            = Z2 and An is simple.           

Example 10. Not every group has a composition series or a principal series.
Suppose that

                  {0} = H0 ⊂ H1 ⊂ · · · ⊂ Hn−1 ⊂ Hn = Z

is a subnormal series for the integers under addition. Then H1 must be of
the form kZ for some k ∈ N. In this case H1 /H0 ∼ = kZ is an infinite cyclic
group with many nontrivial proper normal subgroups.                       
    Although composition series need not be unique as in the case of Z60 , it
turns out that any two composition series are related. The factor groups of
the two composition series for Z60 are Z2 , Z2 , Z3 , and Z5 ; that is, the two
composition series are isomorphic. The Jordan-Hölder Theorem says that
this is always the case.

Theorem 13.6 (Jordan-Hölder) Any two composition series of G are
isomorphic.

Proof. We shall employ mathematical induction on the length of the
composition series. If the length of a composition series is 1, then G must
be a simple group. In this case any two composition series are isomorphic.
    Suppose now that the theorem is true for all groups having a composition
series of length k, where 1 ≤ k < n. Let

                  G = Hn ⊃ Hn−1 ⊃ · · · ⊃ H1 ⊃ H0 = {e}
                 G = Km ⊃ Km−1 ⊃ · · · ⊃ K1 ⊃ K0 = {e}
208                     CHAPTER 13       THE STRUCTURE OF GROUPS

be two composition series for G. We can form two new subnormal series for
G since Hi ∩ Km−1 is normal in Hi+1 ∩ Km−1 and Kj ∩ Hn−1 is normal in
Kj+1 ∩ Hn−1 :

       G = Hn ⊃ Hn−1 ⊃ Hn−1 ∩ Km−1 ⊃ · · · ⊃ H0 ∩ Km−1 = {e}
       G = Km ⊃ Km−1 ⊃ Km−1 ∩ Hn−1 ⊃ · · · ⊃ K0 ∩ Hn−1 = {e}.

Since Hi ∩Km−1 is normal in Hi+1 ∩Km−1 , the Second Isomorphism Theorem
(Theorem 11.4) implies that

  (Hi+1 ∩ Km−1 )/(Hi ∩ Km−1 ) = (Hi+1 ∩ Km−1 )/(Hi ∩ (Hi+1 ∩ Km−1 ))
                              ∼
                              = Hi (Hi+1 ∩ Km−1 )/Hi ,

where Hi is normal in Hi (Hi+1 ∩ Km−1 ). Since {Hi } is a composition
series, Hi+1 /Hi must be simple; consequently, Hi (Hi+1 ∩ Km−1 )/Hi is either
Hi+1 /Hi or Hi /Hi . That is, Hi (Hi+1 ∩ Km−1 ) must be either Hi or Hi+1 .
Removing any nonproper inclusions from the series

             Hn−1 ⊃ Hn−1 ∩ Km−1 ⊃ · · · ⊃ H0 ∩ Km−1 = {e},

we have a composition series for Hn−1 . Our induction hypothesis says that
this series must be equivalent to the composition series

                       Hn−1 ⊃ · · · ⊃ H1 ⊃ H0 = {e}.

Hence, the composition series

                 G = Hn ⊃ Hn−1 ⊃ · · · ⊃ H1 ⊃ H0 = {e}

and

       G = Hn ⊃ Hn−1 ⊃ Hn−1 ∩ Km−1 ⊃ · · · ⊃ H0 ∩ Km−1 = {e}

are equivalent. If Hn−1 = Km−1 , then the composition series {Hi } and {Kj }
are equivalent and we are done; otherwise, Hn−1 Km−1 is a normal subgroup
of G properly containing Hn−1 . In this case Hn−1 Km−1 = G and we can
apply the Second Isomorphism Theorem once again; that is,

         Km−1 /(Km−1 ∩ Hn−1 ) ∼
                              = (Hn−1 Km−1 )/Hn−1 = G/Hn−1 .

Therefore,

       G = Hn ⊃ Hn−1 ⊃ Hn−1 ∩ Km−1 ⊃ · · · ⊃ H0 ∩ Km−1 = {e}
EXERCISES                                                                      209

and

        G = Km ⊃ Km−1 ⊃ Km−1 ∩ Hn−1 ⊃ · · · ⊃ K0 ∩ Hn−1 = {e}

are equivalent and the proof of the theorem is complete.                         
    A group G is solvable if it has a subnormal series {Hi } such that all of the
factor groups Hi+1 /Hi are abelian. Solvable groups will play a fundamental
role when we study Galois theory and the solution of polynomial equations.

Example 11. The group S4 is solvable since

            S4 ⊃ A4 ⊃ {(1), (12)(34), (13)(24), (14)(23)} ⊃ {(1)}

has abelian factor groups; however, for n ≥ 5 the series

                                Sn ⊃ An ⊃ {(1)}

is a composition series for Sn with a nonabelian factor group. Therefore, Sn
is not a solvable group for n ≥ 5.                                         


Exercises
   1. Find all of the abelian groups of order less than or equal to 40 up to isomor-
      phism.
   2. Find all of the abelian groups of order 200 up to isomorphism.
   3. Find all of the abelian groups of order 720 up to isomorphism.
   4. Find all of the composition series for each of the following groups.

       (a) Z12                                 (e) S3 × Z4
       (b) Z48                                 (f) S4
       (c) The quaternions, Q8                 (g) Sn , n ≥ 5
       (d) D4                                  (h) Q

   5. Show that the infinite direct product G = Z2 × Z2 × · · · is not finitely
      generated.
   6. Let G be an abelian group of order m. If n divides m, prove that G has a
      subgroup of order n.
   7. A group G is a torsion group if every element of G has finite order. Prove
      that a finitely generated abelian torsion group must be finite.
210                      CHAPTER 13         THE STRUCTURE OF GROUPS

  8. Let G, H, and K be finitely generated abelian groups. Show that if G × H ∼
                                                                              =
     G × K, then H ∼  = K. Give a counterexample to show that this cannot be
     true in general.
  9. Let G and H be solvable groups. Show that G × H is also solvable.
 10. If G has a composition (principal) series and if N is a proper normal subgroup
     of G, show there exists a composition (principal) series containing N .
 11. Prove or disprove: Let N be a normal subgroup of G. If N and G/N have
     composition series, then G must also have a composition series.
 12. Let N be a normal subgroup of G. If N and G/N are solvable groups, show
     that G is also a solvable group.
 13. Prove that G is a solvable group if and only if G has a series of subgroups

                        G = Pn ⊃ Pn−1 ⊃ · · · ⊃ P1 ⊃ P0 = {e}

      where Pi is normal in Pi+1 and the order of Pi+1 /Pi is prime.
 14. Let G be a solvable group. Prove that any subgroup of G is also solvable.
 15. Let G be a solvable group and N a normal subgroup of G. Prove that G/N
     is solvable.
 16. Prove that Dn is solvable for all integers n.
 17. Suppose that G has a composition series. If N is a normal subgroup of G,
     show that N and G/N also have composition series.
 18. Let G be a cyclic p-group with subgroups H and K. Prove that either H is
     contained in K or K is contained in H.
 19. Suppose that G is a solvable group with order n ≥ 2. Show that G contains
     a normal nontrivial abelian subgroup.
 20. Recall that the commutator subgroup G0 of a group G is defined as the
     subgroup of G generated by elements of the form a−1 b−1 ab for a, b ∈ G.
     We can define a series of subgroups of G by G(0) = G, G(1) = G0 , and
     G(i+1) = (G(i) )0 .
       (a) Prove that G(i+1) is normal in (G(i) )0 . The series of subgroups

                                G(0) = G ⊃ G(1) ⊃ G(2) ⊃ · · ·

           is called the derived series of G.
       (b) Show that G is solvable if and only if G(n) = {e} for some integer n.
 21. Suppose that G is a solvable group with order n ≥ 2. Show that G contains
     a normal nontrivial abelian factor group.
EXERCISES                                                                        211

  22. Zassenhaus Lemma. Let H and K be subgroups of a group G. Suppose
      also that H ∗ and K ∗ are normal subgroups of H and K respectively. Then
        (a) H ∗ (H ∩ K ∗ ) is a normal subgroup of H ∗ (H ∩ K).
        (b) K ∗ (H ∗ ∩ K) is a normal subgroup of K ∗ (H ∩ K).

        (c)     H ∗ (H ∩ K)/H ∗ (H ∩ K ∗ ) ∼
                                           = K ∗ (H ∩ K)/K ∗ (H ∗ ∩ K)
                                           ∼ (H ∩ K)/(H ∗ ∩ K)(H ∩ K ∗ ).
                                           =

      [Hint: Use the diagram in Figure 13.1. The Zassenhaus Lemma is often
      referred to as the Butterfly Lemma because of this diagram.]

                  H                                               K


                                        H ∩K
                 H ∗ (H ∩ K)                             K ∗ (H ∩ K)


               H ∗ (H ∩ K ∗ )                            K ∗ (H ∗ ∩ K)




   H∗                                                                       K∗
                                (H ∗   ∩ K)(H ∩   K ∗)


               H∗ ∩ K                                         H ∩ K∗


                    Figure 13.1. The Zassenhaus Lemma

  23. Schreier’s Theorem. Use the Zassenhaus Lemma to prove that two sub-
      normal (normal) series of a group G have isomorphic refinements.
  24. Use Schreier’s Theorem to prove the Jordan-Hölder Theorem.

Programming Exercises
Write a program that will compute all possible abelian groups of order n. What is
the largest n for which your program will work?
212                     CHAPTER 13        THE STRUCTURE OF GROUPS

References and Suggested Readings
Each of the following references contains a proof of the Fundamental Theorem of
Finitely Generated Abelian Groups.
  [1] Hungerford, T. W. Algebra. Springer, New York, 1974. .
  [2] Lang, S. Algebra. 3rd ed. Springer, New York, 2002.
  [3] Rotman, J. J. An Introduction to the Theory of Groups. 4th ed. Springer,
      New York, 1995.
Sage Sage is able to create direct products of cyclic groups, though they
are realized as permutation groups. This is a situation that should improve.
However, with a classification of finite abelian groups, we can describe how
to construct in Sage every group of order less than 16.
                                     14
                   Group Actions



Group actions generalize group multiplication. If G is a group and X is an
arbitrary set, a group action of an element g ∈ G and x ∈ X is a product,
gx, living in X. Many problems in algebra may best be attacked via group
actions. For example, the proofs of the Sylow theorems and of Burnside’s
Counting Theorem are most easily understood when they are formulated in
terms of group actions.


14.1     Groups Acting on Sets
Let X be a set and G be a group. A (left) action of G on X is a map
G × X → X given by (g, x) 7→ gx, where

  1. ex = x for all x ∈ X;

  2. (g1 g2 )x = g1 (g2 x) for all x ∈ X and all g1 , g2 ∈ G.

Under these considerations X is called a G-set. Notice that we are not
requiring X to be related to G in any way. It is true that every group G
acts on every set X by the trivial action (g, x) 7→ x; however, group actions
are more interesting if the set X is somehow related to the group G.

Example 1. Let G = GL2 (R) and X = R2 . Then G acts on X by left
multiplication. If v ∈ R2 and I is the identity matrix, then Iv = v. If
A and B are 2 × 2 invertible matrices, then (AB)v = A(Bv) since matrix
multiplication is associative.                                       

Example 2. Let G = D4 be the symmetry group of a square. If X =
{1, 2, 3, 4} is the set of vertices of the square, then we can consider D4 to


                                      213
214                                       CHAPTER 14        GROUP ACTIONS

consist of the following permutations:

        {(1), (13), (24), (1432), (1234), (12)(34), (14)(23), (13)(24)}.

The elements of D4 act on X as functions. The permutation (13)(24) acts
on vertex 1 by sending it to vertex 3, on vertex 2 by sending it to vertex 4,
and so on. It is easy to see that the axioms of a group action are satisfied.
                                                                           
   In general, if X is any set and G is a subgroup of SX , the group of all
permutations acting on X, then X is a G-set under the group action

                                 (σ, x) 7→ σ(x)

for σ ∈ G and x ∈ X.

Example 3. If we let X = G, then every group G acts on itself by the
left regular representation; that is, (g, x) 7→ λg (x) = gx, where λg is left
multiplication:

                             e · x = λe x = ex = x
               (gh) · x = λgh x = λg λh x = λg (hx) = g · (h · x).

If H is a subgroup of G, then G is an H-set under left multiplication by
elements of H.                                                        

Example 4. Let G be a group and suppose that X = G. If H is a subgroup
of G, then G is an H-set under conjugation; that is, we can define an
action of H on G,
                             H × G → G,
via
                                (h, g) 7→ hgh−1
for h ∈ H and g ∈ G. Clearly, the first axiom for a group action holds.
Observing that

                         (h1 h2 , g) = h1 h2 g(h1 h2 )−1
                                    = h1 (h2 gh−1  −1
                                               2 )h1
                                    = (h1 , (h2 , g)),

we see that the second condition is also satisfied.                        
14.1   GROUPS ACTING ON SETS                                                  215

Example 5. Let H be a subgroup of G and LH the set of left cosets of H.
The set LH is a G-set under the action

                                (g, xH) 7→ gxH.

Again, it is easy to see that the first axiom is true. Since (gg 0 )xH = g(g 0 xH),
the second axiom is also true.                                                   
    If G acts on a set X and x, y ∈ X, then x is said to be G-equivalent to
y if there exists a g ∈ G such that gx = y. We write x ∼G y or x ∼ y if two
elements are G-equivalent.

Proposition 14.1 Let X be a G-set. Then G-equivalence is an equivalence
relation on X.

Proof. The relation ∼ is reflexive since ex = x. Suppose that x ∼ y for
x, y ∈ X. Then there exists a g such that gx = y. In this case g −1 y = x;
hence, y ∼ x. To show that the relation is transitive, suppose that x ∼ y
and y ∼ z. Then there must exist group elements g and h such that gx = y
and hy = z. So z = hy = (hg)x, and x is equivalent to z.                
    If X is a G-set, then each partition of X associated with G-equivalence
is called an orbit of X under G. We will denote the orbit that contains an
element x of X by Ox .

Example 6. Let G be the permutation group defined by

              G = {(1), (123), (132), (45), (123)(45), (132)(45)}

and X = {1, 2, 3, 4, 5}. Then X is a G-set. The orbits are O1 = O2 = O3 =
{1, 2, 3} and O4 = O5 = {4, 5}.                                         
    Now suppose that G is a group acting on a set X and let g be an element
of G. The fixed point set of g in X, denoted by Xg , is the set of all x ∈ X
such that gx = x. We can also study the group elements g that fix a given
x ∈ X. This set is more than a subset of G, it is a subgroup. This subgroup
is called the stabilizer subgroup or isotropy subgroup of x. We will
denote the stabilizer subgroup of x by Gx .
Remark. It is important to remember that Xg ⊂ X and Gx ⊂ G.

Example 7. Let X = {1, 2, 3, 4, 5, 6} and suppose that G is the permutation
group given by the permutations

                    {(1), (12)(3456), (35)(46), (12)(3654)}.
216                                     CHAPTER 14        GROUP ACTIONS

Then the fixed point sets of X under the action of G are
                                   X(1) = X,
                              X(35)(46) = {1, 2},
                        X(12)(3456) = X(12)(3654) = ∅,
and the stabilizer subgroups are
                         G1 = G2 = {(1), (35)(46)},
                        G3 = G4 = G5 = G6 = {(1)}.
It is easily seen that Gx is a subgroup of G for each x ∈ X.                 

Proposition 14.2 Let G be a group acting on a set X and x ∈ X. The
stabilizer group, Gx , of x is a subgroup of G.

Proof. Clearly, e ∈ Gx since the identity fixes every element in the set X.
Let g, h ∈ Gx . Then gx = x and hx = x. So (gh)x = g(hx) = gx = x; hence,
the product of two elements in Gx is also in Gx . Finally, if g ∈ Gx , then
x = ex = (g −1 g)x = (g −1 )gx = g −1 x. So g −1 is in Gx .               
    We will denote the number of elements in the fixed point set of an element
g ∈ G by |Xg | and denote the number of elements in the orbit of x ∈ X by
|Ox |. The next theorem demonstrates the relationship between orbits of an
element x ∈ X and the left cosets of Gx in G.

Theorem 14.3 Let G be a finite group and X a finite G-set. If x ∈ X,
then |Ox | = [G : Gx ].

Proof. We know that |G|/|Gx | is the number of left cosets of Gx in G by
Lagrange’s Theorem (Theorem 6.5). We will define a bijective map φ between
the orbit Ox of X and the set of left cosets LGx of Gx in G. Let y ∈ Ox .
Then there exists a g in G such that gx = y. Define φ by φ(y) = gGx . First
we must show that this map is well-defined and does not depend on our
selection of g. Suppose that h is another element in G such that hx = y.
Then gx = hx or x = g −1 hx; hence, g −1 h is in the stabilizer subgroup of x.
Therefore, h ∈ gGx or gGx = hGx . Thus, y gets mapped to the same coset
regardless of the choice of the representative from that coset.
    To show that φ is one-to-one, assume that φ(x1 ) = φ(x2 ). Then there
exist g1 , g2 ∈ G such that x1 = g1 x and x2 = g2 x. Since there exists a g ∈ Gx
such that g2 = g1 g,
                        x2 = g2 x = g1 gx = g1 x = x1 ;
14.2   THE CLASS EQUATION                                                     217

consequently, the map φ is one-to-one. Finally, we must show that the map
φ is onto. Let gGx be a left coset. If gx = y, then φ(y) = gGx .        


14.2      The Class Equation
Let X be a finite G-set and XG be the set of fixed points in X; that is,

                    XG = {x ∈ X : gx = x for all g ∈ G}.

Since the orbits of the action partition X,
                                            n
                                            X
                            |X| = |XG | +         |Oxi |,
                                            i=k

where xk , . . . , xn are representatives from the distinct nontrivial orbits of X.
     Now consider the special case in which G acts on itself by conjugation,
(g, x) 7→ gxg −1 . The center of G,

                     Z(G) = {x : xg = gx for all g ∈ G},

is the set of points that are fixed by conjugation. The nontrivial orbits
of the action are called the conjugacy classes of G. If x1 , . . . , xk are
representatives from each of the nontrivial conjugacy classes of G and |Ox1 | =
n1 , . . . , |Oxk | = nk , then

                         |G| = |Z(G)| + n1 + · · · + nk .

The stabilizer subgroups of each of the xi ’s, C(xi ) = {g ∈ G : gxi = xi g},
are called the centralizer subgroups of the xi ’s. From Theorem 14.3, we
obtain the class equation:

                |G| = |Z(G)| + [G : C(x1 )] + · · · + [G : C(xk )].

One of the consequences of the class equation is that the order of each
conjugacy class must divide the order of G.

Example 8. It is easy to check that the conjugacy classes in S3 are the
following:
             {(1)}, {(123), (132)}, {(12), (13), (23)}.
The class equation is 6 = 1 + 2 + 3.                                            
218                                       CHAPTER 14        GROUP ACTIONS

Example 9. The center of D4 is {(1), (13)(24)}, and the conjugacy classes
are
        {(13), (24)}, {(1432), (1234)}, {(12)(34), (14)(23)}.
Thus, the class equation for D4 is 8 = 2 + 2 + 2 + 2.                          

Example 10. For Sn it takes a bit of work to find the conjugacy classes. We
begin with cycles. Suppose that σ = (a1 , . . . , ak ) is a cycle and let τ ∈ Sn .
By Theorem 6.10,
                       τ στ −1 = (τ (a1 ), . . . , τ (ak )).
Consequently, any two cycles of the same length are conjugate. Now let
σ = σ1 σ2 · · · σr be a cycle decomposition, where the length of each cycle σi
is ri . Then σ is conjugate to every other τ ∈ Sn whose cycle decomposition
has the same lengths.
    The number of conjugate classes in Sn is the number of ways in which
n can be partitioned into sums of positive integers. For example, we can
partition the integer 3 into the following three sums:

                                 3=1+1+1
                                 3=1+2
                                 3 = 3;

therefore, there are three conjugacy classes. The problem of finding the
number of such partitions for any positive integer n is what computer
scientists call NP-complete. This effectively means that the problem cannot
be solved for a large n because the computations would be too time-consuming
for even the largest computer.                                            

Theorem 14.4 Let G be a group of order pn where p is prime. Then G has
a nontrivial center.

Proof. We apply the class equation

                        |G| = |Z(G)| + n1 + · · · + nk .

Since each ni > 1 and ni | |G|, p must divide each ni . Also, p | |G|;
hence, p must divide |Z(G)|. Since the identity is always in the center of
G, |Z(G)| ≥ 1. Therefore, |Z(G)| ≥ p and there exists some g ∈ Z(G) such
that g 6= 1.                                                            
14.3   BURNSIDE’S COUNTING THEOREM                                          219

Corollary 14.5 Let G be a group of order p2 where p is prime. Then G is
abelian.

Proof. By Theorem 14.4, |Z(G)| = p or p2 . If |Z(G)| = p2 , then we
are done. Suppose that |Z(G)| = p. Then Z(G) and G/Z(G) both have
order p and must both be cyclic groups. Choosing a generator aZ(G) for
G/Z(G), we can write any element gZ(G) in the quotient group as am Z(G)
for some integer m; hence, g = am x for some x in the center of G. Similarly,
if hZ(G) ∈ G/Z(G), there exists a y in Z(G) such that h = an y for some
integer n. Since x and y are in the center of G, they commute with all other
elements of G; therefore,

                 gh = am xan y = am+n xy = an yam x = hg,

and G must be abelian.                                                       


14.3     Burnside’s Counting Theorem
Suppose that we are to color the vertices of a square with two different colors,
say black and white. We might suspect that there would be 24 = 16 different
colorings. However, some of these colorings are equivalent. If we color the
first vertex black and the remaining vertices white, it is the same as coloring
the second vertex black and the remaining ones white since we could obtain
the second coloring simply by rotating the square 90◦ (Figure 14.1).

                       B           W     W            B




                      W            W     W            W
                      W            W     W            W




                       B           W     W            B


                Figure 14.1. Equivalent colorings of square
220                                        CHAPTER 14          GROUP ACTIONS

    Burnside’s Counting Theorem offers a method of computing the number
of distinguishable ways in which something can be done. In addition to its
geometric applications, the theorem has interesting applications to areas in
switching theory and chemistry. The proof of Burnside’s Counting Theorem
depends on the following lemma.

Lemma 14.6 Let X be a G-set and suppose that x ∼ y. Then Gx is
isomorphic to Gy . In particular, |Gx | = |Gy |.

Proof. Let G act on X by (g, x) 7→ g · x. Since x ∼ y, there exists a g ∈ G
such that g · x = y. Let a ∈ Gx . Since

                  gag −1 · y = ga · g −1 y = ga · x = g · x = y,

we can define a map φ : Gx → Gy by φ(a) = gag −1 . The map φ is a
homomorphism since

                 φ(ab) = gabg −1 = gag −1 gbg −1 = φ(a)φ(b).

Suppose that φ(a) = φ(b). Then gag −1 = gbg −1 or a = b; hence, the map is
injective. To show that φ is onto, let b be in Gy ; then g −1 bg is in Gx since

               g −1 bg · x = g −1 b · gx = g −1 b · y = g −1 · y = x;

and φ(g −1 bg) = b.                                                           

Theorem 14.7 (Burnside) Let G be a finite group acting on a set X and
let k denote the number of orbits of X. Then
                                      1 X
                               k=         |Xg |.
                                     |G|
                                          g∈G

Proof. We look at all the fixed points x of all the elements in g ∈ G; that
is, we look at all g’s and all x’s such that gx = x. If viewed in terms of fixed
point sets, the number of all g’s fixing x’s is
                                     X
                                         |Xg |.
                                    g∈G

However, if viewed in terms of the stabilizer subgroups, this number is
                                 X
                                     |Gx |;
                                    x∈X
14.3     BURNSIDE’S COUNTING THEOREM                                      221

         P                 P
hence,     g∈G |Xg |   =       x∈X   |Gx |. By Lemma 14.6,
                                     X
                                          |Gy | = |Ox | · |Gx |.
                                 y∈Ox

By Theorem 14.3 and Lagrange’s Theorem, this expression is equal to |G|.
Summing over all of the k distinct orbits, we conclude that
                      X           X
                          |Xg | =     |Gx | = k · |G|.
                               g∈G           x∈X

                                                                            

Example 11. Let X = {1, 2, 3, 4, 5} and suppose that G is the permutation
group G = {(1), (13), (13)(25), (25)}. The orbits of X are {1, 3}, {2, 5}, and
{4}. The fixed point sets are

                                          X(1) = X
                                         X(13) = {2, 4, 5}
                                      X(13)(25) = {4}
                                         X(25) = {1, 3, 4}.

Burnside’s Theorem says that
                            1 X        1
                   k=           |Xg | = (5 + 3 + 1 + 3) = 3.
                           |G|         4
                                 g∈G

                                                                            


A Geometric Example
Before we apply Burnside’s Theorem to switching-theory problems, let us
examine the number of ways in which the vertices of a square can be colored
black or white. Notice that we can sometimes obtain equivalent colorings
by simply applying a rigid motion to the square. For instance, as we have
pointed out, if we color one of the vertices black and the remaining three
white, it does not matter which vertex was colored black since a rotation
will give an equivalent coloring.
    The symmetry group of a square, D4 , is given by the following permuta-
tions:
                      (1)      (13)     (24)     (1432)
                    (1234) (12)(34) (14)(23) (13)(24)
222                                       CHAPTER 14        GROUP ACTIONS

The group G acts on the set of vertices {1, 2, 3, 4} in the usual manner. We
can describe the different colorings by mappings from X into Y = {B, W }
where B and W represent the colors black and white, respectively. Each map
f : X → Y describes a way to color the corners of the square. Every σ ∈ D4
induces a permutation σ e of the possible colorings given by σe(f ) = f ◦ σ for
f : X → Y . For example, suppose that f is defined by
                                   f (1) = B
                                   f (2) = W
                                   f (3) = W
                                   f (4) = W
and σ = (12)(34). Then σ  e(f ) = f ◦ σ sends vertex 2 to B and the remaining
vertices to W . The set of all such σ e is a permutation group G e on the set
of possible colorings. Let X denote the set of all possible colorings; that is,
                             e
Xe is the set of all possible maps from X to Y . Now we must compute the
number of G-equivalence
             e              classes.
   1. X e(1) = Xe since the identity fixes every possible coloring. |X|  e =
       24 = 16.
   2. Xe(1234) consists of all f ∈ X
                                   e such that f is unchanged by the permuta-
      tion (1234). In this case f (1) = f (2) = f (3) = f (4), so that all values
      of f must be the same; that is, either f (x) = B or f (x) = W for every
      vertex x of the square. So |X  e(1234) | = 2.

   3. |X
       e(1432) | = 2.

                                                              e(13)(24) | = 22 = 4.
          e(13)(24) , f (1) = f (3) and f (2) = f (4). Thus, |X
   4. For X

   5. |X
       e(12)(34) | = 4.

   6. |X
       e(14)(23) | = 4.

   7. For X
          e(13) , f (1) = f (3) and the other corners can be of any color; hence,
      |X(13) | = 23 = 8.
       e

   8. |X
       e(24) | = 8.
By Burnside’s Theorem, we can conclude that there are exactly
                1 4
                  (2 + 21 + 22 + 21 + 22 + 22 + 23 + 23 ) = 6
                8
ways to color the vertices of the square.
14.3   BURNSIDE’S COUNTING THEOREM                                          223

Proposition 14.8 Let G be a permutation group of X and X     e the set of
functions from X to Y . Then there exists a permutation group G  e acting
on X, where σ
    e          e ∈ G is defined by σ
                     e             e(f ) = f ◦ σ for σ ∈ G and f ∈ X.   e
Furthermore, if n is the number of cycles in the cycle decomposition of σ,
      eσ | = |Y |n .
then |X

Proof. Let σ ∈ G and f ∈ X.e Clearly, f ◦ σ is also in X.
                                                       e Suppose that g is
another function from X to Y such that σ
                                       e(f ) = σe(g). Then for each x ∈ X,

                  f (σ(x)) = σ
                             e(f )(x) = σ
                                        e(g)(x) = g(σ(x)).

Since σ is a permutation of X, every element x0 in X is the image of some x
in X under σ; hence, f and g agree on all elements of X. Therefore, f = g
and σ e is injective. The map σ 7→ σ
                                   e is onto, since the two sets are the same
size.
    Suppose that σ is a permutation of X with cycle decomposition σ =
σ1 σ2 · · · σn . Any f in X
                          eσ must have the same value on each cycle of σ.
                                                                   eσ | = |Y |n .
Since there are n cycles and |Y | possible values for each cycle, |X
                                                                             

Example 12. Let X = {1, 2, . . . , 7} and suppose that Y = {A, B, C}. If g
is the permutation of X given by (13)(245) = (13)(245)(6)(7), then n = 4.
Any f ∈ Fg must have the same value on each cycle in g. There are |Y | = 3
such choices for any value, so |Fg | = 34 = 81.                         

Example 13. Suppose that we wish to color the vertices of a square using
four different colors. By Proposition 14.8, we can immediately decide that
there are
                1 4
                  (4 + 41 + 42 + 41 + 42 + 42 + 43 + 43 ) = 55
                8
possible ways.                                                          


Switching Functions
In switching theory we are concerned with the design of electronic circuits
with binary inputs and outputs. The simplest of these circuits is a switching
function that has n inputs and a single output (Figure 14.2). Large electronic
circuits can often be constructed by combining smaller modules of this kind.
The inherent problem here is that even for a simple circuit a large number
of different switching functions can be constructed. With only four inputs
224                                         CHAPTER 14                GROUP ACTIONS


                    x1
                    x2
                      ..          f              f (x1 , x2 , . . . , xn )
                       .
                    xn



             Figure 14.2. A switching function of n variables

and a single output, we can construct 65, 536 different switching functions.
However, we can often replace one switching function with another merely
by permuting the input leads to the circuit (Figure 14.3).

       a                                a
                f          f (a, b)                 f             f (b, a) = g(a, b)
       b                                b


            Figure 14.3. A switching function of two variables

     We define a switching or Boolean function of n variables to be a
function from Zn2 to Z2 . Since any switching function can have two possible
                                                                   n
values for each binary n-tuple and there are 2n binary n-tuples, 22 switching
functions are possible for n variables. In general, allowing permutations of
the inputs greatly reduces the number of different kinds of modules that are
needed to build a large circuit.
     The possible switching functions with two input variables a and b are
listed in Table 14.1. Two switching functions f and g are equivalent if g can
be obtained from f by a permutation of the input variables. For example,
g(a, b, c) = f (b, c, a). In this case g ∼ f via the permutation (acb). In the
case of switching functions of two variables, the permutation (ab) reduces 16
possible switching functions to 12 equivalent functions since
                                       f2 ∼ f4
                                       f3 ∼ f5
                                      f10 ∼ f12
                                      f11 ∼ f13 .
                                             3
    For three input variables there are 22 = 256 possible switching functions;
                                          4
in the case of four variables there are 22 = 65,536. The number of equivalence
14.3   BURNSIDE’S COUNTING THEOREM                                         225


             Table 14.1. Switching functions in two variables
               Inputs                    Outputs
                        f0   f1   f2    f3   f4  f5     f6    f7
               0   0    0    0    0      0   0   0      0     0
               0   1    0    0    0      0   1   1      1     1
               1   0    0    0    1      1   0   0      1     1
               1   1    0    1    0      1   0   1      0     1
               Inputs                    Outputs
                        f8   f9   f10   f11 f12 f13     f14   f15
               0   0    1    1     1     1   1   1       1     1
               0   1    0    0     0     0   1   1       1     1
               1   0    0    0     1     1   0   0       1     1
               1   1    0    1     0     1   0   1       0     1



classes is too large to reasonably calculate directly. It is necessary to employ
Burnside’s Theorem.
    Consider a switching function with three possible inputs, a, b, and c.
As we have mentioned, two switching functions f and g are equivalent if a
permutation of the input variables of f gives g. It is important to notice that
a permutation of the switching functions is not simply a permutation of the
input values {a, b, c}. A switching function is a set of output values for the
inputs a, b, and c, so when we consider equivalent switching functions, we
are permuting 23 possible outputs, not just three input values. For example,
each binary triple (a, b, c) has a specific output associated with it. The
permutation (acb) changes outputs as follows:

                              (0, 0, 0) 7→ (0, 0, 0)
                              (0, 0, 1) 7→ (0, 1, 0)
                              (0, 1, 0) 7→ (1, 0, 0)
                                       ..
                                        .
                              (1, 1, 0) 7→ (1, 0, 1)
                              (1, 1, 1) 7→ (1, 1, 1).
226                                              CHAPTER 14           GROUP ACTIONS

   Let X be the set of output values for a switching function in n variables.
Then |X| = 2n . We can enumerate these values as follows:
                                 (0, . . . , 0, 1) 7→ 0
                                 (0, . . . , 1, 0) 7→ 1
                                 (0, . . . , 1, 1) 7→ 2
                                                  ..
                                                   .
                                 (1, . . . , 1, 1) 7→ 2n − 1.
Now let us consider a circuit with four input variables and a single output.
Suppose that we can permute the leads of any circuit according to the
following permutation group:
                                (a)    (ac)    (bd)       (adcb)
                       (abcd)    (ab)(cd)      (ad)(bc)       (ac)(bd).
The permutations of the four possible input variables induce the permutations
of the output values in Table 14.2.
    Hence, there are
                   1 16
                     (2 + 2 · 212 + 2 · 26 + 3 · 210 ) = 9616
                   8
possible switching functions of four variables under this group of permutations.
This number will be even smaller if we consider the full symmetric group on
four letters.

      Table 14.2. Permutations of switching functions in four variables
         Group                                                             Number
         Permutation     Switching Function Permutation                    of Cycles
         (a)             (0)                                               16
         (ac)            (2, 8)(3, 9)(6, 12)(7, 13)                        12
         (bd)            (1, 4)(3, 6)(9, 12)(11, 14)                       12
         (adcb)          (1, 2, 4, 8)(3, 6.12, 9)(5, 10)(7, 14, 13, 11)    6
         (abcd)          (1, 8, 4, 2)(3, 9, 12, 6)(5, 10)(7, 11, 13, 14)   6
         (ab)(cd)        (1, 2)(4, 8)(5, 10)(6, 9)(7, 11)(13, 14)          10
         (ad)(bc)        (1, 8)(2, 4)(3, 12)(5, 10)(7, 14)(11, 13)         10
         (ac)(bd)        (1, 4)(2, 8)(3, 12)(6, 9)(7, 13)(11, 14)          10




                                      Historical Note
EXERCISES                                                                       227

William Burnside was born in London in 1852. He attended Cambridge University
from 1871 to 1875 and won the Smith’s Prize in his last year. After his graduation
he lectured at Cambridge. He was made a member of the Royal Society in 1893.
Burnside wrote approximately 150 papers on topics in applied mathematics, differ-
ential geometry, and probability, but his most famous contributions were in group
theory. Several of Burnside’s conjectures have stimulated research to this day. One
such conjecture was that every group of odd order is solvable; that is, for a group G
of odd order, there exists a sequence of subgroups

                     G = Hn ⊃ Hn−1 ⊃ · · · ⊃ H1 ⊃ H0 = {e}

such that Hi is normal in Hi+1 and Hi+1 /Hi is abelian. This conjecture was finally
proven by W. Feit and J. Thompson in 1963. Burnside’s The Theory of Groups
of Finite Order, published in 1897, was one of the first books to treat groups in a
modern context as opposed to permutation groups. The second edition, published
in 1911, is still a classic.


Exercises
   1. Examples 1–5 in the first section each describe an action of a group G on a set
      X, which will give rise to the equivalence relation defined by G-equivalence.
      For each example, compute the equivalence classes of the equivalence relation,
      the G-equivalence classes.
   2. Compute all Xg and all Gx for each of the following permutation groups.
       (a) X = {1, 2, 3},
           G = S3 = {(1), (12), (13), (23), (123), (132)}
       (b) X = {1, 2, 3, 4, 5, 6},
           G = {(1), (12), (345), (354), (12)(345), (12)(354)}
   3. Compute the G-equivalence classes of X for each of the G-sets in Exercise 2.
      For each x ∈ X verify that |G| = |Ox | · |Gx |.
   4. Let G be the additive group of real numbers. Let the action of θ ∈ G on
      the real plane R2 be given by rotating the plane counterclockwise about the
      origin through θ radians. Let P be a point on the plane other than the origin.
       (a) Show that R2 is a G-set.
       (b) Describe geometrically the orbit containing P .
        (c) Find the group GP .
   5. Let G = A4 and suppose that G acts on itself by conjugation; that is,
      (g, h) 7→ ghg −1 .
       (a) Determine the conjugacy classes (orbits) of each element of G.
228                                       CHAPTER 14          GROUP ACTIONS

      (b) Determine all of the isotropy subgroups for each element of G.
  6. Find the conjugacy classes and the class equation for each of the following
     groups.

      (a) S4               (b) D5              (c) Z9               (d) Q8

  7. Write the class equation for S5 and for A5 .
  8. If a square remains fixed in the plane, how many different ways can the corners
     of the square be colored if three colors are used?
  9. How many ways can the vertices of an equilateral triangle be colored using
     three different colors?
 10. Find the number of ways a six-sided die can be constructed if each side is
     marked differently with 1, . . . , 6 dots.
 11. Up to a rotation, how many ways can the faces of a cube be colored with
     three different colors?
 12. Consider 12 straight wires of equal lengths with their ends soldered together
     to form the edges of a cube. Either silver or copper wire can be used for each
     edge. How many different ways can the cube be constructed?
 13. Suppose that we color each of the eight corners of a cube. Using three different
     colors, how many ways can the corners be colored up to a rotation of the
     cube?
 14. Each of the faces of a regular tetrahedron can be painted either red or white.
     Up to a rotation, how many different ways can the tetrahedron be painted?
 15. Suppose that the vertices of a regular hexagon are to be colored either red or
     white. How many ways can this be done up to a symmetry of the hexagon?
 16. A molecule of benzene is made up of six carbon atoms and six hydrogen
     atoms, linked together in a hexagonal shape as in Figure 14.4.
      (a) How many different compounds can be formed by replacing one or more
          of the hydrogen atoms with a chlorine atom?
      (b) Find the number of different chemical compounds that can be formed
          by replacing three of the six hydrogen atoms in a benzene ring with a
          CH3 radical.

 17. How many equivalence classes of switching functions are there if the input
     variables x1 , x2 , and x3 can be permuted by any permutation in S3 ? What if
     the input variables x1 , x2 , x3 , and x4 can be permuted by any permutation
     in S4 ?
EXERCISES                                                                      229

                                        H

                              H                  H




                              H                  H

                                        H


                        Figure 14.4. A benzene ring

  18. How many equivalence classes of switching functions are there if the input
      variables x1 , x2 , x3 , and x4 can be permuted by any permutation in the
      subgroup of S4 generated by the permutation (x1 x2 x3 x4 )?
  19. A striped necktie has 12 bands of color. Each band can be colored by one of
      four possible colors. How many possible different-colored neckties are there?
  20. A group acts faithfully on a G-set X if the identity is the only element of G
      that leaves every element of X fixed. Show that G acts faithfully on X if and
      only if no two distinct elements of G have the same action on each element of
      X.
  21. Let p be prime. Show that the number of different abelian groups of order pn
      (up to isomorphism) is the same as the number of conjugacy classes in Sn .
  22. Let a ∈ G. Show that for any g ∈ G, gC(a)g −1 = C(gag −1 ).
  23. Let |G| = pn and suppose that |Z(G)| = pn−1 for p prime. Prove that G is
      abelian.
  24. Let G be a group with order pn where p is prime and X a finite G-set. If
      XG = {x ∈ X : gx = x for all g ∈ G} is the set of elements in X fixed by the
      group action, then prove that |X| ≡ |XG | (mod p).
  25. If G is a group of order pn , where p is prime and n ≥ 2, show that G must
      have a proper subgroup of order p. If n ≥ 3, is it true that G will have a
      proper subgroup of order p2 ?

Programming Exercise
Write a program to compute the number of conjugacy classes in Sn . What is the
largest n for which your program will work?
230                                      CHAPTER 14         GROUP ACTIONS

References and Suggested Reading
  [1] De Bruijin, N. G. “Pólya’s Theory of Counting,” in Applied Combinatorial
      Mathematics, Beckenbach, E. F., ed. Wiley, New York, 1964.
  [2] Eidswick, J. A. “Cubelike Puzzles—What Are They and How Do You Solve
      Them?” American Mathematical Monthly 93 (1986), 157–76.
  [3] Harary, F., Palmer, E. M., and Robinson, R. W. “Pólya’s Contributions to
      Chemical Enumeration,” in Chemical Applications of Graph Theory, Balaban,
      A. T., ed. Academic Press, London, 1976.
  [4] Gåding, L. and Tambour, T. Algebra for Computer Science. Springer-Verlag,
      New York, 1988.
  [5] Laufer, H. B. Discrete Mathematics and Applied Modern Algebra. PWS-Kent,
      Boston, 1984.
  [6] Pólya, G. and Read, R. C. Combinatorial Enumeration of Groups, Graphs,
      and Chemical Compounds. Springer-Verlag, New York, 1985.
  [7] Shapiro, L. W. “Finite Groups Acting on Sets with Applications,” Mathematics
      Magazine, May–June 1973, 136–47.

Sage Sage has many commands related to conjugacy, which is a group
action. It also has commands for orbits and stabilizers of permutation groups.
In the supplement, we illustrate the automorphism group of a (combinatorial)
graph as another example of a group action on the vertex set of the graph.
                                      15
           The Sylow Theorems



We already know that the converse of Lagrange’s Theorem is false. If
G is a group of order m and n divides m, then G does not necessarily
possess a subgroup of order n. For example, A4 has order 12 but does not
possess a subgroup of order 6. However, the Sylow Theorems do provide a
partial converse for Lagrange’s Theorem: in certain cases they guarantee us
subgroups of specific orders. These theorems yield a powerful set of tools for
the classification of all finite nonabelian groups.


15.1      The Sylow Theorems
We will use the idea of group actions to prove the Sylow Theorems. Recall
for a moment what it means for G to act on itself by conjugation and how
conjugacy classes are distributed in the group according to the class equation,
discussed in Chapter 14. A group G acts on itself by conjugation via the map
(g, x) 7→ gxg −1 . Let x1 , . . . , xk be representatives from each of the distinct
conjugacy classes of G that consist of more than one element. Then the class
equation can be written as

                |G| = |Z(G)| + [G : C(x1 )] + · · · + [G : C(xk )],

where Z(G) = {g ∈ G : gx = xg for all x ∈ G} is the center of G and
C(xi ) = {g ∈ G : gxi = xi g} is the centralizer subgroup of xi .
   We now begin our investigation of the Sylow Theorems by examining
subgroups of order p, where p is prime. A group G is a p-group if every
element in G has as its order a power of p, where p is a prime number. A
subgroup of a group G is a p-subgroup if it is a p-group.

Theorem 15.1 (Cauchy) Let G be a finite group and p a prime such that
p divides the order of G. Then G contains a subgroup of order p.

                                       231
232                             CHAPTER 15        THE SYLOW THEOREMS

Proof. We will use induction on the order of G. If |G| = p, then clearly G
must have an element of order p. Now assume that every group of order k,
where p ≤ k < n and p divides k, has an element of order p. Assume that
|G| = n and p | n and consider the class equation of G:
               |G| = |Z(G)| + [G : C(x1 )] + · · · + [G : C(xk )].
We have two cases.
    Case 1. The order of one of the centralizer subgroups, C(xi ), is divisible
by p for some i, i = 1, . . . , k. In this case, by our induction hypothesis, we
are done. Since C(xi ) is a proper subgroup of G and p divides |C(xi )|, C(xi )
must contain an element of order p. Hence, G must contain an element of
order p.
    Case 2. The order of no centralizer subgroup is divisible by p. Then p
divides [G : C(xi )], the order of each conjugacy class in the class equation;
hence, p must divide the center of G, Z(G). Since Z(G) is abelian, it must
have a subgroup of order p by the Fundamental Theorem of Finite Abelian
Groups. Therefore, the center of G contains an element of order p.             

Corollary 15.2 Let G be a finite group. Then G is a p-group if and only if
|G| = pn .

Example 1. Let us consider the group A5 . We know that |A5 | = 60 = 22 ·3·5.
By Cauchy’s Theorem, we are guaranteed that A5 has subgroups of orders
2, 3 and 5. The Sylow Theorems give us even more information about the
possible subgroups of A5 .                                               
   We are now ready to state and prove the first of the Sylow Theorems.
The proof is very similar to the proof of Cauchy’s Theorem.

Theorem 15.3 (First Sylow Theorem) Let G be a finite group and p a
prime such that pr divides |G|. Then G contains a subgroup of order pr .

Proof. We induct on the order of G once again. If |G| = p, then we are
done. Now suppose that the order of G is n with n > p and that the theorem
is true for all groups of order less than n. We shall apply the class equation
once again:
               |G| = |Z(G)| + [G : C(x1 )] + · · · + [G : C(xk )].
    First suppose that p does not divide [G : C(xi )] for some i. Then
pr | |C(xi )|, since pr divides |G| = |C(xi )| · [G : C(xi )]. Now we can apply
the induction hypothesis to C(xi ).
15.1   THE SYLOW THEOREMS                                                 233

    Hence, we may assume that p divides [G : C(xi )] for all i. Since p divides
|G|, the class equation says that p must divide |Z(G)|; hence, by Cauchy’s
Theorem, Z(G) has an element of order p, say g. Let N be the group
generated by g. Clearly, N is a normal subgroup of Z(G) since Z(G) is
abelian; therefore, N is normal in G since every element in Z(G) commutes
with every element in G. Now consider the factor group G/N of order |G|/p.
By the induction hypothesis, G/N contains a subgroup H of order pr−1 . The
inverse image of H under the canonical homomorphism φ : G → G/N is a
subgroup of order pr in G.                                                   
   A Sylow p-subgroup P of a group G is a maximal p-subgroup of G.
To prove the other two Sylow Theorems, we need to consider conjugate
subgroups as opposed to conjugate elements in a group. For a group G, let
S be the collection of all subgroups of G. For any subgroup H, S is a H-set,
where H acts on S by conjugation. That is, we have an action

                                 H ×S →S

defined by
                               h · K 7→ hKh−1
for K in S.
    The set
                       N (H) = {g ∈ G : gHg −1 = H}
is a subgroup of G. Notice that H is a normal subgroup of N (H). In fact,
N (H) is the largest subgroup of G in which H is normal. We call N (H) the
normalizer of H in G.

Lemma 15.4 Let P be a Sylow p-subgroup of a finite group G and let x
have as its order a power of p. If x−1 P x = P , then x ∈ P .

Proof. Certainly x ∈ N (P ), and the cyclic subgroup, hxP i ⊂ N (P )/P ,
has as its order a power of p. By the Correspondence Theorem there exists
a subgroup H of N (P ) such that H/P = hxP i. Since |H| = |P | · |hxP i|,
the order of H must be a power of p. However, P is a Sylow p-subgroup
contained in H. Since the order of P is the largest power of p dividing |G|,
H = P . Therefore, H/P is the trivial subgroup and xP = P , or x ∈ P . 

Lemma 15.5 Let H and K be subgroups of G. The number of distinct
H-conjugates of K is [H : N (K) ∩ H].
234                             CHAPTER 15           THE SYLOW THEOREMS

Proof. We define a bijection between the conjugacy classes of K and the
right cosets of N (K) ∩ H by h−1 Kh 7→ (N (K) ∩ H)h. To show that this map
is a bijection, let h1 , h2 ∈ H and suppose that (N (K)∩H)h1 = (N (K)∩H)h2 .
Then h2 h−1                                   −1      −1   −1        −1
           1 ∈ N (K). Therefore, K = h2 h1 Kh1 h2 or h1 Kh1 = h2 Kh2 ,
and the map is an injection. It is easy to see that this map is surjective;
hence, we have a one-to-one and onto map between the H-conjugates of K
and the right cosets of N (K) ∩ H in H.                                  

Theorem 15.6 (Second Sylow Theorem) Let G be a finite group and p
a prime dividing |G|. Then all Sylow p-subgroups of G are conjugate. That
is, if P1 and P2 are two Sylow p-subgroups, there exists a g ∈ G such that
gP1 g −1 = P2 .

Proof. Let P be a Sylow p-subgroup of G and suppose that |G| = pr m and
|P | = pr . Let
                      P = {P = P1 , P2 , . . . , Pk }
consist of the distinct conjugates of P in G. By Lemma 15.5, k = [G : N (P )].
Notice that

               |G| = pr m = |N (P )| · [G : N (P )] = |N (P )| · k.

Since pr divides |N (P )|, p cannot divide k. Given any other Sylow p-subgroup
Q, we must show that Q ∈ P. Consider the Q-conjugacy classes of each
Pi . Clearly, these conjugacy classes partition P. The size of the partition
containing Pi is [Q : N (Pi ) ∩ Q]. Lagrange’s Theorem tells us that this
number is a divisor of |Q| = pr . Hence, the number of conjugates in every
equivalence class of the partition is a power of p. However, since p does not
divide k, one of these equivalence classes must contain only a single Sylow
p-subgroup, say Pj . Therefore, for some Pj , x−1 Pj x = Pj for all x ∈ Q. By
Lemma 15.4, Pj = Q.                                                          

Theorem 15.7 (Third Sylow Theorem) Let G be a finite group and let
p be a prime dividing the order of G. Then the number of Sylow p-subgroups
is congruent to 1 (mod p) and divides |G|.

Proof. Let P be a Sylow p-subgroup acting on the set of Sylow p-subgroups,

                          P = {P = P1 , P2 , . . . , Pk },

by conjugation. From the proof of the Second Sylow Theorem, the only
P -conjugate of P is itself and the order of the other P -conjugacy classes is a
15.2   EXAMPLES AND APPLICATIONS                                                 235

power of p. Each P -conjugacy class contributes a positive power of p toward
|P| except the equivalence class {P }. Since |P| is the sum of positive powers
of p and 1, |P| ≡ 1 (mod p).
    Now suppose that G acts on P by conjugation. Since all Sylow p-
subgroups are conjugate, there can be only one orbit under this action. For
P ∈ P,
                      |P| = |orbit of P| = [G : N (P )].
But [G : N (P )] is a divisor of |G|; consequently, the number of Sylow
p-subgroups of a finite group must divide the order of the group.     

                                 Historical Note

Peter Ludvig Mejdell Sylow was born in 1832 in Christiania, Norway (now Oslo).
After attending Christiania University, Sylow taught high school. In 1862 he obtained
a temporary appointment at Christiania University. Even though his appointment
was relatively brief, he influenced students such as Sophus Lie (1842–1899). Sylow
had a chance at a permanent chair in 1869, but failed to obtain the appointment.
In 1872, he published a 10-page paper presenting the theorems that now bear his
name. Later Lie and Sylow collaborated on a new edition of Abel’s works. In 1898,
a chair at Christiania University was finally created for Sylow through the efforts of
his student and colleague Lie. Sylow died in 1918.


15.2      Examples and Applications

Example 2. Using the Sylow Theorems, we can determine that A5 has
subgroups of orders 2, 3, 4, and 5. The Sylow p-subgroups of A5 have orders
3, 4, and 5. The Third Sylow Theorem tells us exactly how many Sylow
p-subgroups A5 has. Since the number of Sylow 5-subgroups must divide
60 and also be congruent to 1 (mod 5), there are either one or six Sylow
5-subgroups in A5 . All Sylow 5-subgroups are conjugate. If there were only
a single Sylow 5-subgroup, it would be conjugate to itself; that is, it would
be a normal subgroup of A5 . Since A5 has no normal subgroups, this is
impossible; hence, we have determined that there are exactly six distinct
Sylow 5-subgroups of A5 .                                                  
   The Sylow Theorems allow us to prove many useful results about finite
groups. By using them, we can often conclude a great deal about groups of
a particular order if certain hypotheses are satisfied.
236                            CHAPTER 15        THE SYLOW THEOREMS

Theorem 15.8 If p and q are distinct primes with p < q, then every group
G of order pq has a single subgroup of order q and this subgroup is normal
in G. Hence, G cannot be simple. Furthermore, if q 6≡ 1 (mod p), then G is
cyclic.

Proof. We know that G contains a subgroup H of order q. The number of
conjugates of H divides pq and is equal to 1 + kq for k = 0, 1, . . .. However,
1 + q is already too large to divide the order of the group; hence, H can only
be conjugate to itself. That is, H must be normal in G.
    The group G also has a Sylow p-subgroup, say K. The number of
conjugates of K must divide q and be equal to 1 + kp for k = 0, 1, . . .. Since
q is prime, either 1 + kp = q or 1 + kp = 1. If 1 + kp = 1, then K is normal
in G. In this case, we can easily show that G satisfies the criteria, given in
Chapter 8, for the internal direct product of H and K. Since H is isomorphic
to Zq and K is isomorphic to Zp , G ∼    = Zp × Zq ∼  = Zpq by Theorem 9.10.
                                                                             

Example 3. Every group of order 15 is cyclic. This is true because 15 = 5 · 3
and 5 6≡ 1 (mod 3).                                                       

Example 4. Let us classify all of the groups of order 99 = 32 · 11 up to
isomorphism. First we will show that every group G of order 99 is abelian.
By the Third Sylow Theorem, there are 1 + 3k Sylow 3-subgroups, each of
order 9, for some k = 0, 1, 2, . . .. Also, 1 + 3k must divide 11; hence, there
can only be a single normal Sylow 3-subgroup H in G. Similarly, there are
1 + 11k Sylow 11-subgroups and 1 + 11k must divide 9. Consequently, there
is only one Sylow 11-subgroup K in G. By Corollary 14.5, any group of
order p2 is abelian for p prime; hence, H is isomorphic either to Z3 × Z3
or to Z9 . Since K has order 11, it must be isomorphic to Z11 . Therefore,
the only possible groups of order 99 are Z3 × Z3 × Z11 or Z9 × Z11 up to
isomorphism.                                                                 
    To determine all of the groups of order 5 · 7 · 47 = 1645, we need the
following theorem.

Theorem 15.9 Let G0 = haba−1 b−1 : a, b ∈ Gi be the subgroup consisting
of all finite products of elements of the form aba−1 b−1 in a group G. Then
G0 is a normal subgroup of G and G/G0 is abelian.
15.2   EXAMPLES AND APPLICATIONS                                          237

    The subgroup G0 of G is called the commutator subgroup of G. We
leave the proof of this theorem as an exercise.

Example 5. We will now show that every group of order 5 · 7 · 47 = 1645
is abelian, and cyclic by Corollary 9.11. By the Third Sylow Theorem, G
has only one subgroup H1 of order 47. So G/H1 has order 35 and must be
abelian by Theorem 15.8. Hence, the commutator subgroup of G is contained
in H which tells us that |G0 | is either 1 or 47. If |G0 | = 1, we are done.
Suppose that |G0 | = 47. The Third Sylow Theorem tells us that G has
only one subgroup of order 5 and one subgroup of order 7. So there exist
normal subgroups H2 and H3 in G, where |H2 | = 5 and |H3 | = 7. In either
case the quotient group is abelian; hence, G0 must be a subgroup of Hi ,
i = 1, 2. Therefore, the order of G0 is 1, 5, or 7. However, we already have
determined that |G0 | = 1 or 47. So the commutator subgroup of G is trivial,
and consequently G is abelian.                                            


Finite Simple Groups
Given a finite group, one can ask whether or not that group has any normal
subgroups. Recall that a simple group is one with no proper nontrivial
normal subgroups. As in the case of A5 , proving a group to be simple can
be a very difficult task; however, the Sylow Theorems are useful tools for
proving that a group is not simple. Usually some sort of counting argument
is involved.

Example 6. Let us show that no group G of order 20 can be simple. By
the Third Sylow Theorem, G contains one or more Sylow 5-subgroups. The
number of such subgroups is congruent to 1 (mod 5) and must also divide
20. The only possible such number is 1. Since there is only a single Sylow
5-subgroup and all Sylow 5-subgroups are conjugate, this subgroup must be
normal.                                                                  

Example 7. Let G be a finite group of order pn , n > 1 and p prime. By
Theorem 14.4, G has a nontrivial center. Since the center of any group G is
a normal subgroup, G cannot be a simple group. Therefore, groups of orders
4, 8, 9, 16, 25, 27, 32, 49, 64, and 81 are not simple. In fact, the groups of
order 4, 9, 25, and 49 are abelian by Corollary 14.5.                       

Example 8. No group of order 56 = 23 · 7 is simple. We have seen that
if we can show that there is only one Sylow p-subgroup for some prime p
238                            CHAPTER 15             THE SYLOW THEOREMS

dividing 56, then this must be a normal subgroup and we are done. By the
Third Sylow Theorem, there are either one or eight Sylow 7-subgroups. If
there is only a single Sylow 7-subgroup, then it must be normal.
    On the other hand, suppose that there are eight Sylow 7-subgroups. Then
each of these subgroups must be cyclic; hence, the intersection of any two of
these subgroups contains only the identity of the group. This leaves 8 · 6 = 48
distinct elements in the group, each of order 7. Now let us count Sylow
2-subgroups. There are either one or seven Sylow 2-subgroups. Any element
of a Sylow 2-subgroup other than the identity must have as its order a power
of 2; and therefore cannot be one of the 48 elements of order 7 in the Sylow
7-subgroups. Since a Sylow 2-subgroup has order 8, there is only enough
room for a single Sylow 2-subgroup in a group of order 56. If there is only
one Sylow 2-subgroup, it must be normal.                                     
    For other groups G it is more difficult to prove that G is not simple.
Suppose G has order 48. In this case the technique that we employed in the
last example will not work. We need the following lemma to prove that no
group of order 48 is simple.

Lemma 15.10 Let H and K be finite subgroups of a group G. Then

                                        |H| · |K|
                              |HK| =              .
                                        |H ∩ K|

Proof. Recall that

                        HK = {hk : h ∈ H, k ∈ K}.

Certainly, |HK| ≤ |H| · |K| since some element in HK could be written
as the product of different elements in H and K. It is quite possible that
h1 k1 = h2 k2 for h1 , h2 ∈ H and k1 , k2 ∈ K. If this is the case, let

                          a = (h1 )−1 h2 = k1 (k2 )−1 .

Notice that a ∈ H ∩ K, since (h1 )−1 h2 is in H and k2 (k1 )−1 is in K;
consequently,

                                  h2 = h1 a−1
                                  k2 = ak1 .

   Conversely, let h = h1 b−1 and k = bk1 for b ∈ H ∩ K. Then hk = h1 k1 ,
where h ∈ H and k ∈ K. Hence, any element hk ∈ HK can be written in
EXERCISES                                                                    239

the form hi ki for hi ∈ H and ki ∈ K, as many times as there are elements
in H ∩ K; that is, |H ∩ K| times. Therefore, |HK| = (|H| · |K|)/|H ∩ K|.
                                                                       

Example 9. To demonstrate that a group G of order 48 is not simple, we
will show that G contains either a normal subgroup of order 8 or a normal
subgroup of order 16. By the Third Sylow Theorem, G has either one or
three Sylow 2-subgroups of order 16. If there is only one subgroup, then it
must be a normal subgroup.
    Suppose that the other case is true, and two of the three Sylow 2-
subgroups are H and K. We claim that |H ∩ K| = 8. If |H ∩ K| ≤ 4, then
by Lemma 15.10,
                                    16 · 16
                            |HK| =           = 64,
                                       4
which is impossible. Notice that H ∩ K has index two in both of H and K,
so is normal in both, and thus H and K are each in the normalizer of H ∩ K.
Because H is a subgroup of N (H ∩ K) and because N (H ∩ K) has strictly
more than 16 elements, |N (H ∩ K)| must be a multiple of 16 greater than 1,
as well as dividing 48. The only possibility is that |N (H ∩ K)| = 48. Hence,
N (H ∩ K) = G.
                                                                           

     The following famous conjecture of Burnside was proved in a long and
difficult paper by Feit and Thompson [2].

Theorem 15.11 (Odd Order Theorem) Every finite simple group of
nonprime order must be of even order.

    The proof of this theorem laid the groundwork for a program in the 1960s
and 1970s that classified all finite simple groups. The success of this program
is one of the outstanding achievements of modern mathematics.


Exercises
   1. What are the orders of all Sylow p-subgroups where G has order 18, 24, 54,
      72, and 80?
   2. Find all the Sylow 3-subgroups of S4 and show that they are all conjugate.
   3. Show that every group of order 45 has a normal subgroup of order 9.
   4. Let H be a Sylow p-subgroup of G. Prove that H is the only Sylow p-subgroup
      of G contained in N (H).
240                                CHAPTER 15          THE SYLOW THEOREMS

  5. Prove that no group of order 96 is simple.
  6. Prove that no group of order 160 is simple.
  7. If H is a normal subgroup of a finite group G and |H| = pk for some prime p,
     show that H is contained in every Sylow p-subgroup of G.
  8. Let G be a group of order p2 q 2 , where p and q are distinct primes such that
     q6 |p2 − 1 and p6 |q 2 − 1. Prove that G must be abelian. List three pairs of
     primes satisfying these conditions.
  9. Show directly that a group of order 33 has only one Sylow 3-subgroup.
 10. Let H be a subgroup of a group G. Prove or disprove that the normalizer of
     H is normal in G.
 11. Let G be a finite group divisible by a prime p. Prove that if there is only one
     Sylow p-subgroup in G, it must be a normal subgroup of G.
 12. Let G be a group of order pr , p prime. Prove that G contains a normal
     subgroup of order pr−1 .
 13. Suppose that G is a finite group of order pn k, where k < p. Show that G
     must contain a normal subgroup.
 14. Let H be a subgroup of a finite group G. Prove that gN (H)g −1 = N (gHg −1 )
     for any g ∈ G.
 15. Prove that a group of order 108 must have a normal subgroup.
 16. Classify all the groups of order 175 up to isomorphism.
 17. Show that every group of order 255 is cyclic.
 18. Let G have order pe11 · · · penn and suppose that G has n Sylow p-subgroups
     P1 , . . . , Pn where |Pi | = pei i . Prove that G is isomorphic to P1 × · · · × Pn .
 19. Let P be a normal Sylow p-subgroup of G. Prove that every inner automor-
     phism of G fixes P .
 20. What is the smallest possible order of a group G such that G is nonabelian
     and |G| is odd? Can you find such a group?
 21. The Frattini Lemma. If H is a normal subgroup of a finite group G and
     P is a Sylow p-subgroup of H, for each g ∈ G show that there is an h in H
     such that gP g −1 = hP h−1 . Also, show that if N is the normalizer of P , then
     G = HN .
 22. Show that if the order of G is pn q, where p and q are primes and p > q, then
     G contains a normal subgroup.
 23. Prove that the number of distinct conjugates of a subgroup H of a finite
     group G is [G : N (H)].
 24. Prove that a Sylow 2-subgroup of S5 is isomorphic to D4 .
EXERCISES                                                                           241

 25. Another Proof of the Sylow Theorems.
      (a) Suppose p is prime and p does not divide m. Show that
                                           k 
                                           p m
                                      p6 |       .
                                            pk

      (b) Let S denote the set of all pk element subsets of G. Show that p does
          not divide |S|.
      (c) Define an action of G on S by left multiplication, aT = {at : t ∈ T } for
          a ∈ G and T ∈ S. Prove that this is a group action.
      (d) Prove p6 ||OT | for some T ∈ S.
      (e) Let {T1 , . . . , Tu } be an orbit such that p6 |u and H = {g ∈ G : gT1 = T1 }.
          Prove that H is a subgroup of G and show that |G| = u|H|.
      (f) Show that pk divides |H| and pk ≤ |H|.
      (g) Show that |H| = |G|/|OT | ≤ pk ; conclude that therefore pk = |H|.
 26. Let G be a group. Prove that G0 = haba−1 b−1 : a, b ∈ Gi is a normal subgroup
     of G and G/G0 is abelian. Find an example to show that {aba−1 b−1 : a, b ∈ G}
     is not necessarily a group.

A Project

  Order    Number      Order    Number      Order     Number     Order     Number
    1        ?          16        14         31          1        46          2
    2        ?          17         1         32         51        47          1
    3        ?          18         ?         33          1        48         52
    4        ?          19         ?         34          ?        49          ?
    5        ?          20         5         35          1        50          5
    6        ?          21         ?         36         14        51          ?
    7        ?          22         2         37          1        52          ?
    8        ?          23         1         38          ?        53          ?
    9        ?          24         ?         39          2        54         15
   10        ?          25         2         40         14        55          2
   11        ?          26         2         41          1        56          ?
   12        5          27         5         42          ?        57          2
   13        ?          28         ?         43          1        58          ?
   14        ?          29         1         44          4        59          1
   15        1          30         4         45          *        60         13

          Table 15.1. Numbers of distinct groups G, |G| ≤ 60
242                               CHAPTER 15         THE SYLOW THEOREMS

The main objective of finite group theory is to classify all possible finite groups up
to isomorphism. This problem is very difficult even if we try to classify the groups
of order less than or equal to 60. However, we can break the problem down into
several intermediate problems.
   1. Find all simple groups G ( |G| ≤ 60). Do not use the Odd Order Theorem
      unless you are prepared to prove it.
   2. Find the number of distinct groups G, where the order of G is n for n =
      1, . . . , 60.
   3. Find the actual groups (up to isomorphism) for each n.
This is a challenging project that requires a working knowledge of the group theory
you have learned up to this point. Even if you do not complete it, it will teach you
a great deal about finite groups. You can use Table 15.2 as a guide.

References and Suggested Readings
  [1] Edwards, H. “A Short History of the Fields Medal,” Mathematical Intelligencer
      1 (1978), 127–29.
  [2] Feit, W. and Thompson, J. G. “Solvability of Groups of Odd Order,” Pacific
      Journal of Mathematics 13 (1963), 775–1029.
  [3] Gallian, J. A. “The Search for Finite Simple Groups,” Mathematics Magazine
      49(1976), 163–79.
  [4] Gorenstein, D. “Classifying the Finite Simple Groups,” Bulletin of the Amer-
      ican Mathematical Society 14 (1986), 1–98.
  [5] Gorenstein, D. Finite Groups. AMS Chelsea Publishing, Providence RI, 1968.
  [6] Gorenstein, D., Lyons, R., and Solomon, R. The Classification of Finite
      Simple Groups. American Mathematical Society, Providence RI, 1994.

Sage Sage will compute a single Sylow p-subgroup for each prime divisor p
of the order of the group. Then, with conjugacy, all of the Sylow p-subgroups
can be enumerated. It is also possible to compute the normalizer of a
subgroup.
                                      16
                               Rings



Up to this point we have studied sets with a single binary operation satisfying
certain axioms, but often we are more interested in working with sets that
have two binary operations. For example, one of the most natural algebraic
structures to study is the integers with the operations of addition and
multiplication. These operations are related to one another by the distributive
property. If we consider a set with two such related binary operations
satisfying certain axioms, we have an algebraic structure called a ring. In a
ring we add and multiply such elements as real numbers, complex numbers,
matrices, and functions.


16.1     Rings
A nonempty set R is a ring if it has two closed binary operations, addition
and multiplication, satisfying the following conditions.
  1. a + b = b + a for a, b ∈ R.

  2. (a + b) + c = a + (b + c) for a, b, c ∈ R.

  3. There is an element 0 in R such that a + 0 = a for all a ∈ R.

  4. For every element a ∈ R, there exists an element −a in R such that
     a + (−a) = 0.

  5. (ab)c = a(bc) for a, b, c ∈ R.

  6. For a, b, c ∈ R,

                                a(b + c) = ab + ac
                                (a + b)c = ac + bc.

                                      243
244                                                       CHAPTER 16   RINGS

This last condition, the distributive axiom, relates the binary operations of
addition and multiplication. Notice that the first four axioms simply require
that a ring be an abelian group under addition, so we could also have defined
a ring to be an abelian group (R, +) together with a second binary operation
satisfying the fifth and sixth conditions given above.
    If there is an element 1 ∈ R such that 1 6= 0 and 1a = a1 = a for each
element a ∈ R, we say that R is a ring with unity or identity . A ring
R for which ab = ba for all a, b in R is called a commutative ring . A
commutative ring R with identity is called an integral domain if, for every
a, b ∈ R such that ab = 0, either a = 0 or b = 0. A division ring is a
ring R, with an identity, in which every nonzero element in R is a unit;
that is, for each a ∈ R with a 6= 0, there exists a unique element a−1 such
that a−1 a = aa−1 = 1. A commutative division ring is called a field . The
relationship among rings, integral domains, division rings, and fields is shown
in Figure 16.1.

                                     Rings


                       Commutative            Rings with
                          Rings                Identity


                         Integral              Division
                         Domains                Rings


                                     Fields


                        Figure 16.1. Types of rings

Example 1. As we have mentioned previously, the integers form a ring. In
fact, Z is an integral domain. Certainly if ab = 0 for two integers a and b,
either a = 0 or b = 0. However, Z is not a field. There is no integer that is
the multiplicative inverse of 2, since 1/2 is not an integer. The only integers
with multiplicative inverses are 1 and −1.                                   

Example 2. Under the ordinary operations of addition and multiplication,
all of the familiar number systems are rings: the rationals, Q; the real
numbers, R; and the complex numbers, C. Each of these rings is a field. 
16.1   RINGS                                                               245

Example 3. We can define the product of two elements a and b in Zn by ab
(mod n). For instance, in Z12 , 5 · 7 ≡ 11 (mod 12). This product makes the
abelian group Zn into a ring. Certainly Zn is a commutative ring; however,
it may fail to be an integral domain. If we consider 3 · 4 ≡ 0 (mod 12) in
Z12 , it is easy to see that a product of two nonzero elements in the ring can
be equal to zero.                                                            
    A nonzero element a in a ring R is called a zero divisor if there is a
nonzero element b in R such that ab = 0. In the previous example, 3 and 4
are zero divisors in Z12 .

Example 4. In calculus the continuous real-valued functions on an interval
[a, b] form a commutative ring. We add or multiply two functions by adding
or multiplying the values of the functions. If f (x) = x2 and g(x) = cos x,
then (f + g)(x) = f (x) + g(x) = x2 + cos x and (f g)(x) = f (x)g(x) = x2 cos x.
                                                                             

Example 5. The 2 × 2 matrices with entries in R form a ring under
the usual operations of matrix addition and multiplication. This ring is
noncommutative, since it is usually the case that AB 6= BA. Also, notice
that we can have AB = 0 when neither A nor B is zero.                 

Example 6. For an example of a noncommutative division ring, let
                                                       
         1 0            0 1           0 i              i 0
    1=          , i=            , j=         , k=               ,
         0 1            −1 0           i 0             0 −i
where i2 = −1. These elements satisfy the following relations:
                              i2 = j2 = k2 = −1
                                   ij = k
                                  jk = i
                                  ki = j
                                   ji = −k
                                  kj = −i
                                  ik = −j.
Let H consist of elements of the form a + bi + cj + dk, where a, b, c, d are
real numbers. Equivalently, H can be considered to be the set of all 2 × 2
matrices of the form                  
                                  α β
                                         ,
                                 −β α
246                                                        CHAPTER 16       RINGS

where α = a + di and β = b + ci are complex numbers. We can define
addition and multiplication on H either by the usual matrix operations or in
terms of the generators 1, i, j, and k:

  (a1 + b1 i + c1 j + d1 k) + (a2 + b2 i + c2 j + d2 k)
                            = (a1 + a2 ) + (b1 + b2 )i + (c1 + c2 )j + (d1 + d2 )k

and

        (a1 + b1 i + c1 j + d1 k)(a2 + b2 i + c2 j + d2 k) = α + βi + γj + δk,

where

                          α = a1 a2 − b1 b2 − c1 c2 − d1 d2
                          β = a1 b2 + a2 b1 + c1 d2 − d1 c2
                          γ = a1 c2 − b1 d2 + c1 a2 − d1 b2
                          δ = a1 d2 + b1 c2 − c1 b2 − d1 a2 .

Though multiplication looks complicated, it is actually a straightforward
computation if we remember that we just add and multiply elements in H
like polynomials and keep in mind the relationships between the generators
i, j, and k. The ring H is called the ring of quaternions.
     To show that the quaternions are a division ring, we must be able to find
an inverse for each nonzero element. Notice that

            (a + bi + cj + dk)(a − bi − cj − dk) = a2 + b2 + c2 + d2 .

This element can be zero only if a, b, c, and d are all zero. So if a+bi+cj+dk 6=
0,                                                        
                                        a − bi − cj − dk
                (a + bi + cj + dk)                            = 1.
                                       a2 + b2 + c2 + d2
                                                                                     

Proposition 16.1 Let R be a ring with a, b ∈ R. Then

   1. a0 = 0a = 0;

   2. a(−b) = (−a)b = −ab;

   3. (−a)(−b) = ab.
16.1   RINGS                                                           247

Proof. To prove (1), observe that
                           a0 = a(0 + 0) = a0 + a0;
hence, a0 = 0. Similarly, 0a = 0. For (2), we have ab + a(−b) = a(b − b) =
a0 = 0; consequently, −ab = a(−b). Similarly, −ab = (−a)b. Part (3) follows
directly from (2) since (−a)(−b) = −(a(−b)) = −(−ab) = ab.               
   Just as we have subgroups of groups, we have an analogous class of
substructures for rings. A subring S of a ring R is a subset S of R such
that S is also a ring under the inherited operations from R.
Example 7. The ring nZ is a subring of Z. Notice that even though the
original ring may have an identity, we do not require that its subring have
an identity. We have the following chain of subrings:
                                 Z ⊂ Q ⊂ R ⊂ C.
                                                                         
   The following proposition gives us some easy criteria for determining
whether or not a subset of a ring is indeed a subring. (We will leave the
proof of this proposition as an exercise.)
Proposition 16.2 Let R be a ring and S a subset of R. Then S is a subring
of R if and only if the following conditions are satisfied.
   1. S 6= ∅.
   2. rs ∈ S for all r, s ∈ S.
   3. r − s ∈ S for all r, s ∈ S.

Example 8. Let R = M2 (R) be the ring of 2 × 2 matrices with entries in R.
If T is the set of upper triangular matrices in R; i.e.,
                                                 
                                 a b
                         T =           : a, b, c ∈ R ,
                                 0 c
then T is a subring of R. If
                                                      a0 b0
                                                           
                           a b
                    A=                and B =
                           0 c                        0 c0
are in T , then clearly A − B is also in T . Also,
                                   0
                                    aa ab0 + bc0
                                                   
                           AB =
                                     0       cc0
is in T .                                                                
248                                                   CHAPTER 16         RINGS

16.2       Integral Domains and Fields
Let us briefly recall some definitions. If R is a ring and r is a nonzero element
in R, then r is said to be a zero divisor if there is some nonzero element
s ∈ R such that rs = 0. A commutative ring with identity is said to be
an integral domain if it has no zero divisors. If an element a in a ring R
with identity has a multiplicative inverse, we say that a is a unit. If every
nonzero element in a ring R is a unit, then R is called a division ring. A
commutative division ring is called a field.

Example 9. If i2 = −1, then the set Z[i] = {m + ni : m, n ∈ Z} forms a
ring known as the Gaussian integers. It is easily seen that the Gaussian
integers are a subring of the complex numbers since they are closed under
addition and multiplication. Let α = a + bi be a unit in Z[i]. Then α = a − bi
is also a unit since if αβ = 1, then αβ = 1. If β = c + di, then

                        1 = αβαβ = (a2 + b2 )(c2 + d2 ).

Therefore, a2 + b2 must either be 1 or −1; or, equivalently, a + bi = ±1 or
a + bi = ±i. Therefore, units of this ring are ±1 and ±i; hence, the Gaussian
integers are not a field. We will leave it as an exercise to prove that the
Gaussian integers are an integral domain.                                   

Example 10. The set of matrices
                                        
                     1 0      1 1    0 1    0 0
            F =            ,       ,      ,
                     0 1      1 0    1 1    0 0

with entries in Z2 forms a field.                                             
                         √            √
Example 11. The √  set Q( 2√) = {a + b 2 : a, b ∈ Q} is a field. The inverse
of an element a + b 2 in Q( 2 ) is
                                 a         −b √
                                       + 2      2.
                            a2   − 2b2  a − 2b2
                                                                              
      We have the following alternative characterization of integral domains.

Proposition 16.3 (Cancellation Law) Let D be a commutative ring with
identity. Then D is an integral domain if and only if for all nonzero elements
a ∈ D with ab = ac, we have b = c.
16.2   INTEGRAL DOMAINS AND FIELDS                                          249

Proof. Let D be an integral domain. Then D has no zero divisors. Let
ab = ac with a 6= 0. Then a(b − c) = 0. Hence, b − c = 0 and b = c.
   Conversely, let us suppose that cancellation is possible in D. That is,
suppose that ab = ac implies b = c. Let ab = 0. If a 6= 0, then ab = a0 or
b = 0. Therefore, a cannot be a zero divisor.                           
   The following surprising theorem is due to Wedderburn.

Theorem 16.4 Every finite integral domain is a field.

Proof. Let D be a finite integral domain and D∗ be the set of nonzero
elements of D. We must show that every element in D∗ has an inverse. For
each a ∈ D∗ we can define a map λa : D∗ → D∗ by λa (d) = ad. This map
makes sense, because if a 6= 0 and d 6= 0, then ad 6= 0. The map λa is
one-to-one, since for d1 , d2 ∈ D∗ ,

                        ad1 = λa (d1 ) = λa (d2 ) = ad2

implies d1 = d2 by left cancellation. Since D∗ is a finite set, the map λa
must also be onto; hence, for some d ∈ D∗ , λa (d) = ad = 1. Therefore, a has
a left inverse. Since D is commutative, d must also be a right inverse for a.
Consequently, D is a field.                                                
    For any nonnegative integer n and any element r in a ring R we write
r + · · · + r (n times) as nr. We define the characteristic of a ring R to be
the least positive integer n such that nr = 0 for all r ∈ R. If no such integer
exists, then the characteristic of R is defined to be 0.

Example 12. For every prime p, Zp is a field of characteristic p. By
Proposition 3.1, every nonzero element in Zp has an inverse; hence, Zp is a
field. If a is any nonzero element in the field, then pa = 0, since the order of
any nonzero element in the abelian group Zp is p.                             

Lemma 16.5 Let R be a ring with identity. If 1 has order n, then the
characteristic of R is n.

Proof. If 1 has order n, then n is the least positive integer such that n1 = 0.
Thus, for all r ∈ R,

                        nr = n(1r) = (n1)r = 0r = 0.

On the other hand, if no positive n exists such that n1 = 0, then the
characteristic of R is zero.                                       
250                                                   CHAPTER 16     RINGS

Theorem 16.6 The characteristic of an integral domain is either prime
or zero.

Proof. Let D be an integral domain and suppose that the characteristic
of D is n with n 6= 0. If n is not prime, then n = ab, where 1 < a < n and
1 < b < n. By Lemma 16.5, we need only consider the case n1 = 0. Since
0 = n1 = (ab)1 = (a1)(b1) and there are no zero divisors in D, either a1 = 0
or b1 = 0. Hence, the characteristic of D must be less than n, which is a
contradiction. Therefore, n must be prime.                                


16.3     Ring Homomorphisms and Ideals
In the study of groups, a homomorphism is a map that preserves the op-
eration of the group. Similarly, a homomorphism between rings preserves
the operations of addition and multiplication in the ring. More specifically,
if R and S are rings, then a ring homomorphism is a map φ : R → S
satisfying
                          φ(a + b) = φ(a) + φ(b)
                             φ(ab) = φ(a)φ(b)
for all a, b ∈ R. If φ : R → S is a one-to-one and onto homomorphism, then
φ is called an isomorphism of rings.
    The set of elements that a ring homomorphism maps to 0 plays a funda-
mental role in the theory of rings. For any ring homomorphism φ : R → S,
we define the kernel of a ring homomorphism to be the set
                        ker φ = {r ∈ R : φ(r) = 0}.

Example 13. For any integer n we can define a ring homomorphism
φ : Z → Zn by a 7→ a (mod n). This is indeed a ring homomorphism, since
                   φ(a + b) = (a + b)    (mod n)
                            = a (mod n) + b (mod n)
                            = φ(a) + φ(b)
and
                     φ(ab) = ab (mod n)
                           =a    (mod n) · b (mod n)
                           = φ(a)φ(b).
16.3   RING HOMOMORPHISMS AND IDEALS                                      251

The kernel of the homomorphism φ is nZ.                                     

Example 14. Let C[a, b] be the ring of continuous real-valued functions
on an interval [a, b] as in Example 4. For a fixed α ∈ [a, b], we can define
a ring homomorphism φα : C[a, b] → R by φα (f ) = f (α). This is a ring
homomorphism since

          φα (f + g) = (f + g)(α) = f (α) + g(α) = φα (f ) + φα (g)
                φα (f g) = (f g)(α) = f (α)g(α) = φα (f )φα (g).

Ring homomorphisms of the type φα are called evaluation homomor-
phisms.                                                       
    In the next proposition we will examine some fundamental properties of
ring homomorphisms. The proof of the proposition is left as an exercise.

Proposition 16.7 Let φ : R → S be a ring homomorphism.
   1. If R is a commutative ring, then φ(R) is a commutative ring.

   2. φ(0) = 0.

   3. Let 1R and 1S be the identities for R and S, respectively. If φ is onto,
      then φ(1R ) = 1S .

   4. If R is a field and φ(R) 6= {0}, then φ(R) is a field.

    In group theory we found that normal subgroups play a special role.
These subgroups have nice characteristics that make them more interesting
to study than arbitrary subgroups. In ring theory the objects corresponding
to normal subgroups are a special class of subrings called ideals. An ideal
in a ring R is a subring I of R such that if a is in I and r is in R, then both
ar and ra are in I; that is, rI ⊂ I and Ir ⊂ I for all r ∈ R.

Example 15. Every ring R has at least two ideals, {0} and R. These ideals
are called the trivial ideals.                                         
   Let R be a ring with identity and suppose that I is an ideal in R such
that 1 is in I. Since for any r ∈ R, r1 = r ∈ I by the definition of an ideal,
I = R.

Example 16. If a is any element in a commutative ring R with identity,
then the set
                          hai = {ar : r ∈ R}
252                                                   CHAPTER 16        RINGS

is an ideal in R. Certainly, hai is nonempty since both 0 = a0 and a = a1 are
in hai. The sum of two elements in hai is again in hai since ar +ar0 = a(r +r0 ).
The inverse of ar is −ar = a(−r) ∈ hai. Finally, if we multiply an element
ar ∈ hai by an arbitrary element s ∈ R, we have s(ar) = a(sr). Therefore,
hai satisfies the definition of an ideal.                                    
    If R is a commutative ring with identity, then an ideal of the form
hai = {ar : r ∈ R} is called a principal ideal .

Theorem 16.8 Every ideal in the ring of integers Z is a principal ideal.

Proof. The zero ideal {0} is a principal ideal since h0i = {0}. If I is any
nonzero ideal in Z, then I must contain some positive integer m. There
exists a least positive integer n in I by the Principle of Well-Ordering. Now
let a be any element in I. Using the division algorithm, we know that there
exist integers q and r such that

                                  a = nq + r

where 0 ≤ r < n. This equation tells us that r = a − nq ∈ I, but r must be
0 since n is the least positive element in I. Therefore, a = nq and I = hni.
                                                                          

Example 17. The set nZ is ideal in the ring of integers. If na is in nZ and
b is in Z, then nab is in nZ as required. In fact, by Theorem 16.8, these are
the only ideals of Z.                                                      

Proposition 16.9 The kernel of any ring homomorphism φ : R → S is an
ideal in R.

Proof. We know from group theory that ker φ is an additive subgroup of
R. Suppose that r ∈ R and a ∈ ker φ. Then we must show that ar and ra
are in ker φ. However,

                        φ(ar) = φ(a)φ(r) = 0φ(r) = 0

and
                        φ(ra) = φ(r)φ(a) = φ(r)0 = 0.
                                                                              
Remark. In our definition of an ideal we have required that rI ⊂ I and
Ir ⊂ I for all r ∈ R. Such ideals are sometimes referred to as two-sided
16.3   RING HOMOMORPHISMS AND IDEALS                                       253

ideals. We can also consider one-sided ideals; that is, we may require
only that either rI ⊂ I or Ir ⊂ I for r ∈ R hold but not both. Such
ideals are called left ideals and right ideals, respectively. Of course,
in a commutative ring any ideal must be two-sided. In this text we will
concentrate on two-sided ideals.
Theorem 16.10 Let I be an ideal of R. The factor group R/I is a ring
with multiplication defined by
                           (r + I)(s + I) = rs + I.
Proof. We already know that R/I is an abelian group under addition. Let
r+I and s+I be in R/I. We must show that the product (r+I)(s+I) = rs+I
is independent of the choice of coset; that is, if r0 ∈ r + I and s0 ∈ s + I,
then r0 s0 must be in rs + I. Since r0 ∈ r + I, there exists an element a in
I such that r0 = r + a. Similarly, there exists a b ∈ I such that s0 = s + b.
Notice that
                  r0 s0 = (r + a)(s + b) = rs + as + rb + ab
and as + rb + ab ∈ I since I is an ideal; consequently, r0 s0 ∈ rs + I. We will
leave as an exercise the verification of the associative law for multiplication
and the distributive laws.                                                    
    The ring R/I in Theorem 16.10 is called the factor or quotient ring .
Just as with group homomorphisms and normal subgroups, there is a rela-
tionship between ring homomorphisms and ideals.
Theorem 16.11 Let I be an ideal of R. The map ψ : R → R/I defined by
ψ(r) = r + I is a ring homomorphism of R onto R/I with kernel I.
Proof. Certainly ψ : R → R/I is a surjective abelian group homomorphism.
It remains to show that ψ works correctly under ring multiplication. Let r
and s be in R. Then
                ψ(r)ψ(s) = (r + I)(s + I) = rs + I = ψ(rs),
which completes the proof of the theorem.                                    
    The map ψ : R → R/I is often called the natural or canonical
homomorphism. In ring theory we have isomorphism theorems relating
ideals and ring homomorphisms similar to the isomorphism theorems for
groups that relate normal subgroups and homomorphisms in Chapter 11.
We will prove only the First Isomorphism Theorem for rings in this chapter
and leave the proofs of the other two theorems as exercises. All of the proofs
are similar to the proofs of the isomorphism theorems for groups.
254                                                CHAPTER 16       RINGS

Theorem 16.12 (First Isomorphism Theorem) Let φ : R → S be a
ring homomorphism. Then ker φ is an ideal of R. If ψ : R → R/ ker φ
is the canonical homomorphism, then there exists a unique isomorphism
η : R/ ker φ → φ(R) such that φ = ηψ.

Proof. Let K = ker φ. By the First Isomorphism Theorem for groups,
there exists a well-defined group homomorphism η : R/K → φ(R) defined by
η(r + K) = φ(r) for the additive abelian groups R and R/K. To show that
this is a ring homomorphism, we need only show that η((r + K)(s + K)) =
η(r + K)η(s + K); but

                 η((r + K)(s + K)) = η(rs + K)
                                     = φ(rs)
                                     = φ(r)φ(s)
                                     = η(r + K)η(s + K).

                                                                          

Theorem 16.13 (Second Isomorphism Theorem) Let I be a subring
of a ring R and J an ideal of R. Then I ∩ J is an ideal of I and

                           I/I ∩ J ∼
                                   = (I + J)/J.

Theorem 16.14 (Third Isomorphism Theorem) Let R be a ring and
I and J be ideals of R where J ⊂ I. Then

                                     R/J
                               R/I ∼
                                   =     .
                                     I/J

Theorem 16.15 (Correspondence Theorem)) Let I be an ideal of a
ring R. Then S → S/I is a one-to-one correspondence between the set of
subrings S containing I and the set of subrings of R/I. Furthermore, the
ideals of R containing I correspond to ideals of R/I.


16.4     Maximal and Prime Ideals
In this particular section we are especially interested in certain ideals of
commutative rings. These ideals give us special types of factor rings. More
specifically, we would like to characterize those ideals I of a commutative
ring R such that R/I is an integral domain or a field.
16.4   MAXIMAL AND PRIME IDEALS                                            255

    A proper ideal M of a ring R is a maximal ideal of R if the ideal M
is not a proper subset of any ideal of R except R itself. That is, M is a
maximal ideal if for any ideal I properly containing M , I = R. The following
theorem completely characterizes maximal ideals for commutative rings with
identity in terms of their corresponding factor rings.
Theorem 16.16 Let R be a commutative ring with identity and M an ideal
in R. Then M is a maximal ideal of R if and only if R/M is a field.
Proof. Let M be a maximal ideal in R. If R is a commutative ring, then
R/M must also be a commutative ring. Clearly, 1 + M acts as an identity
for R/M . We must also show that every nonzero element in R/M has an
inverse. If a + M is a nonzero element in R/M , then a ∈  / M . Define I to be
the set {ra + m : r ∈ R and m ∈ M }. We will show that I is an ideal in R.
The set I is nonempty since 0a + 0 = 0 is in I. If r1 a + m1 and r2 a + m2 are
two elements in I, then
             (r1 a + m1 ) − (r2 a + m2 ) = (r1 − r2 )a + (m1 − m2 )
is in I. Also, for any r ∈ R it is true that rI ⊂ I; hence, I is closed under
multiplication and satisfies the necessary conditions to be an ideal. Therefore,
by Proposition 16.2 and the definition of an ideal, I is an ideal properly
containing M . Since M is a maximal ideal, I = R; consequently, by the
definition of I there must be an m in M and a b in R such that 1 = ab + m.
Therefore,
              1 + M = ab + M = ba + M = (a + M )(b + M ).
    Conversely, suppose that M is an ideal and R/M is a field. Since R/M
is a field, it must contain at least two elements: 0 + M = M and 1 + M .
Hence, M is a proper ideal of R. Let I be any ideal properly containing M .
We need to show that I = R. Choose a in I but not in M . Since a + M is a
nonzero element in a field, there exists an element b + M in R/M such that
(a + M )(b + M ) = ab + M = 1 + M . Consequently, there exists an element
m ∈ M such that ab + m = 1 and 1 is in I. Therefore, r1 = r ∈ I for all
r ∈ R. Consequently, I = R.                                             
Example 18. Let pZ be an ideal in Z, where p is prime. Then pZ is a
maximal ideal since Z/pZ ∼
                         = Zp is a field.                        
   A proper ideal P in a commutative ring R is called a prime ideal if
whenever ab ∈ P , then either a ∈ P or b ∈ P .
Example 19. It is easy to check that the set P = {0, 2, 4, 6, 8, 10} is an
ideal in Z12 . This ideal is prime. In fact, it is a maximal ideal.      
256                                                      CHAPTER 16         RINGS

Proposition 16.17 Let R be a commutative ring with identity 1, where
1 6= 0. Then P is a prime ideal in R if and only if R/P is an integral
domain.

Proof. First let us assume that P is an ideal in R and R/P is an integral
domain. Suppose that ab ∈ P . If a + P and b + P are two elements of R/P
such that (a + P )(b + P ) = 0 + P = P , then either a + P = P or b + P = P .
This means that either a is in P or b is in P , which shows that P must be
prime.
   Conversely, suppose that P is prime and

                     (a + P )(b + P ) = ab + P = 0 + P = P.

Then ab ∈ P . If a ∈/ P , then b must be in P by the definition of a prime
ideal; hence, b + P = 0 + P and R/P is an integral domain.               

Example 20. Every ideal in Z is of the form nZ. The factor ring Z/nZ ∼   = Zn
is an integral domain only when n is prime. It is actually a field. Hence, the
nonzero prime ideals in Z are the ideals pZ, where p is prime. This example
really justifies the use of the word “prime” in our definition of prime ideals.
                                                                            
      Since every field is an integral domain, we have the following corollary.

Corollary 16.18 Every maximal ideal in a commutative ring with identity
is also a prime ideal.


                                Historical Note
Amalie Emmy Noether, one of the outstanding mathematicians of the twentieth
century, was born in Erlangen, Germany in 1882. She was the daughter of Max
Noether (1844–1921), a distinguished mathematician at the University of Erlangen.
Together with Paul Gordon (1837–1912), Emmy Noether’s father strongly influenced
her early education. She entered the University of Erlangen at the age of 18.
Although women had been admitted to universities in England, France, and Italy
for decades, there was great resistance to their presence at universities in Germany.
Noether was one of only two women among the university’s 986 students. After
completing her doctorate under Gordon in 1907, she continued to do research at
Erlangen, occasionally lecturing when her father was ill.
    Noether went to Göttingen to study in 1916. David Hilbert and Felix Klein
tried unsuccessfully to secure her an appointment at Göttingen. Some of the faculty
objected to women lecturers, saying, “What will our soldiers think when they return
16.5   AN APPLICATION TO SOFTWARE DESIGN                                         257

to the university and are expected to learn at the feet of a woman?” Hilbert, annoyed
at the question, responded, “Meine Herren, I do not see that the sex of a candidate
is an argument against her admission as a Privatdozent. After all, the Senate is not
a bathhouse.” At the end of World War I, attitudes changed and conditions greatly
improved for women. After Noether passed her habilitation examination in 1919,
she was given a title and was paid a small sum for her lectures.
     In 1922, Noether became a Privatdozent at Göttingen. Over the next 11 years
she used axiomatic methods to develop an abstract theory of rings and ideals.
Though she was not good at lecturing, Noether was an inspiring teacher. One of her
many students was B. L. van der Waerden, author of the first text treating abstract
algebra from a modern point of view. Some of the other mathematicians Noether
influenced or closely worked with were Alexandroff, Artin, Brauer, Courant, Hasse,
Hopf, Pontryagin, von Neumann, and Weyl. One of the high points of her career
was an invitation to address the International Congress of Mathematicians in Zurich
in 1932. In spite of all the recognition she received from her colleagues, Noether’s
abilities were never recognized as they should have been during her lifetime. She
was never promoted to full professor by the Prussian academic bureaucracy.
     In 1933, Noether, a Jew, was banned from participation in all academic activities
in Germany. She emigrated to the United States, took a position at Bryn Mawr
College, and became a member of the Institute for Advanced Study at Princeton.
Noether died suddenly on April 14, 1935. After her death she was eulogized by such
notable scientists as Albert Einstein.


16.5      An Application to Software Design
The Chinese Remainder Theorem is a result from elementary number theory
about the solution of systems of simultaneous congruences. The Chinese
mathematician Sun-tsı̈ wrote about the theorem in the first century A.D.
This theorem has some interesting consequences in the design of software for
parallel processors.

Lemma 16.19 Let m and n be positive integers such that gcd(m, n) = 1.
Then for a, b ∈ Z the system

                                 x≡a      (mod m)
                                 x ≡ b (mod n)

has a solution. If x1 and x2 are two solutions of the system, then x1 ≡ x2
(mod mn).

Proof. The equation x ≡ a (mod m) has a solution since a + km satisfies
the equation for all k ∈ Z. We must show that there exists an integer k1
258                                                   CHAPTER 16        RINGS

such that
                           a + k1 m ≡ b (mod n).
This is equivalent to showing that

                          k1 m ≡ (b − a)    (mod n)

has a solution for k1 . Since m and n are relatively prime, there exist integers
s and t such that ms + nt = 1. Consequently,

                      (b − a)ms = (b − a) − (b − a)nt,

or
                      [(b − a)s]m ≡ (b − a)    (mod n).
Now let k1 = (b − a)s.
    To show that any two solutions are congruent modulo mn, let c1 and c2
be two solutions of the system. That is,

                              ci ≡ a (mod m)
                              ci ≡ b (mod n)

for i = 1, 2. Then

                              c2 ≡ c1   (mod m)
                              c2 ≡ c1   (mod n).

Therefore, both m and n divide c1 − c2 . Consequently, c2 ≡ c1 (mod mn).
                                                                      

Example 21. Let us solve the system

                               x≡3      (mod 4)
                               x≡4      (mod 5).

Using the Euclidean algorithm, we can find integers s and t such that
4s + 5t = 1. Two such integers are s = 4 and t = −3. Consequently,

               x = a + k1 m = 3 + 4k1 = 3 + 4[(5 − 4)4] = 19.

                                                                              
16.5   AN APPLICATION TO SOFTWARE DESIGN                                    259

Theorem 16.20 (Chinese Remainder Theorem) Let n1 , n2 , . . . , nk be
positive integers such that gcd(ni , nj ) = 1 for i 6= j. Then for any integers
a1 , . . . , ak , the system

                              x ≡ a1    (mod n1 )
                              x ≡ a2    (mod n2 )
                               ..
                                .
                              x ≡ ak    (mod nk )

has a solution. Furthermore, any two solutions of the system are congruent
modulo n1 n2 · · · nk .

Proof. We will use mathematical induction on the number of equations
in the system. If there are k = 2 equations, then the theorem is true by
Lemma 16.19. Now suppose that the result is true for a system of k equations
or less and that we wish to find a solution of

                           x ≡ a1     (mod n1 )
                           x ≡ a2     (mod n2 )
                            ..
                             .
                           x ≡ ak+1     (mod nk+1 ).

Considering the first k equations, there exists a solution that is unique
modulo n1 · · · nk , say a. Since n1 · · · nk and nk+1 are relatively prime, the
system

                           x ≡ a (mod n1 · · · nk )
                           x ≡ ak+1     (mod nk+1 )

has a solution that is unique modulo n1 . . . nk+1 by the lemma.              

Example 22. Let us solve the system

                               x≡3      (mod 4)
                               x≡4      (mod 5)
                               x≡1      (mod 9)
                               x≡5      (mod 7).
260                                                  CHAPTER 16       RINGS

From Example 21 we know that 19 is a solution of the first two congruences
and any other solution of the system is congruent to 19 (mod 20). Hence,
we can reduce the system to a system of three congruences:

                             x ≡ 19    (mod 20)
                             x≡1      (mod 9)
                             x≡5      (mod 7).

Solving the next two equations, we can reduce the system to

                             x ≡ 19    (mod 180)
                             x≡5      (mod 7).

Solving this last system, we find that 19 is a solution for the system that is
unique up to modulo 1260.                                                   
    One interesting application of the Chinese Remainder Theorem in the
design of computer software is that the theorem allows us to break up a
calculation involving large integers into several less formidable calculations.
Most computers will handle integer calculations only up to a certain size.
For example, the largest integer available on many workstations is 231 − 1 =
2,147,483,647. Special software is required for calculations involving larger
integers which cannot be added directly by the machine. However, by using
the Chinese Remainder Theorem we can break down large integer additions
and multiplications into calculations that the computer can handle directly.
This is especially useful on parallel processing computers which have the
ability to run several programs concurrently.
    Most computers have a single central processing unit (CPU), which can
only add two numbers at a time. To add a list of ten numbers, the CPU must
do nine additions in sequence. However, a parallel processing computer has
more than one CPU. A computer with 10 CPUs, for example, can perform 10
different additions at the same time. If we can take a large integer and break
it down into parts, sending each part to a different CPU, then by performing
several additions or multiplications simultaneously on those parts, we can
work with an integer that the computer would not be able to handle as a
whole.

Example 23. Suppose that we wish to multiply 2134 by 1531. We will use
the integers 95, 97, 98, and 99 because they are relatively prime. We can
EXERCISES                                                                261

break down each integer into four parts:

                           2134 ≡ 44    (mod 95)
                           2134 ≡ 0    (mod 97)
                           2134 ≡ 76    (mod 98)
                           2134 ≡ 55    (mod 99)

and

                           1531 ≡ 11    (mod 95)
                           1531 ≡ 76    (mod 97)
                           1531 ≡ 61    (mod 98)
                           1531 ≡ 46    (mod 99).

Multiplying the corresponding equations, we obtain

                   2134 · 1531 ≡ 44 · 11 ≡ 9     (mod 95)
                   2134 · 1531 ≡ 0 · 76 ≡ 0    (mod 97)
                   2134 · 1531 ≡ 76 · 61 ≡ 30     (mod 98)
                   2134 · 1531 ≡ 55 · 46 ≡ 55     (mod 99).

Each of these four computations can be sent to a different processor if
our computer has several CPUs. By the above calculation, we know that
2134 · 1531 is a solution of the system

                            x≡9       (mod 95)
                            x≡0       (mod 97)
                            x ≡ 30     (mod 98)
                            x ≡ 55     (mod 99).

The Chinese Remainder Theorem tells us that solutions are unique up to
modulo 95 · 97 · 98 · 99 = 89,403,930. Solving this system of congruences for
x tells us that 2134 · 1531 = 3,267,154.
    The conversion of the computation into the four subcomputations will
take some computing time. In addition, solving the system of congruences
can also take considerable time. However, if we have many computations to
be performed on a particular set of numbers, it makes sense to transform the
problem as we have done above and to perform the necessary calculations
simultaneously.                                                            
262                                                        CHAPTER 16        RINGS

Exercises
  1. Which of the following sets are rings with respect to the usual operations of
     addition and multiplication? If the set is a ring, is it also a field?
       (a) 7Z
       (b) Z18
             √              √
       (c) Q( 2 ) = {a + b 2 : a, b ∈ Q}
             √ √                 √    √  √
       (d) Q( 2, 3 ) = {a + b 2 + c 3 + d 6 : a, b, c, d ∈ Q}
             √             √
       (e) Z[ 3 ] = {a + b 3 : a, b ∈ Z}
                      √
       (f) R = {a + b 3 3 : a, b ∈ Q}
       (g) Z[i] = {a + bi : a, b ∈ Z and i2 = −1}
              √              √       √
       (h) Q( 3 3 ) = {a + b 3 3 + c 3 9 : a, b, c ∈ Q}
  2. Let R be the ring of 2 × 2 matrices of     the form
                                                 
                                        a       b
                                                    ,
                                        0       0

      where a, b ∈ R. Show that although R is a ring that has no identity, we can
      find a subring S of R with an identity.
  3. List or characterize all of the units in each of the following rings.
       (a) Z10
       (b) Z12
       (c) Z7
       (d) M2 (Z), the 2 × 2 matrices with entries in Z
       (e) M2 (Z2 ), the 2 × 2 matrices with entries in Z2
  4. Find all of the ideals in each of the following rings. Which of these ideals are
     maximal and which are prime?
       (a) Z18
       (b) Z25
       (c) M2 (R), the 2 × 2 matrices with entries in R
       (d) M2 (Z), the 2 × 2 matrices with entries in Z
       (e) Q
  5. For each of the following rings R with ideal I, give an addition table and a
     multiplication table for R/I.
       (a) R = Z and I = 6Z
       (b) R = Z12 and I = {0, 3, 6, 9}
EXERCISES                                                                         263

  6. Find all homomorphisms φ : Z/6Z → Z/15Z.
  7. Prove that R is not isomorphic to C.
                                    √         √
  8. Prove or disprove:
                √            √ Q( 2 ) = {a + b 2 : a, b ∈ Q} is isomorphic to
                        The ring
     the ring Q( 3 ) = {a + b 3 : a, b ∈ Q}.
  9. What is the characteristic of the field formed      by the set of matrices
                                                            
                             1 0       1 1       0       1     0 0
                    F =             ,          ,            ,
                             0 1       1 0       1       1     0 0

     with entries in Z2 ?
 10. Define a map φ : C → M2 (R) by
                                                          
                                                   a     b
                                 φ(a + bi) =                 .
                                                   −b    a

     Show that φ is an isomorphism of C with its image in M2 (R).
 11. Prove that the Gaussian integers, Z[i], are an integral domain.
                  √             √
 12. Prove that Z[ 3 i] = {a + b 3 i : a, b ∈ Z} is an integral domain.
 13. Solve each of the following systems of congruences.

      (a)                                          (c)

                                                                 x≡2   (mod 4)
                  x≡2       (mod 5)                              x≡4   (mod 7)
                  x≡6       (mod 11)                             x≡7   (mod 9)
                                                                 x≡5   (mod 11)

      (b)                                          (d)

                                                                 x≡3   (mod 5)
                  x≡3       (mod 7)                              x≡0   (mod 8)
                  x≡0       (mod 8)                              x≡1   (mod 11)
                  x≡5       (mod 15)                             x≡5   (mod 13)


 14. Use the method of parallel computation outlined in the text to calculate
     2234 + 4121 by dividing the calculation into four separate additions modulo
     95, 97, 98, and 99.
 15. Explain why the method of parallel computation outlined in the text fails
     for 2134 · 1531 if we attempt to break the calculation down into two smaller
     calculations modulo 98 and 99.
264                                                       CHAPTER 16       RINGS

 16. If R is a field, show that the only two ideals of R are {0} and R itself.
 17. Let a be any element in a ring R with identity. Show that (−1)a = −a.
 18. Let φ : R → S be a ring homomorphism. Prove each of the following
     statements.
      (a) If R is a commutative ring, then φ(R) is a commutative ring.
      (b) φ(0) = 0.
      (c) Let 1R and 1S be the identities for R and S, respectively. If φ is onto,
          then φ(1R ) = 1S .
      (d) If R is a field and φ(R) 6= 0, then φ(R) is a field.
 19. Prove that the associative law for multiplication and the distributive laws
     hold in R/I.
 20. Prove the Second Isomorphism Theorem for rings: Let I be a subring of a
     ring R and J an ideal in R. Then I ∩ J is an ideal in I and

                                     I/I ∩ J ∼
                                             = I + J/J.

 21. Prove the Third Isomorphism Theorem for rings: Let R be a ring and I and
     J be ideals of R, where J ⊂ I. Then
                                              R/J
                                        R/I ∼
                                            =     .
                                              I/J

 22. Prove the Correspondence Theorem: Let I be an ideal of a ring R. Then
     S → S/I is a one-to-one correspondence between the set of subrings S
     containing I and the set of subrings of R/I. Furthermore, the ideals of R
     correspond to ideals of R/I.
 23. Let R be a ring and S a subset of R. Show that S is a subring of R if and
     only if each of the following conditions is satisfied.
      (a) S 6= ∅.
      (b) rs ∈ S for all r, s ∈ S.
      (c) r − s ∈ S for all r, s ∈ S.
                                                                         T
 24. Let R be a ring with a collection of subrings {Rα }. Prove that Rα is a
     subring of R. Give an example to show that the union of two subrings is not
     necessarily a subring.
                                                                   T
 25. Let {Iα }α∈A be a collection of ideals in a ring R. Prove that α∈A Iα is also
     an ideal in R. Give an example to show that if I1 and I2 are ideals in R, then
     I1 ∪ I2 may not be an ideal.
 26. Let R be an integral domain. Show that if the only ideals in R are {0} and
     R itself, R must be a field.
EXERCISES                                                                      265

 27. Let R be a commutative ring. An element a in R is nilpotent if an = 0 for
     some positive integer n. Show that the set of all nilpotent elements forms an
     ideal in R.
 28. A ring R is a Boolean ring if for every a ∈ R, a2 = a. Show that every
     Boolean ring is a commutative ring.
 29. Let R be a ring, where a3 = a for all a ∈ R. Prove that R must be a
     commutative ring.
 30. Let R be a ring with identity 1R and S a subring of R with identity 1S . Prove
     or disprove that 1R = 1S .
 31. If we do not require the identity of a ring to be distinct from 0, we will not
     have a very interesting mathematical structure. Let R be a ring such that
     1 = 0. Prove that R = {0}.
 32. Let S be a subset of a ring R. Prove that there is a subring R0 of R that
     contains S.
 33. Let R be a ring. Define the center of R to be

                       Z(R) = {a ∈ R : ar = ra for all r ∈ R }.

     Prove that Z(R) is a commutative subring of R.
 34. Let p be prime. Prove that

                       Z(p) = {a/b : a, b ∈ Z and gcd(b, p) = 1}

     is a ring. The ring Z(p) is called the ring of integers localized at p.
 35. Prove or disprove: Every finite integral domain is isomorphic to Zp .
 36. Let R be a ring with identity.
      (a) Let u be a unit in R. Define a map iu : R → R by r 7→ uru−1 . Prove
          that iu is an automorphism of R. Such an automorphism of R is called
          an inner automorphism of R. Denote the set of all inner automorphisms
          of R by Inn(R).
      (b) Denote the set of all automorphisms of R by Aut(R). Prove that Inn(R)
          is a normal subgroup of Aut(R).
      (c) Let U (R) be the group of units in R. Prove that the map

                                      φ : U (R) → Inn(R)

          defined by u 7→ iu is a homomorphism. Determine the kernel of φ.
      (d) Compute Aut(Z), Inn(Z), and U (Z).
 37. Let R and S be arbitrary rings. Show that their Cartesian product is a ring
     if we define addition and multiplication in R × S by
266                                                              CHAPTER 16   RINGS

       (a) (r, s) + (r0 , s0 ) = (r + r0 , s + s0 )
       (b) (r, s)(r0 , s0 ) = (rr0 , ss0 )
 38. An element x in a ring is called an idempotent if x2 = x. Prove that the
     only idempotents in an integral domain are 0 and 1. Find a ring with a
     idempotent x not equal to 0 or 1.
 39. Let gcd(a, n) = d and gcd(b, d) 6= 1. Prove that ax ≡ b (mod n) does not
     have a solution.
 40. The Chinese Remainder Theorem for Rings. Let R be a ring and I
     and J be ideals in R such that I + J = R.
       (a) Show that for any r and s in R, the system of equations

                                                x≡r    (mod I)
                                                x ≡ s (mod J)

            has a solution.
       (b) In addition, prove that any two solutions of the system are congruent
           modulo I ∩ J.
       (c) Let I and J be ideals in a ring R such that I + J = R. Show that there
           exists a ring isomorphism

                                             R/(I ∩ J) ∼
                                                       = R/I × R/J.

Programming Exercise
Write a computer program implementing fast addition and multiplication
using the Chinese Remainder Theorem and the method outlined in the text.

References and Suggested Readings
  [1] Anderson, F. W. and Fuller, K. R. Rings and Categories of Modules. 2nd ed.
      Springer, New York, 1992.
  [2] Atiyah, M. F. and MacDonald, I. G. Introduction to Commutative Algebra.
      Westview Press, Boulder, CO, 1994.
  [3] Herstein, I. N. Noncommutative Rings. Mathematical Association of America,
      Washington, DC, 1994.
  [4] Kaplansky, I. Commutative Rings. Revised edition. University of Chicago
      Press, Chicago, 1974.
  [5] Knuth, D. E. The Art of Computer Programming: Semi-Numerical Algorithms,
      vol. 2. 3rd ed. Addison-Wesley Professional, Boston, 1997.
EXERCISES                                                                   267

  [6] Lidl, R. and Pilz, G. Applied Abstract Algebra. 2nd ed. Springer, New York,
      1998. A good source for applications.
  [7] Mackiw, G. Applications of Abstract Algebra. Wiley, New York, 1985.
  [8] McCoy, N. H. Rings and Ideals. Carus Monograph Series, No. 8. Mathemati-
      cal Association of America, Washington, DC, 1968.
  [9] McCoy, N. H. The Theory of Rings. Chelsea, New York, 1972.
[10] Zariski, O. and Samuel, P. Commutative Algebra, vols. I and II. Springer,
     New York, 1975, 1960.

Sage Rings are at the heart of Sage’s design, so you will find a wide range
of possibilities for computing with rings and fields. Ideals, quotients, and
homomorphisms are all available.
                                    17
                      Polynomials



Most people are fairly familiar with polynomials by the time they begin to
study abstract algebra. When we examine polynomial expressions such as

                           p(x) = x3 − 3x + 2
                            q(x) = 3x2 − 6x + 5,

we have a pretty good idea of what p(x) + q(x) and p(x)q(x) mean. We just
add and multiply polynomials as functions; that is,

                (p + q)(x) = p(x) + q(x)
                           = (x3 − 3x + 2) + (3x2 − 6x + 5)
                           = x3 + 3x2 − 9x + 7

and

               (pq)(x) = p(x)q(x)
                       = (x3 − 3x + 2)(3x2 − 6x + 5)
                       = 3x5 − 6x4 − 4x3 + 24x2 − 27x + 10.

It is probably no surprise that polynomials form a ring. In this chapter we
shall emphasize the algebraic structure of polynomials by studying polynomial
rings. We can prove many results for polynomial rings that are similar to
the theorems we proved for the integers. Analogs of prime numbers, of the
division algorithm, and of the Euclidean algorithm exist for polynomials.




                                    268
17.1    POLYNOMIAL RINGS                                                       269

17.1      Polynomial Rings
Throughout this chapter we shall assume that R is a commutative ring with
identity. Any expression of the form
                          n
                          X
              f (x) =           ai xi = a0 + a1 x + a2 x2 + · · · + an xn ,
                          i=0

where ai ∈ R and an =   6 0, is called a polynomial over R with indeter-
minate x. The elements a0 , a1 , . . . , an are called the coefficients of f .
The coefficient an is called the leading coefficient. A polynomial is called
monic if the leading coefficient is 1. If n is the largest nonnegative number
for which an 6= 0, we say that the degree of f is n and write deg f (x) = n.
If no such n exists—that is, if f = 0 is the zero polynomial—then the degree
of f is defined to be −∞. We will denote the set of all polynomials with
coefficients in a ring R by R[x]. Two polynomials are equal exactly when
their corresponding coefficients are equal; that is, if we let

                            p(x) = a0 + a1 x + · · · + an xn
                            q(x) = b0 + b1 x + · · · + bm xm ,

then p(x) = q(x) if and only if ai = bi for all i ≥ 0.
    To show that the set of all polynomials forms a ring, we must first define
addition and multiplication. We define the sum of two polynomials as follows.
Let

                            p(x) = a0 + a1 x + · · · + an xn
                            q(x) = b0 + b1 x + · · · + bm xm .

Then the sum of p(x) and q(x) is

                         p(x) + q(x) = c0 + c1 x + · · · + ck xk ,

where ci = ai + bi for each i. We define the product of p(x) and q(x) to be

                    p(x)q(x) = c0 + c1 x + · · · + cm+n xm+n ,

where
                   i
                   X
            ci =         ak bi−k = a0 bi + a1 bi−1 + · · · + ai−1 b1 + ai b0
                   k=0
270                                          CHAPTER 17        POLYNOMIALS

for each i. Notice that in each case some of the coefficients may be zero.

Example 1. Suppose that

                       p(x) = 3 + 0x + 0x2 + 2x3 + 0x4

and
                        q(x) = 2 + 0x − x2 + 0x3 + 4x4
are polynomials in Z[x]. If the coefficient of some term in a polynomial
is zero, then we usually just omit that term. In this case we would write
p(x) = 3 + 2x3 and q(x) = 2 − x2 + 4x4 . The sum of these two polynomials is

                      p(x) + q(x) = 5 − x2 + 2x3 + 4x4 .

The product,

 p(x)q(x) = (3 + 2x3 )(2 − x2 + 4x4 ) = 6 − 3x2 + 4x3 + 12x4 − 2x5 + 8x7 ,

can be calculated either by determining the ci ’s in the definition or by simply
multiplying polynomials in the same way as we have always done.               

Example 2. Let

               p(x) = 3 + 3x3      and      q(x) = 4 + 4x2 + 4x4

be polynomials in Z12 [x]. The sum of p(x) and q(x) is 7 + 4x2 + 3x3 + 4x4 .
The product of the two polynomials is the zero polynomial. This example
tells us that R[x] cannot be an integral domain if R is not an integral domain.
                                                                            


Theorem 17.1 Let R be a commutative ring with identity. Then R[x] is a
commutative ring with identity.

Proof. Our first task is to show that R[x] is an abelian group under
polynomial addition. The zero
                            Pn polynomial,     f (x) = 0, is the additive identity.
Given a polynomial   p(x) =       a x i , the inverse of p(x) is easily verified to
                               P i
                              i=0
be −p(x) = ni=0 (−ai )xi = − ni=0 ai xi . Commutativity and associativity
            P
follow immediately from the definition of polynomial addition and from the
fact that addition in R is both commutative and associative.
17.1   POLYNOMIAL RINGS                                                                                  271

   To show that polynomial multiplication is associative, let
                                                   m
                                                   X
                                  p(x) =                 ai xi ,
                                                   i=0
                                                   Xn
                                  q(x) =                 bi xi ,
                                                   i=0
                                                   Xp
                                  r(x) =                 ci xi .
                                                   i=0
Then
                                   m                       n                        p
                              "                     !                         !#                    !
                                   X                       X                        X
           [p(x)q(x)]r(x) =              ai xi                     bi xi                  ci xi
                                   i=0                      i=0                     i=0
                                          
                           m+n   i                p
                                                          !
                            X X                   X
                         =       aj bi−j  xi    ci xi
                                  i=0      j=0                                     i=0
                                                   
                           m+n+p   i j
                                              !
                            X X      X
                         =            ak bj−k ci−j  xi
                                  i=0      j=0            k=0
                                                                         
                              m+n+p
                               X                    X
                         =                                  aj bk cl  xi
                                  i=0      j+k+l=i
                                                                             !
                           m+n+p
                            X X    i                          i−j
                                                              X
                         =          aj                              bk ci−j−k  xi
                                  i=0      j=0                k=0

                                  m
                                         ! n+p  i          
                                  X         X X
                         =          ai xi         bj ci−j  xi 
                                  i=0                    i=0       j=0
                                  m                        n                       p
                                                   !"                         !                     !#
                                  X                        X                       X
                                               i                          i                     i
                         =              ai x                       bi x                  ci x
                                  i=0                       i=0                    i=0
                         = p(x)[q(x)r(x)]
The commutativity and distribution properties of polynomial multiplication
are proved in a similar manner. We shall leave the proofs of these properties
as an exercise.                                                            
Proposition 17.2 Let p(x) and q(x) be polynomials in R[x], where R is an
integral domain. Then deg p(x) + deg q(x) = deg(p(x)q(x)). Furthermore,
R[x] is an integral domain.
272                                           CHAPTER 17                      POLYNOMIALS

Proof. Suppose that we have two nonzero polynomials
                       p(x) = am xm + · · · + a1 x + a0
and
                        q(x) = bn xn + · · · + b1 x + b0
with am 6= 0 and bn =  6 0. The degrees of p(x) and q(x) are m and n,
respectively. The leading term of p(x)q(x) is am bn xm+n , which cannot be
zero since R is an integral domain; hence, the degree of p(x)q(x) is m + n,
and p(x)q(x) 6= 0. Since p(x) 6= 0 and q(x) 6= 0 imply that p(x)q(x) 6= 0, we
know that R[x] must also be an integral domain.                             
    We also want to consider polynomials in two or more variables, such
as x2 − 3xy + 2y 3 . Let R be a ring and suppose that we are given two
indeterminates x and y. Certainly we can form the ring (R[x])[y]. It is
straightforward but perhaps tedious to show that (R[x])[y] ∼
                                                           = R([y])[x]. We
shall identify these two rings by this isomorphism and simply write R[x, y].
The ring R[x, y] is called the ring of polynomials in two indeterminates
x and y with coefficients in R. We can define the ring of polynomials
in n indeterminates with coefficients in R similarly. We shall denote
this ring by R[x1 , x2 , . . . , xn ].
Theorem 17.3 Let R be a commutative ring with identity and α ∈ R. Then
we have a ring homomorphism φα : R[x] → R defined by
                 φα (p(x)) = p(α) = an αn + · · · + a1 α + a0 ,
where p(x) = an xn + · · · + a1 x + a0 .
Proof. Let p(x) = ni=0 ai xi and q(x) = m                i
                      P                        P
                                                 i=0 bi x . It is easy to show
that φα (p(x) + q(x)) = φα (p(x)) + φα (q(x)). To show that multiplication is
preserved under the map φα , observe that
                φα (p(x))φα (q(x)) = p(α)q(α)
                                        n                    m
                                                         !                    !
                                        X                    X
                                                     i                    i
                                   =          ai α                 bi α
                                        i=0                  i=0
                                       m+n    i
                                                                   !
                                       X      X
                                   =                     ak bi−k       αi
                                       i=0    k=0
                                   = φα (p(x)q(x)).
                                                                                       
    The map φα : R[x] → R is called the evaluation homomorphism
at α.
17.2   THE DIVISION ALGORITHM                                             273

17.2     The Division Algorithm
Recall that the division algorithm for integers (Theorem 2.3) says that if
a and b are integers with b > 0, then there exist unique integers q and r
such that a = bq + r, where 0 ≤ r < b. The algorithm by which q and r
are found is just long division. A similar theorem exists for polynomials.
The division algorithm for polynomials has several important consequences.
Since its proof is very similar to the corresponding proof for integers, it is
worthwhile to review Theorem 2.3 at this point.

Theorem 17.4 (Division Algorithm) Let f (x) and g(x) be polynomials
in F [x], where F is a field and g(x) is a nonzero polynomial. Then there
exist unique polynomials q(x), r(x) ∈ F [x] such that

                           f (x) = g(x)q(x) + r(x),

where either deg r(x) < deg g(x) or r(x) is the zero polynomial.

Proof. We will first consider the existence of q(x) and r(x). If f (x) is the
zero polynomial, then
                             0 = 0 · g(x) + 0;
hence, both q and r must also be the zero polynomial. Now suppose that
f (x) is not the zero polynomial and that deg f (x) = n and deg g(x) = m. If
m > n, then we can let q(x) = 0 and r(x) = f (x). Hence, we may assume
that m ≤ n and proceed by induction on n. If

                 f (x) = an xn + an−1 xn−1 + · · · + a1 x + a0
                 g(x) = bm xm + bm−1 xm−1 + · · · + b1 x + b0

the polynomial
                                            an n−m
                        f 0 (x) = f (x) −      x   g(x)
                                            bm
has degree less than n or is the zero polynomial. By induction, there exist
polynomials q 0 (x) and r(x) such that

                          f 0 (x) = q 0 (x)g(x) + r(x),

where r(x) = 0 or the degree of r(x) is less than the degree of g(x). Now let
                                              an n−m
                           q(x) = q 0 (x) +      x   .
                                              bm
274                                        CHAPTER 17           POLYNOMIALS

Then
                          f (x) = g(x)q(x) + r(x),
with r(x) the zero polynomial or deg r(x) < deg g(x).
   To show that q(x) and r(x) are unique, suppose that there exist two
other polynomials q1 (x) and r1 (x) such that f (x) = g(x)q1 (x) + r1 (x) with
deg r1 (x) < deg g(x) or r1 (x) = 0, so that

                f (x) = g(x)q(x) + r(x) = g(x)q1 (x) + r1 (x),

and
                     g(x)[q(x) − q1 (x)] = r1 (x) − r(x).
If g(x) is not the zero polynomial, then

          deg(g(x)[q(x) − q1 (x)]) = deg(r1 (x) − r(x)) ≥ deg g(x).

However, the degrees of both r(x) and r1 (x) are strictly less than the degree
of g(x); therefore, r(x) = r1 (x) and q(x) = q1 (x).                        

Example 3. The division algorithm merely formalizes long division of
polynomials, a task we have been familiar with since high school. For
example, suppose that we divide x3 − x2 + 2x − 3 by x − 2.
                           x2   +      x   +     4
                   x−2     x3   −     x2   +    2x   −      3
                           x3   −    2x2
                                      x2   +    2x   −      3
                                      x2   −    2x
                                                4x   −      3
                                                4x   −      8
                                                            5

Hence, x3 − x2 + 2x − 3 = (x − 2)(x2 + x + 4) + 5.                          
   Let p(x) be a polynomial in F [x] and α ∈ F . We say that α is a zero or
root of p(x) if p(x) is in the kernel of the evaluation homomorphism φα . All
we are really saying here is that α is a zero of p(x) if p(α) = 0.

Corollary 17.5 Let F be a field. An element α ∈ F is a zero of p(x) ∈ F [x]
if and only if x − α is a factor of p(x) in F [x].
17.2   THE DIVISION ALGORITHM                                             275

Proof. Suppose that α ∈ F and p(α) = 0. By the division algorithm, there
exist polynomials q(x) and r(x) such that
                         p(x) = (x − α)q(x) + r(x)
and the degree of r(x) must be less than the degree of x − α. Since the
degree of r(x) is less than 1, r(x) = a for a ∈ F ; therefore,
                          p(x) = (x − α)q(x) + a.
But
                        0 = p(α) = 0 · q(α) + a = a;
consequently, p(x) = (x − α)q(x), and x − α is a factor of p(x).
   Conversely, suppose that x − α is a factor of p(x); say p(x) = (x − α)q(x).
Then p(α) = 0 · q(α) = 0.                                                  

Corollary 17.6 Let F be a field. A nonzero polynomial p(x) of degree n in
F [x] can have at most n distinct zeros in F .

Proof. We will use induction on the degree of p(x). If deg p(x) = 0, then
p(x) is a constant polynomial and has no zeros. Let deg p(x) = 1. Then
p(x) = ax + b for some a and b in F . If α1 and α2 are zeros of p(x), then
aα1 + b = aα2 + b or α1 = α2 .
    Now assume that deg p(x) > 1. If p(x) does not have a zero in F , then we
are done. On the other hand, if α is a zero of p(x), then p(x) = (x − α)q(x)
for some q(x) ∈ F [x] by Corollary 17.5. The degree of q(x) is n − 1 by
Proposition 17.2. Let β be some other zero of p(x) that is distinct from α.
Then p(β) = (β − α)q(β) = 0. Since α 6= β and F is a field, q(β) = 0. By
our induction hypothesis, p(x) can have at most n − 1 zeros in F that are
distinct from α. Therefore, p(x) has at most n distinct zeros in F .       
     Let F be a field. A monic polynomial d(x) is a greatest common
divisor of polynomials p(x), q(x) ∈ F [x] if d(x) evenly divides both p(x)
and q(x); and, if for any other polynomial d0 (x) dividing both p(x) and q(x),
d0 (x) | d(x). We write d(x) = gcd(p(x), q(x)). Two polynomials p(x) and
q(x) are relatively prime if gcd(p(x), q(x)) = 1.

Proposition 17.7 Let F be a field and suppose that d(x) is the greatest
common divisor of two polynomials p(x) and q(x) in F [x]. Then there exist
polynomials r(x) and s(x) such that
                        d(x) = r(x)p(x) + s(x)q(x).
Furthermore, the greatest common divisor of two polynomials is unique.
276                                       CHAPTER 17        POLYNOMIALS

Proof. Let d(x) be the monic polynomial of smallest degree in the set
              S = {f (x)p(x) + g(x)q(x) : f (x), g(x) ∈ F [x]}.
We can write d(x) = r(x)p(x) + s(x)q(x) for two polynomials r(x) and s(x)
in F [x]. We need to show that d(x) divides both p(x) and q(x). We shall
first show that d(x) divides p(x). By the division algorithm, there exist
polynomials a(x) and b(x) such that p(x) = a(x)d(x) + b(x), where b(x) is
either the zero polynomial or deg b(x) < deg d(x). Therefore,
               b(x) = p(x) − a(x)d(x)
                    = p(x) − a(x)(r(x)p(x) + s(x)q(x))
                    = p(x) − a(x)r(x)p(x) − a(x)s(x)q(x)
                    = p(x)(1 − a(x)r(x)) + q(x)(−a(x)s(x))
is a linear combination of p(x) and q(x) and therefore must be in S. However,
b(x) must be the zero polynomial since d(x) was chosen to be of smallest
degree; consequently, d(x) divides p(x). A symmetric argument shows that
d(x) must also divide q(x); hence, d(x) is a common divisor of p(x) and q(x).
     To show that d(x) is a greatest common divisor of p(x) and q(x), suppose
that d0 (x) is another common divisor of p(x) and q(x). We will show that
d0 (x) | d(x). Since d0 (x) is a common divisor of p(x) and q(x), there exist
polynomials u(x) and v(x) such that p(x) = u(x)d0 (x) and q(x) = v(x)d0 (x).
Therefore,
                   d(x) = r(x)p(x) + s(x)q(x)
                        = r(x)u(x)d0 (x) + s(x)v(x)d0 (x)
                        = d0 (x)[r(x)u(x) + s(x)v(x)].
Since d0 (x) | d(x), d(x) is a greatest common divisor of p(x) and q(x).
    Finally, we must show that the greatest common divisor of p(x) and q(x)
is unique. Suppose that d0 (x) is another greatest common divisor of p(x)
and q(x). We have just shown that there exist polynomials u(x) and v(x) in
F [x] such that d(x) = d0 (x)[r(x)u(x) + s(x)v(x)]. Since
              deg d(x) = deg d0 (x) + deg[r(x)u(x) + s(x)v(x)]
and d(x) and d0 (x) are both greatest common divisors, deg d(x) = deg d0 (x).
Since d(x) and d0 (x) are both monic polynomials of the same degree, it must
be the case that d(x) = d0 (x).                                           
    Notice the similarity between the proof of Proposition 17.7 and the proof
of Theorem 2.4.
17.3   IRREDUCIBLE POLYNOMIALS                                                   277

17.3      Irreducible Polynomials
A nonconstant polynomial f (x) ∈ F [x] is irreducible over a field F if f (x)
cannot be expressed as a product of two polynomials g(x) and h(x) in F [x],
where the degrees of g(x) and h(x) are both smaller than the degree of f (x).
Irreducible polynomials function as the “prime numbers” of polynomial rings.

Example 4. The polynomial x2 − 2 ∈ Q[x] is irreducible since it cannot be
factored any further over the rational numbers. Similarly, x2 + 1 is irreducible
over the real numbers.                                                        

Example 5. The polynomial p(x) = x3 + x2 + 2 is irreducible over Z3 [x].
Suppose that this polynomial was reducible over Z3 [x]. By the division
algorithm there would have to be a factor of the form x − a, where a is some
element in Z3 [x]. Hence, it would have to be true that p(a) = 0. However,

                                      p(0) = 2
                                      p(1) = 1
                                      p(2) = 2.

Therefore, p(x) has no zeros in Z3 and must be irreducible.                       

Lemma 17.8 Let p(x) ∈ Q[x]. Then
                             r
                       p(x) = (a0 + a1 x + · · · + an xn ),
                             s
where r, s, a0 , . . . , an are integers, the ai ’s are relatively prime, and r and s
are relatively prime.

Proof. Suppose that
                                  b0 b1          bn
                         p(x) =     + x + · · · + xn ,
                                  c0 c1          cn
where the bi ’s and the ci ’s are integers. We can rewrite p(x) as
                                  1
                    p(x) =               (d0 + d1 x + · · · + dn xn ),
                             c0 · · · cn
where d0 , . . . , dn are integers. Let d be the greatest common divisor of
d0 , . . . , dn . Then
                                  d
                    p(x) =               (a0 + a1 x + · · · + an xn ),
                             c0 · · · cn
278                                           CHAPTER 17          POLYNOMIALS

where di = dai and the ai ’s are relatively prime. Reducing d/(c0 · · · cn ) to
its lowest terms, we can write
                              r
                        p(x) = (a0 + a1 x + · · · + an xn ),
                              s
where gcd(r, s) = 1.                                                               

Theorem 17.9 (Gauss’s Lemma) Let p(x) ∈ Z[x] be a monic polynomial
such that p(x) factors into a product of two polynomials α(x) and β(x) in
Q[x], where the degrees of both α(x) and β(x) are less than the degree of
p(x). Then p(x) = a(x)b(x), where a(x) and b(x) are monic polynomials in
Z[x] with deg α(x) = deg a(x) and deg β(x) = deg b(x).

Proof. By Lemma 17.8, we can assume that
                      c1                                 c1
                α(x) =   (a0 + a1 x + · · · + am xm ) = α1 (x)
                      d1                                 d1
                      c2                               c2
                β(x) = (b0 + b1 x + · · · + bn xn ) = β1 (x),
                      d2                               d2
where the ai ’s are relatively prime and the bi ’s are relatively prime. Conse-
quently,
                                   c1 c2               c
             p(x) = α(x)β(x) =           α1 (x)β1 (x) = α1 (x)β1 (x),
                                   d1 d2               d
where c/d is the product of c1 /d1 and c2 /d2 expressed in lowest terms. Hence,
dp(x) = cα1 (x)β1 (x).
     If d = 1, then cam bn = 1 since p(x) is a monic polynomial. Hence, either
c = 1 or c = −1. If c = 1, then either am = bn = 1 or am = bn = −1. In the
first case p(x) = α1 (x)β1 (x), where α1 (x) and β1 (x) are monic polynomials
with deg α(x) = deg α1 (x) and deg β(x) = deg β1 (x). In the second case
a(x) = −α1 (x) and b(x) = −β1 (x) are the correct monic polynomials since
p(x) = (−α1 (x))(−β1 (x)) = a(x)b(x). The case in which c = −1 can be
handled similarly.
     Now suppose that d 6= 1. Since gcd(c, d) = 1, there exists a prime p such
that p | d and p6 |c. Also, since the coefficients of α1 (x) are relatively prime,
there exists a coefficient ai such that p6 |ai . Similarly, there exists a coefficient
bj of β1 (x) such that p6 |bj . Let α10 (x) and β10 (x) be the polynomials in Zp [x]
obtained by reducing the coefficients of α1 (x) and β1 (x) modulo p. Since
p | d, α10 (x)β10 (x) = 0 in Zp [x]. However, this is impossible since neither α10 (x)
nor β10 (x) is the zero polynomial and Zp [x] is an integral domain. Therefore,
d = 1 and the theorem is proven.                                                    
17.3   IRREDUCIBLE POLYNOMIALS                                           279

Corollary 17.10 Let p(x) = xn + an−1 xn−1 + · · · + a0 be a polynomial with
coefficients in Z and a0 6= 0. If p(x) has a zero in Q, then p(x) also has a
zero α in Z. Furthermore, α divides a0 .

Proof. Let p(x) have a zero a ∈ Q. Then p(x) must have a linear factor
x − a. By Gauss’s Lemma, p(x) has a factorization with a linear factor in
Z[x]. Hence, for some α ∈ Z

                    p(x) = (x − α)(xn−1 + · · · − a0 /α).

Thus a0 /α ∈ Z and so α | a0 .                                              

Example 6. Let p(x) = x4 − 2x3 + x + 1. We shall show that p(x) is
irreducible over Q[x]. Assume that p(x) is reducible. Then either p(x) has a
linear factor, say p(x) = (x − α)q(x), where q(x) is a polynomial of degree
three, or p(x) has two quadratic factors.
    If p(x) has a linear factor in Q[x], then it has a zero in Z. By Corol-
lary 17.10, any zero must divide 1 and therefore must be ±1; however,
p(1) = 1 and p(−1) = 3. Consequently, we have eliminated the possibility
that p(x) has any linear factors.
    Therefore, if p(x) is reducible it must factor into two quadratic polyno-
mials, say

         p(x) = (x2 + ax + b)(x2 + cx + d)
              = x4 + (a + c)x3 + (ac + b + d)x2 + (ad + bc)x + bd,

where each factor is in Z[x] by Gauss’s Lemma. Hence,

                                     a + c = −2
                                 ac + b + d = 0
                                   ad + bc = 1
                                        bd = 1.

Since bd = 1, either b = d = 1 or b = d = −1. In either case b = d and so

                           ad + bc = b(a + c) = 1.

Since a + c = −2, we know that −2b = 1. This is impossible since b is an
integer. Therefore, p(x) must be irreducible over Q.                   
280                                               CHAPTER 17              POLYNOMIALS

Theorem 17.11 (Eisenstein’s Criterion) Let p be a prime and suppose
that
                  f (x) = an xn + · · · + a0 ∈ Z[x].
If p | ai for i = 0, 1, . . . , n − 1, but p6 |an and p2 6 |a0 , then f (x) is irreducible
over Q.

Proof. By Gauss’s Lemma, we need only show that f (x) does not factor
into polynomials of lower degree in Z[x]. Let

                     f (x) = (br xr + · · · + b0 )(cs xs + · · · + c0 )

be a factorization in Z[x], with br and cs not equal to zero and r, s < n. Since
p2 does not divide a0 = b0 c0 , either b0 or c0 is not divisible by p. Suppose
that p6 |b0 and p | c0 . Since p6 |an and an = br cs , neither br nor cs is divisible
by p. Let m be the smallest value of k such that p6 |ck . Then

                         am = b0 cm + b1 cm−1 + · · · + bm c0

is not divisible by p, since each term on the right-hand side of the equation
is divisible by p except for b0 cm . Therefore, m = n since ai is divisible by p
for m < n. Hence, f (x) cannot be factored into polynomials of lower degree
and therefore must be irreducible.                                            

Example 7. The polynomial

                        f (x) = 16x5 − 9x4 + 3x2 + 6x − 21

is easily seen to be irreducible over Q by Eisenstein’s Criterion if we let p = 3.
                                                                               

    Eisenstein’s Criterion is more useful in constructing irreducible poly-
nomials of a certain degree over Q than in determining the irreducibility
of an arbitrary polynomial in Q[x]: given an arbitrary polynomial, it is
not very likely that we can apply Eisenstein’s Criterion. The real value of
Theorem 17.11 is that we now have an easy method of generating irreducible
polynomials of any degree.

Ideals in F [x]
Let F be a field. Recall that a principal ideal in F [x] is an ideal hp(x)i
generated by some polynomial p(x); that is,

                        hp(x)i = {p(x)q(x) : q(x) ∈ F [x]}.
17.3   IRREDUCIBLE POLYNOMIALS                                                281

Example 8. The polynomial x2 in F [x] generates the ideal hx2 i consisting
of all polynomials with no constant term or term of degree 1.           

Theorem 17.12 If F is a field, then every ideal in F [x] is a principal ideal.

Proof. Let I be an ideal of F [x]. If I is the zero ideal, the theorem is
easily true. Suppose that I is a nontrivial ideal in F [x], and let p(x) ∈ I be
a nonzero element of minimal degree. If deg p(x) = 0, then p(x) is a nonzero
constant and 1 must be in I. Since 1 generates all of F [x], h1i = I = F [x]
and I is again a principal ideal.
    Now assume that deg p(x) ≥ 1 and let f (x) be any element in I. By
the division algorithm there exist q(x) and r(x) in F [x] such that f (x) =
p(x)q(x) + r(x) and deg r(x) < deg p(x). Since f (x), p(x) ∈ I and I is an
ideal, r(x) = f (x) − p(x)q(x) is also in I. However, since we chose p(x) to
be of minimal degree, r(x) must be the zero polynomial. Since we can write
any element f (x) in I as p(x)q(x) for some q(x) ∈ F [x], it must be the case
that I = hp(x)i.                                                             

Example 9. It is not the case that every ideal in the ring F [x, y] is a
principal ideal. Consider the ideal of F [x, y] generated by the polynomials
x and y. This is the ideal of F [x, y] consisting of all polynomials with no
constant term. Since both x and y are in the ideal, no single polynomial can
generate the entire ideal.                                                 

Theorem 17.13 Let F be a field and suppose that p(x) ∈ F [x]. Then the
ideal generated by p(x) is maximal if and only if p(x) is irreducible.

Proof. Suppose that p(x) generates a maximal ideal of F [x]. Then hp(x)i is
also a prime ideal of F [x]. Since a maximal ideal must be properly contained
inside F [x], p(x) cannot be a constant polynomial. Let us assume that p(x)
factors into two polynomials of lesser degree, say p(x) = f (x)g(x). Since
hp(x)i is a prime ideal one of these factors, say f (x), is in hp(x)i and therefore
be a multiple of p(x). But this would imply that hp(x)i ⊂ hf (x)i, which is
impossible since hp(x)i is maximal.
    Conversely, suppose that p(x) is irreducible over F [x]. Let I be an ideal
in F [x] containing hp(x)i. By Theorem 17.12, I is a principal ideal; hence,
I = hf (x)i for some f (x) ∈ F [x]. Since p(x) ∈ I, it must be the case
that p(x) = f (x)g(x) for some g(x) ∈ F [x]. However, p(x) is irreducible;
hence, either f (x) or g(x) is a constant polynomial. If f (x) is constant,
then I = F [x] and we are done. If g(x) is constant, then f (x) is a constant
282                                            CHAPTER 17         POLYNOMIALS

multiple of I and I = hp(x)i. Thus, there are no proper ideals of F [x] that
properly contain hp(x)i.                                                  

                                 Historical Note
Throughout history, the solution of polynomial equations has been a challenging
problem. The Babylonians knew how to solve the equation ax2 + bx + c = 0. Omar
Khayyam (1048–1131) devised methods of solving cubic equations through the
use of geometric constructions and conic sections. The algebraic solution of the
general cubic equation ax3 + bx2 + cx + d = 0 was not discovered until the sixteenth
century. An Italian mathematician, Luca Pacioli (ca. 1445–1509), wrote in Summa
de Arithmetica that the solution of the cubic was impossible. This was taken as a
challenge by the rest of the mathematical community.
    Scipione del Ferro (1465–1526), of the University of Bologna, solved the “de-
pressed cubic,”
                                 ax3 + cx + d = 0.
He kept his solution an absolute secret. This may seem surprising today, when
mathematicians are usually very eager to publish their results, but in the days of the
Italian Renaissance secrecy was customary. Academic appointments were not easy
to secure and depended on the ability to prevail in public contests. Such challenges
could be issued at any time. Consequently, any major new discovery was a valuable
weapon in such a contest. If an opponent presented a list of problems to be solved,
del Ferro could in turn present a list of depressed cubics. He kept the secret of
his discovery throughout his life, passing it on only on his deathbed to his student
Antonio Fior (ca. 1506–?).
     Although Fior was not the equal of his teacher, he immediately issued a challenge
to Niccolo Fontana (1499–1557). Fontana was known as Tartaglia (the Stammerer).
As a youth he had suffered a blow from the sword of a French soldier during an
attack on his village. He survived the savage wound, but his speech was permanently
impaired. Tartaglia sent Fior a list of 30 various mathematical problems; Fior
countered by sending Tartaglia a list of 30 depressed cubics. Tartaglia would either
solve all 30 of the problems or absolutely fail. After much effort Tartaglia finally
succeeded in solving the depressed cubic and defeated Fior, who faded into obscurity.
     At this point another mathematician, Gerolamo Cardano (1501–1576), entered
the story. Cardano wrote to Tartaglia, begging him for the solution to the depressed
cubic. Tartaglia refused several of his requests, then finally revealed the solution to
Cardano after the latter swore an oath not to publish the secret or to pass it on to
anyone else. Using the knowledge that he had obtained from Tartaglia, Cardano
eventually solved the general cubic
                              ax3 + bx2 + cx + d = 0.
Cardano shared the secret with his student, Ludovico Ferrari (1522–1565), who
solved the general quartic equation,
                           ax4 + bx3 + cx2 + dx + e = 0.
EXERCISES                                                                         283

In 1543, Cardano and Ferrari examined del Ferro’s papers and discovered that he
had also solved the depressed cubic. Cardano felt that this relieved him of his
obligation to Tartaglia, so he proceeded to publish the solutions in Ars Magna
(1545), in which he gave credit to del Ferro for solving the special case of the cubic.
This resulted in a bitter dispute between Cardano and Tartaglia, who published the
story of the oath a year later.


Exercises
   1. List all of the polynomials of degree 3 or less in Z2 [x].
   2. Compute each of the following.
        (a) (5x2 + 3x − 4) + (4x2 − x + 9) in Z12
        (b) (5x2 + 3x − 4)(4x2 − x + 9) in Z12
        (c) (7x3 + 3x2 − x) + (6x2 − 8x + 4) in Z9
        (d) (3x2 + 2x − 4) + (4x2 + 2) in Z5
        (e) (3x2 + 2x − 4)(4x2 + 2) in Z5
        (f) (5x2 + 3x − 2)2 in Z12
   3. Use the division algorithm to find q(x) and r(x) such that a(x) = q(x)b(x) +
      r(x) with deg r(x) < deg b(x) for each of the following pairs of polynomials.
        (a) a(x) = 5x3 + 6x2 − 3x + 4 and b(x) = x − 2 in Z7 [x]
        (b) a(x) = 6x4 − 2x3 + x2 − 3x + 1 and b(x) = x2 + x − 2 in Z7 [x]
        (c) a(x) = 4x5 − x3 + x2 + 4 and b(x) = x3 − 2 in Z5 [x]
        (d) a(x) = x5 + x3 − x2 − x and b(x) = x3 + x in Z2 [x]
   4. Find the greatest common divisor of each of the following pairs p(x) and q(x)
      of polynomials. If d(x) = gcd(p(x), q(x)), find two polynomials a(x) and b(x)
      such that a(x)p(x) + b(x)q(x) = d(x).
        (a) p(x) = 7x3 + 6x2 − 8x + 4 and q(x) = x3 + x − 2, where p(x), q(x) ∈ Q[x]
        (b) p(x) = x3 + x2 − x + 1 and q(x) = x3 + x − 1, where p(x), q(x) ∈ Z2 [x]
        (c) p(x) = x3 + x2 − 4x + 4 and q(x) = x3 + 3x − 2, where p(x), q(x) ∈ Z5 [x]
        (d) p(x) = x3 − 2x + 4 and q(x) = 4x3 + x + 3, where p(x), q(x) ∈ Q[x]
   5. Find all of the zeros for each of the following polynomials.

        (a) 5x3 + 4x2 − x + 9 in Z12             (c) 5x4 + 2x2 − 3 in Z7
        (b) 3x3 − 4x2 − x + 4 in Z5              (d) x3 + x + 1 in Z2
284                                              CHAPTER 17           POLYNOMIALS

  6. Find all of the units in Z[x].
  7. Find a unit p(x) in Z4 [x] such that deg p(x) > 1.
  8. Which of the following polynomials are irreducible over Q[x]?

       (a) x4 − 2x3 + 2x2 + x + 4                  (c) 3x5 − 4x3 − 6x2 + 6
       (b) x4 − 5x3 + 3x − 2                       (d) 5x5 − 6x4 − 3x2 + 9x − 15

  9. Find all of the irreducible polynomials of degrees 2 and 3 in Z2 [x].
 10. Give two different factorizations of x2 + x + 8 in Z10 [x].
 11. Prove or disprove: There exists a polynomial p(x) in Z6 [x] of degree n with
     more than n distinct zeros.
 12. If F is a field, show that F [x1 , . . . , xn ] is an integral domain.
 13. Show that the division algorithm does not hold for Z[x]. Why does it fail?
 14. Prove or disprove: xp + a is irreducible for any a ∈ Zp , where p is prime.
 15. Let f (x) be irreducible. If f (x) | p(x)q(x), prove that either f (x) | p(x) or
     f (x) | q(x).
 16. Suppose that R and S are isomorphic rings. Prove that R[x] ∼
                                                                = S[x].
 17. Let F be a field and a ∈ F . If p(x) ∈ F [x], show that p(a) is the remainder
     obtained when p(x) is divided by x − a.
 18. The Rational Root Theorem. Let

                          p(x) = an xn an−1 xn−1 + · · · + a0 ∈ Z[x],

               6 0. Prove that if (r/s) = 0, where gcd(r, s) = 1, then r | a0 and
      where an =
      s | an .
 19. Let Q∗ be the multiplicative group of positive rational numbers. Prove that
     Q∗ is isomorphic to (Z[x], +).
 20. Cyclotomic Polynomials. The polynomial
                                  xn − 1
                       Φn (x) =          = xn−1 + xn−2 + · · · + x + 1
                                  x−1
      is called the cyclotomic polynomial . Show that Φp (x) is irreducible over
      Q for any prime p.
 21. If F is a field, show that there are infinitely many irreducible polynomials in
     F [x].
 22. Let R be a commutative ring with identity. Prove that multiplication is
     commutative in R[x].
EXERCISES                                                                         285

 23. Let R be a commutative ring with identity. Prove that multiplication is
     distributive in R[x].
 24. Show that xp − x has p distinct zeros in Zp , for any prime p. Conclude that
                       xp − x = x(x − 1)(x − 2) · · · (x − (p − 1)).

 25. Let F be a ring and f (x) = a0 + a1 x + · · · + an xn be in F [x]. Define
     f 0 (x) = a1 + 2a2 x + · · · + nan xn−1 to be the derivative of f (x).
      (a) Prove that
                                  (f + g)0 (x) = f 0 (x) + g 0 (x).
          Conclude that we can define a homomorphism of abelian groups D :
          F [x] → F [x] by (D(f (x)) = f 0 (x).
      (b) Calculate the kernel of D if charF = 0.
      (c) Calculate the kernel of D if charF = p.
      (d) Prove that
                             (f g)0 (x) = f 0 (x)g(x) + f (x)g 0 (x).
       (e) Suppose that we can factor a polynomial f (x) ∈ F [x] into linear factors,
           say
                           f (x) = a(x − a1 )(x − a2 ) · · · (x − an ).
           Prove that f (x) has no repeated factors if and only if f (x) and f 0 (x)
           are relatively prime.
 26. Let F be a field. Show that F [x] is never a field.
 27. Let R be an integral domain. Prove that R[x1 , . . . , xn ] is an integral domain.
 28. Let R be a commutative ring with identity. Show that R[x] has a subring R0
     isomorphic to R.
 29. Let p(x) and q(x) be polynomials in R[x], where R is a commutative ring
     with identity. Prove that deg(p(x) + q(x)) ≤ max(deg p(x), deg q(x)).

Additional Exercises: Solving the Cubic and Quartic
Equations
  1. Solve the general quadratic equation
                                     ax2 + bx + c = 0
     to obtain                                √
                                       −b ±    b2 − 4ac
                                  x=                    .
                                              2a
     The discriminant of the quadratic equation ∆ = b2 − 4ac determines the
     nature of the solutions of the equation. If ∆ > 0, the equation has two distinct
     real solutions. If ∆ = 0, the equation has a single repeated real root. If ∆ < 0,
     there are two distinct imaginary solutions.
286                                            CHAPTER 17         POLYNOMIALS

  2. Show that any cubic equation of the form

                                   x3 + bx2 + cx + d = 0

      can be reduced to the form y 3 + py + q = 0 by making the substitution
      x = y − b/3.
  3. Prove that the cube roots of 1 are given by
                                                √
                                         −1 + i 3
                                    ω=
                                             2 √
                                         −1  − i 3
                                   ω2 =
                                             2
                                   ω 3 = 1.

  4. Make the substitution
                                                  p
                                        y=z−
                                                 3z
      for y in the equation y 3 + py + q = 0 and obtain two solutions A and B for z 3 .
  5. Show√that the product of the solutions obtained in (4) is −p3 /27, deducing
     that 3 AB = −p/3.
  6. Prove that the possible solutions for z in (4) are given by
                   √        √         √       √        √         √
                     A, ω A, ω 2 A,             B, ω B, ω 2 B
                   3        3         3       3         3        3




      and use this result to show that the three possible solutions for y are
                       s       r                 s       r
                       3   q      p3    q 2          q       p3    q2
                     i                         2i 3
                    ω − +            +      +ω      − −         + ,
                           2      27    4            2       27    4

      where i = 0, 1, 2.
  7. The discriminant of the cubic equation is

                                            p3  q2
                                      ∆=       + .
                                            27  4
      Show that y 3 + py + q = 0
       (a) has three real roots, at least two of which are equal, if ∆ = 0.
       (b) has one real root and two conjugate imaginary roots if ∆ > 0.
       (c) has three distinct real roots if ∆ < 0.
  8. Solve the following cubic equations.
EXERCISES                                                                      287

       (a) x3 − 4x2 + 11x + 30 = 0              (c) x3 − 3x + 2 = 0
             3
       (b) x − 3x + 5 = 0                       (d) x3 + x + 3 = 0

   9. Show that the general quartic equation

                              x4 + ax3 + bx2 + cx + d = 0

      can be reduced to
                                  y 4 + py 2 + qy + r = 0
      by using the substitution x = y − a/4.
  10. Show that              2                            
                           1                           1 2
                       y2 + z    = (z − p)y 2 − qy +     z −r .
                           2                           4

  11. Show that the right-hand side of (10) can be put in the form (my + k)2 if and
      only if                                       
                              2              1 2
                             q − 4(z − p)      z − r = 0.
                                             4

  12. From (11) obtain the resolvent cubic equation

                            z 3 − pz 2 − 4rz + (4pr − q 2 ) = 0.

      Solving the resolvent cubic equation, put the equation found in (10) in the
      form                             2
                                  2   1
                                 y + z      = (my + k)2
                                      2
      to obtain the solution of the quartic equation.
  13. Use this method to solve the following quartic equations.

       (a) x4 − x2 − 3x + 2 = 0                 (c) x4 − 2x2 + 4x − 3 = 0
       (b) x4 + x3 − 7x2 − x + 6 = 0            (d) x4 − 4x3 + 3x2 − 5x + 2 = 0

Sage Polynomial rings are very important for computational approaches to
algebra, and so Sage makes it very easy to compute with polynomials, over
rings, or over fields. And it is trivial to check if a polynomial is irreducible.
                                    18
                Integral Domains


One of the most important rings we study is the ring of integers. It was
our first example of an algebraic structure: the first polynomial ring that
we examined was Z[x]. We also know that the integers sit naturally inside
the field of rational numbers, Q. The ring of integers is the model for all
integral domains. In this chapter we will examine integral domains in general,
answering questions about the ideal structure of integral domains, polynomial
rings over integral domains, and whether or not an integral domain can be
embedded in a field.


18.1     Fields of Fractions
Every field is also an integral domain; however, there are many integral
domains that are not fields. For example, the integers Z are an integral
domain but not a field. A question that naturally arises is how we might
associate an integral domain with a field. There is a natural way to construct
the rationals Q from the integers: the rationals can be represented as formal
quotients of two integers. The rational numbers are certainly a field. In fact,
it can be shown that the rationals are the smallest field that contains the
integers. Given an integral domain D, our question now becomes how to
construct a smallest field F containing D. We will do this in the same way
as we constructed the rationals from the integers.
    An element p/q ∈ Q is the quotient of two integers p and q; however,
different pairs of integers can represent the same rational number. For
instance, 1/2 = 2/4 = 3/6. We know that
                                    a    c
                                      =
                                    b    d
if and only if ad = bc. A more formal way of considering this problem is
to examine fractions in terms of equivalence relations. We can think of

                                     288
18.1   FIELDS OF FRACTIONS                                                  289

elements in Q as ordered pairs in Z × Z. A quotient p/q can be written
as (p, q). For instance, (3, 7) would represent the fraction 3/7. However,
there are problems if we consider all possible pairs in Z × Z. There is no
fraction 5/0 corresponding to the pair (5, 0). Also, the pairs (3, 6) and (2, 4)
both represent the fraction 1/2. The first problem is easily solved if we
require the second coordinate to be nonzero. The second problem is solved
by considering two pairs (a, b) and (c, d) to be equivalent if ad = bc.
    If we use the approach of ordered pairs instead of fractions, then we can
study integral domains in general. Let D be any integral domain and let

                      S = {(a, b) : a, b ∈ D and b 6= 0}.

Define a relation on S by (a, b) ∼ (c, d) if ad = bc.

Lemma 18.1 The relation ∼ between elements of S is an equivalence rela-
tion.

Proof. Since D is commutative, ab = ba; hence, ∼ is reflexive on D.
Now suppose that (a, b) ∼ (c, d). Then ad = bc or cb = da. Therefore,
(c, d) ∼ (a, b) and the relation is symmetric. Finally, to show that the
relation is transitive, let (a, b) ∼ (c, d) and (c, d) ∼ (e, f ). In this case
ad = bc and cf = de. Multiplying both sides of ad = bc by f yields

                        af d = adf = bcf = bde = bed.

Since D is an integral domain, we can deduce that af = be or (a, b) ∼ (e, f ).
                                                                           
    We will denote the set of equivalence classes on S by FD . We now need
to define the operations of addition and multiplication on FD . Recall how
fractions are added and multiplied in Q:
                              a       c   ad + bc
                                 +      =         ;
                              b       d      bd
                                a     c   ac
                                  ·     = .
                                b     d   bd
It seems reasonable to define the operations of addition and multiplication
on FD in a similar manner. If we denote the equivalence class of (a, b) ∈ S by
[a, b], then we are led to define the operations of addition and multiplication
on FD by
                           [a, b] + [c, d] = [ad + bc, bd]
290                                       CHAPTER 18             INTEGRAL DOMAINS

and
                                 [a, b] · [c, d] = [ac, bd],
respectively. The next lemma demonstrates that these operations are inde-
pendent of the choice of representatives from each equivalence class.

Lemma 18.2 The operations of addition and multiplication on FD are well-
defined.

Proof. We will prove that the operation of addition is well-defined. The
proof that multiplication is well-defined is left as an exercise. Let [a1 , b1 ] =
[a2 , b2 ] and [c1 , d1 ] = [c2 , d2 ]. We must show that

                      [a1 d1 + b1 c1 , b1 d1 ] = [a2 d2 + b2 c2 , b2 d2 ]

or, equivalently, that

                    (a1 d1 + b1 c1 )(b2 d2 ) = (b1 d1 )(a2 d2 + b2 c2 ).

Since [a1 , b1 ] = [a2 , b2 ] and [c1 , d1 ] = [c2 , d2 ], we know that a1 b2 = b1 a2 and
c1 d2 = d1 c2 . Therefore,

                    (a1 d1 + b1 c1 )(b2 d2 ) = a1 d1 b2 d2 + b1 c1 b2 d2
                                             = a1 b2 d1 d2 + b1 b2 c1 d2
                                             = b1 a2 d1 d2 + b1 b2 d1 c2
                                             = (b1 d1 )(a2 d2 + b2 c2 ).

                                                                                      

Lemma 18.3 The set of equivalence classes of S, FD , under the equiva-
lence relation ∼, together with the operations of addition and multiplication
defined by

                             [a, b] + [c, d] = [ad + bc, bd]
                               [a, b] · [c, d] = [ac, bd],

is a field.

Proof. The additive and multiplicative identities are [0, 1] and [1, 1], re-
spectively. To show that [0, 1] is the additive identity, observe that

                        [a, b] + [0, 1] = [a1 + b0, b1] = [a, b].
18.1   FIELDS OF FRACTIONS                                                      291

It is easy to show that [1, 1] is the multiplicative identity. Let [a, b] ∈ FD
such that a 6= 0. Then [b, a] is also in FD and [a, b] · [b, a] = [1, 1]; hence,
[b, a] is the multiplicative inverse for [a, b]. Similarly, [−a, b] is the additive
inverse of [a, b]. We leave as exercises the verification of the associative and
commutative properties of multiplication in FD . We also leave it to the
reader to show that FD is an abelian group under addition.
     It remains to show that the distributive property holds in FD ; however,

                  [a, b][e, f ] + [c, d][e, f ] = [ae, bf ] + [ce, df ]
                                              = [aedf + bf ce, bdf 2 ]
                                              = [aed + bce, bdf ]
                                              = [ade + bce, bdf ]
                                              = ([a, b] + [c, d])[e, f ]

and the lemma is proved.                                                         
   The field FD in Lemma 18.3 is called the field of fractions or field of
quotients of the integral domain D.

Theorem 18.4 Let D be an integral domain. Then D can be embedded in
a field of fractions FD , where any element in FD can be expressed as the
quotient of two elements in D. Furthermore, the field of fractions FD is
unique in the sense that if E is any field containing D, then there exists
a map ψ : FD → E giving an isomorphism with a subfield of E such that
ψ(a) = a for all elements a ∈ D.

Proof. We will first demonstrate that D can be embedded in the field FD .
Define a map φ : D → FD by φ(a) = [a, 1]. Then for a and b in D,

              φ(a + b) = [a + b, 1] = [a, 1] + [b, 1] = φ(a) + φ(b)

and
                    φ(ab) = [ab, 1] = [a, 1][b, 1] = φ(a)φ(b);
hence, φ is a homomorphism. To show that φ is one-to-one, suppose that
φ(a) = φ(b). Then [a, 1] = [b, 1], or a = a1 = 1b = b. Finally, any element of
FD can be expressed as the quotient of two elements in D, since

              φ(a)[φ(b)]−1 = [a, 1][b, 1]−1 = [a, 1] · [1, b] = [a, b].

    Now let E be a field containing D and define a map ψ : FD → E by
ψ([a, b]) = ab−1 . To show that ψ is well-defined, let [a1 , b1 ] = [a2 , b2 ]. Then
a1 b2 = b1 a2 . Therefore, a1 b−1      −1
                               1 = a2 b2 and ψ([a1 , b1 ]) = ψ([a2 , b2 ]).
292                                     CHAPTER 18          INTEGRAL DOMAINS

      If [a, b] and [c, d] are in FD , then

                       ψ([a, b] + [c, d]) = ψ([ad + bc, bd])
                                         = (ad + bc)(bd)−1
                                         = ab−1 + cd−1
                                         = ψ([a, b]) + ψ([c, d])

and

                         ψ([a, b] · [c, d]) = ψ([ac, bd])
                                          = (ac)(bd)−1
                                          = ab−1 cd−1
                                          = ψ([a, b])ψ([c, d]).

Therefore, ψ is a homomorphism.
   To complete the proof of the theorem, we need to show that ψ is one-to-
one. Suppose that ψ([a, b]) = ab−1 = 0. Then a = 0b = 0 and [a, b] = [0, b].
Therefore, the kernel of ψ is the zero element [0, b] in FD , and ψ is injective.
                                                                              

Example 1. Since Q is a field, Q[x] is an integral domain. The field
of fractions of Q[x] is the set of all rational expressions p(x)/q(x), where
p(x) and q(x) are polynomials over the rationals and q(x) is not the zero
polynomial. We will denote this field by Q(x).                            
   We will leave the proofs of the following corollaries of Theorem 18.4 as
exercises.

Corollary 18.5 Let F be a field of characteristic zero. Then F contains a
subfield isomorphic to Q.

Corollary 18.6 Let F be a field of characteristic p. Then F contains a
subfield isomorphic to Zp .


18.2        Factorization in Integral Domains
The building blocks of the integers are the prime numbers. If F is a field,
then irreducible polynomials in F [x] play a role that is very similar to that
of the prime numbers in the ring of integers. Given an arbitrary integral
domain, we are led to the following series of definitions.
18.2   FACTORIZATION IN INTEGRAL DOMAINS                                           293

    Let R be a commutative ring with identity, and let a and b be elements
in R. We say that a divides b, and write a | b, if there exists an element
c ∈ R such that b = ac. A unit in R is an element that has a multiplicative
inverse. Two elements a and b in R are said to be associates if there exists
a unit u in R such that a = ub.
    Let D be an integral domain. A nonzero element p ∈ D that is not a
unit is said to be irreducible provided that whenever p = ab, either a or b
is a unit. Furthermore, p is prime if whenever p | ab either p | a or p | b.

Example 2. It is important to notice that prime and irreducible elements do
not always coincide. Let R be the subring (with identity) of Q[x, y] generated
by x2 , y 2 , and xy. Each of these elements is irreducible in R; however, xy is
not prime, since xy divides x2 y 2 but does not divide either x2 or y 2 .     
     The Fundamental Theorem of Arithmetic states that every positive integer
n > 1 can be factored into a product of prime numbers p1 · · · pk , where the
pi ’s are not necessarily distinct. We also know that such factorizations
are unique up to the order of the pi ’s. We can easily extend this result
to the integers. The question arises of whether or not such factorizations
are possible in other rings. Generalizing this definition, we say an integral
domain D is a unique factorization domain, or UFD, if D satisfies the
following criteria.

   1. Let a ∈ D such that a =6 0 and a is not a unit. Then a can be written
      as the product of irreducible elements in D.

   2. Let a = p1 · · · pr = q1 · · · qs , where the pi ’s and the qi ’s are irreducible.
      Then r = s and there is a π ∈ Sr such that pi and qπ(j) are associates
      for j = 1, . . . , r.


Example 3. The integers are a unique factorization domain by the Funda-
mental Theorem of Arithmetic.                                        

Example √  4. Not every integral
                         √       domain is a unique factorization domain. The
subring Z[ 3 i] = {a + b 3 i} of the complex
                                       √       numbers is an √ integral domain
(Exercise 12, Chapter 16). Let z = a+b 3 i and define ν : Z[ 3 i] → N ∪ {0}
by ν(z) = |z|2 = a2 + 3b2 . It is clear that ν(z) ≥ 0 with equality when
z = 0. Also, from our knowledge of complex numbers we know that ν(zw) =
ν(z)ν(w). It is easy
                √ to show that if ν(z) = 1, then z is a unit, and that the
only units of Z[ 3 i] are 1 and −1.
294                                  CHAPTER 18         INTEGRAL DOMAINS

    We claim that 4 has two distinct factorizations into irreducible elements:
                                         √         √
                       4 = 2 · 2 = (1 − 3 i)(1 + 3 i).
                                                                             √
We must show that each of these factors is an irreducible element   √ in  Z[   3 i].
If 2 is not irreducible, then 2 = zw for elements z, w in Z[ 3 i] where      √
ν(z) = ν(w) = 2. However, there does not exist an element in z in Z[ 3 i]
such that ν(z) = 2 because the equation a2 + 3b2 = 2 has no integer solutions.
                                                                             √
Therefore,
         √ 2 must be irreducible. A similar argument shows that both 1− √3 i
and 1 +√ 3 i are irreducible. Since 2 is not a unit multiple of either 1 − 3 i
or 1 + 3 i, 4 has at least two distinct factorizations into irreducible elements.
                                                                                 


Principal Ideal Domains
Let R be a commutative ring with identity. Recall that a principal ideal
generated by a ∈ R is an ideal of the form hai = {ra : r ∈ R}. An integral
domain in which every ideal is principal is called a principal ideal domain,
or PID.

Lemma 18.7 Let D be an integral domain and let a, b ∈ D. Then

   1. a | b ⇔ hbi ⊂ hai.

   2. a and b are associates ⇔ hbi = hai.

   3. a is a unit in D ⇔ hai = D.

Proof. (1) Suppose that a | b. Then b = ax for some x ∈ D. Hence, for
every r in D, br = (ax)r = a(xr) and hbi ⊂ hai. Conversely, suppose that
hbi ⊂ hai. Then b ∈ hai. Consequently, b = ax for some x ∈ D. Thus, a | b.
    (2) Since a and b are associates, there exists a unit u such that a = ub.
Therefore, b | a and hai ⊂ hbi. Similarly, hbi ⊂ hai. It follows that hai = hbi.
Conversely, suppose that hai = hbi. By part (1), a | b and b | a. Then a = bx
and b = ay for some x, y ∈ D. Therefore, a = bx = ayx. Since D is an
integral domain, xy = 1; that is, x and y are units and a and b are associates.
    (3) An element a ∈ D is a unit if and only if a is an associate of 1.
However, a is an associate of 1 if and only if hai = h1i = D.                

Theorem 18.8 Let D be a PID and hpi be a nonzero ideal in D. Then hpi
is a maximal ideal if and only if p is irreducible.
18.2   FACTORIZATION IN INTEGRAL DOMAINS                                    295

Proof. Suppose that hpi is a maximal ideal. If some element a in D
divides p, then hpi ⊂ hai. Since hpi is maximal, either D = hai or hpi = hai.
Consequently, either a and p are associates or a is a unit. Therefore, p is
irreducible.
    Conversely, let p be irreducible. If hai is an ideal in D such that hpi ⊂
hai ⊂ D, then a | p. Since p is irreducible, either a must be a unit or a
and p are associates. Therefore, either D = hai or hpi = hai. Thus, hpi is a
maximal ideal.                                                              

Corollary 18.9 Let D be a PID. If p is irreducible, then p is prime.

Proof. Let p be irreducible and suppose that p | ab. Then habi ⊂ hpi. By
Corollary 16.18, since hpi is a maximal ideal, hpi must also be a prime ideal.
Thus, either a ∈ hpi or b ∈ hpi. Hence, either p | a or p | b.             

Lemma 18.10 Let D be a PID. Let I1 , I2 , . . . be a set of ideals such that
I1 ⊂ I2 ⊂ · · · . Then there exists an integer N such that In = IN for all
n ≥ N.

Proof. We claim that I = ∞
                             S
                               i=1 Ii is an ideal of D. Certainly I is not empty,
since I1 ⊂ I and 0 ∈ I. If a, b ∈ I, then a ∈ Ii and b ∈ Ij for some i and j in
N. Without loss of generality we can assume that i ≤ j. Hence, a and b are
both in Ij and so a − b is also in Ij . Now let r ∈ D and a ∈ I. Again, we
note that a ∈ Ii for some positive integer i. Since Ii is an ideal, ra ∈ Ii and
hence must be in I. Therefore, we have shown that I is an ideal in D.
    Since D is a principal ideal domain, there exists an element a ∈ D that
generates I. Since a is in IN for some N ∈ N, we know that IN = I = hai.
Consequently, In = IN for n ≥ N .                                             
    Any commutative ring satisfying the condition in Lemma 18.10 is said
to satisfy the ascending chain condition, or ACC. Such rings are called
Noetherian rings, after Emmy Noether.

Theorem 18.11 Every PID is a UFD.

Proof. Existence of a factorization. Let D be a PID and a be a nonzero
element in D that is not a unit. If a is irreducible, then we are done. If not,
then there exists a factorization a = a1 b1 , where neither a1 nor b1 is a unit.
Hence, hai ⊂ ha1 i. By Lemma 18.7, we know that hai 6= ha1 i; otherwise, a
and a1 would be associates and b1 would be a unit, which would contradict
our assumption. Now suppose that a1 = a2 b2 , where neither a2 nor b2 is a
296                                     CHAPTER 18               INTEGRAL DOMAINS

unit. By the same argument as before, ha1 i ⊂ ha2 i. We can continue with
this construction to obtain an ascending chain of ideals

                             hai ⊂ ha1 i ⊂ ha2 i ⊂ · · · .

By Lemma 18.10, there exists a positive integer N such that han i = haN i for
all n ≥ N . Consequently, aN must be irreducible. We have now shown that
a is the product of two elements, one of which must be irreducible.
    Now suppose that a = c1 p1 , where p1 is irreducible. If c1 is not a unit,
we can repeat the preceding argument to conclude that hai ⊂ hc1 i. Either
c1 is irreducible or c1 = c2 p2 , where p2 is irreducible and c2 is not a unit.
Continuing in this manner, we obtain another chain of ideals

                             hai ⊂ hc1 i ⊂ hc2 i ⊂ · · · .

This chain must satisfy the ascending chain condition; therefore,

                                    a = p1 p2 · · · pr

for irreducible elements p1 , . . . , pr .
    Uniqueness of the factorization. To show uniqueness, let

                           a = p1 p2 · · · pr = q1 q2 · · · qs ,

where each pi and each qi is irreducible. Without loss of generality, we can
assume that r < s. Since p1 divides q1 q2 · · · qs , by Corollary 18.9 it must
divide some qi . By rearranging the qi ’s, we can assume that p1 | q1 ; hence,
q1 = u1 p1 for some unit u1 in D. Therefore,

                          a = p1 p2 · · · pr = u1 p1 q2 · · · qs

or
                               p2 · · · pr = u1 q2 · · · qs .
Continuing in this manner, we can arrange the qi ’s such that p2 = q2 , p3 =
q3 , . . . , pr = qr , to obtain

                             u1 u2 · · · ur qr+1 · · · qs = 1.

In this case qr+1 · · · qs is a unit, which contradicts the fact that qr+1 , . . . , qs
are irreducibles. Therefore, r = s and the factorization of a is unique.             

Corollary 18.12 Let F be a field. Then F [x] is a UFD.
18.2   FACTORIZATION IN INTEGRAL DOMAINS                                 297

Example 5. Every PID is a UFD, but it is not the case that every UFD
is a PID. In Corollary 18.22, we will prove that Z[x] is a UFD. However,
Z[x] is not a PID. Let I = {5f (x) + xg(x) : f (x), g(x) ∈ Z[x]}. We can
easily show that I is an ideal of Z[x]. Suppose that I = hp(x)i. Since 5 ∈ I,
5 = f (x)p(x). In this case p(x) = p must be a constant. Since x ∈ I,
x = pg(x); consequently, p = ±1. However, it follows from this fact that
hp(x)i = Z[x]. But this would mean that 3 is in I. Therefore, we can write
3 = 5f (x) + xg(x) for some f (x) and g(x) in Z[x]. Examining the constant
term of this polynomial, we see that 3 = 5f (x), which is impossible.      


Euclidean Domains
We have repeatedly used the division algorithm when proving results about
either Z or F [x], where F is a field. We should now ask when a division
algorithm is available for an integral domain.
    Let D be an integral domain such that for each a ∈ D there is a nonneg-
ative integer ν(a) satisfying the following conditions.

  1. If a and b are nonzero elements in D, then ν(a) ≤ ν(ab).

  2. Let a, b ∈ D and suppose that b 6= 0. Then there exist elements
     q, r ∈ D such that a = bq + r and either r = 0 or ν(r) < ν(b).

Then D is called a Euclidean domain and ν is called a Euclidean valu-
ation.

Example 6. Absolute value on Z is a Euclidean valuation.                  

Example 7. Let F be a field. Then the degree of a polynomial in F [x] is a
Euclidean valuation.                                                    

Example 8. Recall that the Gaussian integers in Example 9 of Chapter 16
are defined by
                      Z[i] = {a + bi : a, b ∈ Z}.
We usually measure
                 √    the size of a complex
                                     √        number a + bi by its absolute
value, |a + bi| = a2 + b2 ; however, a2 + b2 may not be an integer. For our
valuation we will let ν(a + bi) = a2 + b2 to ensure that we have an integer.
    We claim that ν(a + bi) = a2 + b2 is a Euclidean valuation on Z[i]. Let
z, w ∈ Z[i]. Then ν(zw) = |zw|2 = |z|2 |w|2 = ν(z)ν(w). Since ν(z) ≥ 1 for
every nonzero z ∈ Z[i], ν(z) ≤ ν(z)ν(w).
298                                 CHAPTER 18        INTEGRAL DOMAINS

   Next, we must show that for any z = a + bi and w = c + di in Z[i]
with w 6= 0, there exist elements q and r in Z[i] such that z = qw + r
with either r = 0 or ν(r) < ν(w). We can view z and w as elements in
Q(i) = {p + qi : p, q ∈ Q}, the field of fractions of Z[i]. Observe that
                                c − di
               zw−1 = (a + bi)
                               c2 + d2
                        ac + bd bc − ad
                      = 2      + 2        i
                        c + d2
                                  c +d2                
                                  n1                n2
                      = m1 + 2           + m2 + 2           i
                               c + d2            c + d2
                                                        
                                           n1      n2
                      = (m1 + m2 i) +          +        i
                                        c2 + d2 c2 + d2
                      = (m1 + m2 i) + (s + ti)
in Q(i). In the last steps we are writing the real and imaginary parts as an
integer plus a proper fraction. That is, we take the closest integer mi such
that the fractional part satisfies |ni /(a2 + b2 )| ≤ 1/2. For example, we write
                                  9         1
                                    =1+
                                  8         8
                                 15         1
                                    =2−       .
                                 8          8
Thus, s and t are the “fractional parts” of zw−1 = (m1 + m2 i) + (s + ti). We
also know that s2 + t2 ≤ 1/4 + 1/4 = 1/2. Multiplying by w, we have
             z = zw−1 w = w(m1 + m2 i) + w(s + ti) = qw + r,
where q = m1 + m2 i and r = w(s + ti). Since z and qw are in Z[i], r must be
in Z[i]. Finally, we need to show that either r = 0 or ν(r) < ν(w). However,
                                         1
                   ν(r) = ν(w)ν(s + ti) ≤ ν(w) < ν(w).
                                         2
                                                                              

Theorem 18.13 Every Euclidean domain is a principal ideal domain.
Proof. Let D be a Euclidean domain and let ν be a Euclidean valuation
on D. Suppose I is a nontrivial ideal in D and choose a nonzero element
b ∈ I such that ν(b) is minimal for all a ∈ I. Since D is a Euclidean domain,
there exist elements q and r in D such that a = bq + r and either r = 0 or
ν(r) < ν(b). But r = a − bq is in I since I is an ideal; therefore, r = 0 by
the minimality of b. It follows that a = bq and I = hbi.                   
18.2   FACTORIZATION IN INTEGRAL DOMAINS                                          299

Corollary 18.14 Every Euclidean domain is a unique factorization domain.

Factorization in D[x]
One of the most important polynomial rings is Z[x]. One of the first questions
that come to mind about Z[x] is whether or not it is a UFD. We will prove
a more general statement here. Our first task is to obtain a more general
version of Gauss’s Lemma (Theorem 17.9).
    Let D be a unique factorization domain and suppose that

                          p(x) = an xn + · · · + a1 x + a0

in D[x]. Then the content of p(x) is the greatest common divisor of
a0 , . . . , an . We say that p(x) is primitive if gcd(a0 , . . . , an ) = 1.

Example 9. In Z[x] the polynomial p(x) = 5x4 − 3x3 + x − 4 is a primitive
polynomial since the greatest common divisor of the coefficients is 1; however,
the polynomial q(x) = 4x2 − 6x + 8 is not primitive since the content of q(x)
is 2.                                                                       

Theorem 18.15 (Gauss’s Lemma) Let D be a UFD and let f (x) and
g(x) be primitive polynomials in D[x]. Then f (x)g(x) is primitive.

Proof. Let f (x) = m
                       P         i
                                              Pn         i
                         i=0 ai x and g(x) =     i=0 bi x . Suppose that p is a
prime dividing the coefficients of f (x)g(x). Let r be the smallest integer
such that p6 |ar and s be the smallest integer such that p6 |bs . The coefficient
of xr+s in f (x)g(x) is

             cr+s = a0 br+s + a1 br+s−1 + · · · + ar+s−1 b1 + ar+s b0 .

Since p divides a0 , . . . , ar−1 and b0 , . . . , bs−1 , p divides every term of cr+s
except for the term ar bs . However, since p | cr+s , either p divides ar or p
divides bs . But this is impossible.                                                

Lemma 18.16 Let D be a UFD, and let p(x) and q(x) be in D[x]. Then the
content of p(x)q(x) is equal to the product of the contents of p(x) and q(x).

Proof. Let p(x) = cp1 (x) and q(x) = dq1 (x), where c and d are the contents
of p(x) and q(x), respectively. Then p1 (x) and q1 (x) are primitive. We
can now write p(x)q(x) = cdp1 (x)q1 (x). Since p1 (x)q1 (x) is primitive, the
content of p(x)q(x) must be cd.                                            
300                                        CHAPTER 18            INTEGRAL DOMAINS

Lemma 18.17 Let D be a UFD and F its field of fractions. Suppose
that p(x) ∈ D[x] and p(x) = f (x)g(x), where f (x) and g(x) are in F [x].
Then p(x) = f1 (x)g1 (x), where f1 (x) and g1 (x) are in D[x]. Furthermore,
deg f (x) = deg f1 (x) and deg g(x) = deg g1 (x).

Proof. Let a and b be nonzero elements of D such that af (x), bg(x) are
in D[x]. We can find a1 , b2 ∈ D such that af (x) = a1 f1 (x) and bg(x) =
b1 g1 (x), where f1 (x) and g1 (x) are primitive polynomials in D[x]. Therefore,
abp(x) = (a1 f1 (x))(b1 g1 (x)). Since f1 (x) and g1 (x) are primitive polynomials,
it must be the case that ab | a1 b1 by Gauss’s Lemma. Thus there exists
a c ∈ D such that p(x) = cf1 (x)g1 (x). Clearly, deg f (x) = deg f1 (x) and
deg g(x) = deg g1 (x).                                                          
      The following corollaries are direct consequences of Lemma 18.17.

Corollary 18.18 Let D be a UFD and F its field of fractions. A primitive
polynomial p(x) in D[x] is irreducible in F [x] if and only if it is irreducible
in D[x].

Corollary 18.19 Let D be a UFD and F its field of fractions. If p(x) is
a monic polynomial in D[x] with p(x) = f (x)g(x) in F [x], then p(x) =
f1 (x)g1 (x), where f1 (x) and g1 (x) are in D[x]. Furthermore, deg f (x) =
deg f1 (x) and deg g(x) = deg g1 (x).

Theorem 18.20 If D is a UFD, then D[x] is a UFD.

Proof. Let p(x) be a nonzero polynomial in D[x]. If p(x) is a constant
polynomial, then it must have a unique factorization since D is a UFD. Now
suppose that p(x) is a polynomial of positive degree in D[x]. Let F be the
field of fractions of D, and let p(x) = f1 (x)f2 (x) · · · fn (x) by a factorization
of p(x), where each fi (x) is irreducible. Choose ai ∈ D such that ai fi (x) is in
D[x]. There exist b1 , . . . , bn ∈ D such that ai fi (x) = bi gi (x), where gi (x) is
a primitive polynomial in D[x]. By Corollary 18.18, each gi (x) is irreducible
in D[x]. Consequently, we can write

                      a1 · · · an p(x) = b1 · · · bn g1 (x) · · · gn (x).

Let b = b1 · · · bn . Since g1 (x) · · · gn (x) is primitive, a1 · · · an divides b. There-
fore, p(x) = ag1 (x) · · · gn (x), where a ∈ D. Since D is a UFD, we can factor
a as uc1 · · · ck , where u is a unit and each of the ci ’s is irreducible in D.
    We will now show the uniqueness of this factorization. Let

            p(x) = a1 · · · am f1 (x) · · · fn (x) = b1 · · · br g1 (x) · · · gs (x)
18.2   FACTORIZATION IN INTEGRAL DOMAINS                                            301

be two factorizations of p(x), where all of the factors are irreducible in D[x].
By Corollary 18.18, each of the fi ’s and gi ’s is irreducible in F [x]. The ai ’s
and the bi ’s are units in F . Since F [x] is a PID, it is a UFD; therefore,
n = s. Now rearrange the gi (x)’s so that fi (x) and gi (x) are associates
for i = 1, . . . , n. Then there exist c1 , . . . , cn and d1 , . . . , dn in D such that
(ci /di )fi (x) = gi (x) or ci fi (x) = di gi (x). The polynomials fi (x) and gi (x) are
primitive; hence, ci and di are associates in D. Thus, a1 · · · am = ub1 · · · br in
D, where u is a unit in D. Since D is a unique factorization domain, m = s.
Finally, we can reorder the bi ’s so that ai and bi are associates for each i.
This completes the uniqueness part of the proof.                                       
   The theorem that we have just proven has several obvious but important
corollaries.

Corollary 18.21 Let F be a field. Then F [x] is a UFD.

Corollary 18.22 Z[x] is a UFD.

Corollary 18.23 Let D be a UFD. Then D[x1 , . . . , xn ] is a UFD.

Remark. It is important to notice that every Euclidean domain is a PID
and every PID is a UFD. However, as demonstrated by our examples, the
converse of each of these statements fails. There are principal ideal domains
that are not Euclidean domains, and there are unique factorization domains
that are not principal ideal domains (Z[x]).

                                  Historical Note

Karl Friedrich Gauss, born in Brunswick, Germany on April 30, 1777, is
considered to be one of the greatest mathematicians who ever lived. Gauss
was truly a child prodigy. At the age of three he was able to detect errors
in the books of his father’s business. Gauss entered college at the age of 15.
Before the age of 20, Gauss was able to construct a regular 17-sided polygon
with a ruler and compass. This was the first new construction of a regular
n-sided polygon since the time of the ancient Greeks. Gauss succeeded in
                        n
showing that if N = 22 + 1 was prime, then it was possible to construct a
regular N -sided polygon.
    Gauss obtained his Ph.D. in 1799 under the direction of Pfaff at the
University of Helmstedt. In his dissertation he gave the first complete proof
of the Fundamental Theorem of Algebra, which states that every polynomial
with real coefficients can be factored into linear factors over the complex
302                                  CHAPTER 18         INTEGRAL DOMAINS

numbers. The acceptance of complex numbers was brought √      about by Gauss,
who was the first person to use the notation of i for −1.
    Gauss then turned his attention toward number theory; in 1801, he
published his famous book on number theory, Disquisitiones Arithmeticae.
Throughout his life Gauss was intrigued with this branch of mathematics.
He once wrote, “Mathematics is the queen of the sciences, and the theory of
numbers is the queen of mathematics.”
    In 1807, Gauss was appointed director of the Observatory at the University
of Göttingen, a position he held until his death. This position required him
to study applications of mathematics to the sciences. He succeeded in making
contributions to fields such as astronomy, mechanics, optics, geodesy, and
magnetism. Along with Wilhelm Weber, he coinvented the first practical
electric telegraph some years before a better version was invented by Samuel
F. B. Morse.
    Gauss was clearly the most prominent mathematician in the world in the
early nineteenth century. His status naturally made his discoveries subject
to intense scrutiny. Gauss’s cold and distant personality many times led him
to ignore the work of his contemporaries, making him many enemies. He
did not enjoy teaching very much, and young mathematicians who sought
him out for encouragement were often rebuffed. Nevertheless, he had many
outstanding students, including Eisenstein, Riemann, Kummer, Dirichlet,
and Dedekind. Gauss also offered a great deal of encouragement to Sophie
Germain (1776–1831), who overcame the many obstacles facing women in
her day to become a very prominent mathematician. Gauss died at the age
of 78 in Göttingen on February 23, 1855.


Exercises
                   √            √         2     2
   1. Let z = a + b 3 i be in Z[ 3 i].
                                    √ If a + 3b = 1, show that z must be a unit.
      Show that the only units of Z[ 3 i] are 1 and −1.
   2. The Gaussian integers, Z[i], are a UFD. Factor each of the following elements
      in Z[i] into a product of irreducibles.

       (a) 5                                   (c) 6 + 8i
       (b) 1 + 3i                             (d) 2

   3. Let D be an integral domain.
       (a) Prove that FD is an abelian group under the operation of addition.
EXERCISES                                                                                  303

      (b) Show that the operation of multiplication is well-defined in the field of
          fractions, FD .
      (c) Verify the associative and commutative properties for multiplication in
          FD .
  4. Prove or disprove: Any subring of a field F containing 1 is an integral domain.
  5. Prove or disprove: If D is an integral domain, then every prime element in D
     is also irreducible in D.
  6. Let F be a field of characteristic zero. Prove that F contains a subfield
     isomorphic to Q.
  7. Let F be a field.
      (a) Prove that the field of fractions of F [x], denoted by F (x), is isomorphic
          to the set all rational expressions p(x)/q(x), where q(x) is not the zero
          polynomial.
      (b) Let p(x1 , . . . , xn ) and q(x1 , . . . , xn ) be polynomials in F [x1 , . . . , xn ].
          Show that the set of all rational expressions p(x1 , . . . , xn )/q(x1 , . . . , xn )
          is isomorphic to the field of fractions of F [x1 , . . . , xn ]. We denote the
          field of fractions of F [x1 , . . . , xn ] by F (x1 , . . . , xn ).
  8. Let p be prime and denote the field of fractions of Zp [x] by Zp (x). Prove that
     Zp (x) is an infinite field of characteristic p.
  9. Prove that the field of fractions of the Gaussian integers, Z[i], is

                                  Q(i) = {p + qi : p, q ∈ Q}.

 10. A field F is called a prime field if it has no proper subfields. If E is a
     subfield of F and E is a prime field, then E is a prime subfield of F .
      (a) Prove that every field contains a unique prime subfield.
      (b) If F is a field of characteristic 0, prove that the prime subfield of F is
          isomorphic to the field of rational numbers, Q.
      (c) If F is a field of characteristic p, prove that the prime subfield of F is
          isomorphic to Zp .
           √              √
 11. Let Z[ 2 ] = {a + b 2 : a, b ∈ Z}.
                         √
      (a) Prove that Z[ 2 ] is an integral domain.
                                      √
      (b) Find all of the units in Z[ 2 ].
                                                  √
      (c) Determine the field of fractions of Z[ 2 ].
                         √
      (d) Prove that
                  √ Z[ 2i]     is a Euclidean domain under the Euclidean valuation
          ν(a + b 2 i) = a2 + 2b2 .
304                                   CHAPTER 18          INTEGRAL DOMAINS

 12. Let D be a UFD. An element d ∈ D is a greatest common divisor of a
     and b in D if d | a and d | b and d is divisible by any other element dividing
     both a and b.
      (a) If D is a PID and a and b are both nonzero elements of D, prove there
          exists a unique greatest common divisor of a and b up to associates.
          That is, if d and d0 are both greatest common divisors of a and b, then
          d and d0 are associates. We write gcd(a, b) for the greatest common
          divisor of a and b.
      (b) Let D be a PID and a and b be nonzero elements of D. Prove that there
          exist elements s and t in D such that gcd(a, b) = as + bt.
 13. Let D be an integral domain. Define a relation on D by a ∼ b if a and b are
     associates in D. Prove that ∼ is an equivalence relation on D.
 14. Let D be a Euclidean domain with Euclidean valuation ν. If u is a unit in D,
     show that ν(u) = ν(1).
 15. Let D be a Euclidean domain with Euclidean valuation ν. If a and b are
     associates in D, prove that ν(a) = ν(b).
                   √
 16. Show that Z[ 5 i] is not a unique factorization domain.
 17. Prove or disprove: Every subdomain of a UFD is also a UFD.
 18. An ideal of a commutative ring R is said to be finitely generated if there
     exist elements a1 , . . . , an in R such that every element r ∈ R can be written
     as a1 r1 + · · · + an rn for some r1 , . . . , rn in R. Prove that R satisfies the
     ascending chain condition if and only if every ideal of R is finitely generated.
 19. Let D be an integral domain with a descending chain of ideals I1 ⊃ I2 ⊃ I3 ⊃
     · · · . Suppose that there exists an N such that Ik = IN for all k ≥ N . A ring
     satisfying this condition is said to satisfy the descending chain condition,
     or DCC. Rings satisfying the DCC are called Artinian rings, after Emil
     Artin. Show that if D satisfies the descending chain condition, it must satisfy
     the ascending chain condition.
 20. Let R be a commutative ring with identity. We define a multiplicative
     subset of R to be a subset S such that 1 ∈ S and ab ∈ S if a, b ∈ S.
      (a) Define a relation ∼ on R × S by (a, s) ∼ (a0 , s0 ) if there exists an s∗ ∈ S
          such that s∗ (s0 a − sa0 ) = 0. Show that ∼ is an equivalence relation on
          R × S.
      (b) Let a/s denote the equivalence class of (a, s) ∈ R × S and let S −1 R be
          the set of all equivalence classes with respect to ∼. Define the operations
          of addition and multiplication on S −1 R by
                                        a b   at + bs
                                          + =
                                        s  t     st
                                          ab  ab
                                             = ,
                                          st  st
EXERCISES                                                                        305

           respectively. Prove that these operations are well-defined on S −1 R and
           that S −1 R is a ring with identity under these operations. The ring
           S −1 R is called the ring of quotients of R with respect to S.
       (c) Show that the map ψ : R → S −1 R defined by ψ(a) = a/1 is a ring
           homomorphism.
       (d) If R has no zero divisors and 0 ∈
                                           / S, show that ψ is one-to-one.
       (e) Prove that P is a prime ideal of R if and only if S = R \ P is a
           multiplicative subset of R.
       (f) If P is a prime ideal of R and S = R \ P , show that the ring of quotients
           S −1 R has a unique maximal ideal. Any ring that has a unique maximal
           ideal is called a local ring .

References and Suggested Readings
  [1] Atiyah, M. F. and MacDonald, I. G. Introduction to Commutative Algebra.
      Westview Press, Boulder, CO, 1994.
  [2] Zariski, O. and Samuel, P. Commutative Algebra, vols. I and II. Springer,
      New York, 1975, 1960.

Sage Sage supports distinctions between “plain” rings, domains, principal
ideal domains and fields. Support is often very good for constructions and
computations with PID’s, but sometimes problems get significantly harder
(computationally) when a ring has less structure that that of a PID. So be
aware when using Sage that some questions may go unanswered for rings
with less structure.
                                     19
           Lattices and Boolean
                 Algebras



The axioms of a ring give structure to the operations of addition and multi-
plication on a set. However, we can construct algebraic structures, known as
lattices and Boolean algebras, that generalize other types of operations. For
example, the important operations on sets are inclusion, union, and intersec-
tion. Lattices are generalizations of order relations on algebraic spaces, such
as set inclusion in set theory and inequality in the familiar number systems
N, Z, Q, and R. Boolean algebras generalize the operations of intersection
and union. Lattices and Boolean algebras have found applications in logic,
circuit theory, and probability.


19.1      Lattices
Partially Ordered Sets
We begin by the study of lattices and Boolean algebras by generalizing the
idea of inequality. Recall that a relation on a set X is a subset of X × X.
A relation P on X is called a partial order of X if it satisfies the following
axioms.

   1. The relation is reflexive: (a, a) ∈ P for all a ∈ X.

   2. The relation is antisymmetric: if (a, b) ∈ P and (b, a) ∈ P , then
      a = b.

   3. The relation is transitive: if (a, b) ∈ P and (b, c) ∈ P , then (a, c) ∈ P .




                                      306
19.1   LATTICES                                                           307

We will usually write a  b to mean (a, b) ∈ P unless some symbol is naturally
associated with a particular partial order, such as a ≤ b with integers a and
b, or X ⊆ Y with sets X and Y . A set X together with a partial order  is
called a partially ordered set, or poset.

Example 1. The set of integers (or rationals or reals) is a poset where a ≤ b
has the usual meaning for two integers a and b in Z.                       

Example 2. Let X be any set. We will define the power set of X to be
the set of all subsets of X. We denote the power set of X by P(X). For
example, let X = {a, b, c}. Then P(X) is the set of all subsets of the set
{a, b, c}:
                          ∅    {a}    {b}     {c}
                       {a, b} {a, c} {b, c} {a, b, c}.
On any power set of a set X, set inclusion, ⊆, is a partial order. We can
represent the order on {a, b, c} schematically by a diagram such as the one
in Figure 19.1.                                                          

                                    {a, b, c}


                           {a, b}    {a, c}     {b, c}


                            {a}       {b}        {c}


                                       ∅


                 Figure 19.1. Partial order on P({a, b, c})


Example 3. Let G be a group. The set of subgroups of G is a poset, where
the partial order is set inclusion.                                   

Example 4. There can be more than one partial order on a particular set.
We can form a partial order on N by a  b if a | b. The relation is certainly
reflexive since a | a for all a ∈ N. If m | n and n | m, then m = n; hence, the
308            CHAPTER 19        LATTICES AND BOOLEAN ALGEBRAS

relation is also antisymmetric. The relation is transitive, because if m | n
and n | p, then m | p.                                                    

Example 5. Let X = {1, 2, 3, 4, 6, 8, 12, 24} be the set of divisors of 24 with
the partial order defined in Example 4. Figure 19.2 shows the partial order
on X.                                                                        

                                     24

                                8          12


                                4           6


                                2           3

                                      1


            Figure 19.2. A partial order on the divisors of 24

    Let Y be a subset of a poset X. An element u in X is an upper bound
of Y if a  u for every element a ∈ Y . If u is an upper bound of Y such that
u  v for every other upper bound v of Y , then u is called a least upper
bound or supremum of Y . An element l in X is said to be a lower bound
of Y if l  a for all a ∈ Y . If l is a lower bound of Y such that k  l for
every other lower bound k of Y , then l is called a greatest lower bound
or infimum of Y .

Example 6. Let Y = {2, 3, 4, 6} be contained in the set X of Example 5.
Then Y has upper bounds 12 and 24, with 12 as a least upper bound. The
only lower bound is 1; hence, it must be a greatest lower bound.    
    As it turns out, least upper bounds and greatest lower bounds are unique
if they exist.

Theorem 19.1 Let Y be a nonempty subset of a poset X. If Y has a least
upper bound, then Y has a unique least upper bound. If Y has a greatest
lower bound, then Y has a unique greatest lower bound.
19.1   LATTICES                                                           309

Proof. Let u1 and u2 be least upper bounds for Y . By the definition of
the least upper bound, u1  u for all upper bounds u of Y . In particular,
u1  u2 . Similarly, u2  u1 . Therefore, u1 = u2 by antisymmetry. A similar
argument show that the greatest lower bound is unique.                    
    On many posets it is possible to define binary operations by using the
greatest lower bound and the least upper bound of two elements. A lattice
is a poset L such that every pair of elements in L has a least upper bound
and a greatest lower bound. The least upper bound of a, b ∈ L is called the
join of a and b and is denoted by a ∨ b. The greatest lower bound of a, b ∈ L
is called the meet of a and b and is denoted by a ∧ b.

Example 7. Let X be a set. Then the power set of X, P(X), is a lattice.
For two sets A and B in P(X), the least upper bound of A and B is A ∪ B.
Certainly A ∪ B is an upper bound of A and B, since A ⊆ A ∪ B and
B ⊆ A ∪ B. If C is some other set containing both A and B, then C must
contain A ∪ B; hence, A ∪ B is the least upper bound of A and B. Similarly,
the greatest lower bound of A and B is A ∩ B.                           

Example 8. Let G be a group and suppose that X is the set of subgroups
of G. Then X is a poset ordered by set-theoretic inclusion, ⊆. The set of
subgroups of G is also a lattice. If H and K are subgroups of G, the greatest
lower bound of H and K is H ∩ K. The set H ∪ K may not be a subgroup
of G. We leave it as an exercise to show that the least upper bound of H
and K is the subgroup generated by H ∪ K.                                  
    In set theory we have certain duality conditions. For example, by De
Morgan’s laws, any statement about sets that is true about (A ∪ B)0 must
also be true about A0 ∩ B 0 . We also have a duality principle for lattices.
Principle of Duality. Any statement that is true for all lattices remains
true when  is replaced by  and ∨ and ∧ are interchanged throughout the
statement.
   The following theorem tells us that a lattice is an algebraic structure
with two binary operations that satisfy certain axioms.

Theorem 19.2 If L is a lattice, then the binary operations ∨ and ∧ satisfy
the following properties for a, b, c ∈ L.

  1. Commutative laws: a ∨ b = b ∨ a and a ∧ b = b ∧ a.

  2. Associative laws: a ∨ (b ∨ c) = (a ∨ b) ∨ c and a ∧ (b ∧ c) = (a ∧ b) ∧ c.
310            CHAPTER 19        LATTICES AND BOOLEAN ALGEBRAS

   3. Idempotent laws: a ∨ a = a and a ∧ a = a.

   4. Absorption laws: a ∨ (a ∧ b) = a and a ∧ (a ∨ b) = a.

Proof. By the Principle of Duality, we need only prove the first statement
in each part.
    (1) By definition a ∨ b is the least upper bound of {a, b}, and b ∨ a is the
least upper bound of {b, a}; however, {a, b} = {b, a}.
    (2) We will show that a ∨ (b ∨ c) and (a ∨ b) ∨ c are both least upper
bounds of {a, b, c}. Let d = a ∨ b. Then c  d ∨ c = (a ∨ b) ∨ c. We also know
that
                      a  a ∨ b = d  d ∨ c = (a ∨ b) ∨ c.
A similar argument demonstrates that b  (a ∨ b) ∨ c. Therefore, (a ∨ b) ∨ c
is an upper bound of {a, b, c}. We now need to show that (a ∨ b) ∨ c is the
least upper bound of {a, b, c}. Let u be some other upper bound of {a, b, c}.
Then a  u and b  u; hence, d = a ∨ b  u. Since c  u, it follows that
(a ∨ b) ∨ c = d ∨ c  u. Therefore, (a ∨ b) ∨ c must be the least upper bound
of {a, b, c}. The argument that shows a ∨ (b ∨ c) is the least upper bound of
{a, b, c} is the same. Consequently, a ∨ (b ∨ c) = (a ∨ b) ∨ c.
    (3) The join of a and a is the least upper bound of {a}; hence, a ∨ a = a.
    (4) Let d = a ∧ b. Then a  a ∨ d. On the other hand, d = a ∧ b  a, and
so a ∨ d  a. Therefore, a ∨ (a ∧ b) = a.                                   
    Given any arbitrary set L with operations ∨ and ∧, satisfying the condi-
tions of the previous theorem, it is natural to ask whether or not this set
comes from some lattice. The following theorem says that this is always the
case.

Theorem 19.3 Let L be a nonempty set with two binary operations ∨ and
∧ satisfying the commutative, associative, idempotent, and absorption laws.
We can define a partial order on L by a  b if a ∨ b = b. Furthermore, L is
a lattice with respect to  if for all a, b ∈ L, we define the least upper bound
and greatest lower bound of a and b by a ∨ b and a ∧ b, respectively.

Proof. We first show that L is a poset under . Since a ∨ a = a, a  a
and  is reflexive. To show that  is antisymmetric, let a  b and b  a.
Then a ∨ b = b and b ∨ a = a. By the commutative law, b = a ∨ b = b ∨ a = a.
Finally, we must show that  is transitive. Let a  b and b  c. Then
a ∨ b = b and b ∨ c = c. Thus,

                 a ∨ c = a ∨ (b ∨ c) = (a ∨ b) ∨ c = b ∨ c = c,
19.2   BOOLEAN ALGEBRAS                                                   311

or a  c.
    To show that L is a lattice, we must prove that a ∨ b and a ∧ b are,
respectively, the least upper and greatest lower bounds of a and b. Since
a = (a ∨ b) ∧ a = a ∧ (a ∨ b), it follows that a  a ∨ b. Similarly, b  a ∨ b.
Therefore, a ∨ b is an upper bound for a and b. Let u be any other upper
bound of both a and b. Then a  u and b  u. But a ∨ b  u since
                       (a ∨ b) ∨ u = a ∨ (b ∨ u) = a ∨ u = u.
The proof that a ∧ b is the greatest lower bound of a and b is left as an
exercise.                                                               


19.2       Boolean Algebras
Let us investigate the example of the power set, P(X), of a set X more
closely. The power set is a lattice that is ordered by inclusion. By the
definition of the power set, the largest element in P(X) is X itself and the
smallest element is ∅, the empty set. For any set A in P(X), we know that
A ∩ X = A and A ∪ ∅ = A. This suggests the following definition for lattices.
An element I in a poset X is a largest element if a  I for all a ∈ X. An
element O is a smallest element of X if O  a for all a ∈ X.
    Let A be in P(X). Recall that the complement of A is
                       A0 = X \ A = {x : x ∈ X and x ∈
                                                     / A}.
We know that A ∪ A0 = X and A ∩ A0 = ∅. We can generalize this example
for lattices. A lattice L with a largest element I and a smallest element O
is complemented if for each a ∈ X, there exists an a0 such that a ∨ a0 = I
and a ∧ a0 = O.
    In a lattice L, the binary operations ∨ and ∧ satisfy commutative and
associative laws; however, they need not satisfy the distributive law
                           a ∧ (b ∨ c) = (a ∧ b) ∨ (a ∧ c);
however, in P(X) the distributive law is satisfied since
                         A ∩ (B ∪ C) = (A ∩ B) ∪ (A ∩ C)
for A, B, C ∈ P(X). We will say that a lattice L is distributive if the
following distributive law holds:
                           a ∧ (b ∨ c) = (a ∧ b) ∨ (a ∧ c)
for all a, b, c ∈ L.
312              CHAPTER 19          LATTICES AND BOOLEAN ALGEBRAS

Theorem 19.4 A lattice L is distributive if and only if

                            a ∨ (b ∧ c) = (a ∨ b) ∧ (a ∨ c)

for all a, b, c ∈ L.

Proof. Let us assume that L is a distributive lattice.

                       a ∨ (b ∧ c) = [a ∨ (a ∧ c)] ∨ (b ∧ c)
                                  = a ∨ [(a ∧ c) ∨ (b ∧ c)]
                                  = a ∨ [(c ∧ a) ∨ (c ∧ b)]
                                  = a ∨ [c ∧ (a ∨ b)]
                                  = a ∨ [(a ∨ b) ∧ c]
                                  = [(a ∨ b) ∧ a] ∨ [(a ∨ b) ∧ c]
                                  = (a ∨ b) ∧ (a ∨ c).

The converse follows directly from the Duality Principle.                        
    A Boolean algebra is a lattice B with a greatest element I and a
smallest element O such that B is both distributive and complemented. The
power set of X, P(X), is our prototype for a Boolean algebra. As it turns
out, it is also one of the most important Boolean algebras. The following
theorem allows us to characterize Boolean algebras in terms of the binary
relations ∨ and ∧ without mention of the fact that a Boolean algebra is a
poset.

Theorem 19.5 A set B is a Boolean algebra if and only if there exist binary
operations ∨ and ∧ on B satisfying the following axioms.

   1. a ∨ b = b ∨ a and a ∧ b = b ∧ a for a, b ∈ B.

   2. a ∨ (b ∨ c) = (a ∨ b) ∨ c and a ∧ (b ∧ c) = (a ∧ b) ∧ c for a, b, c ∈ B.

   3. a ∧ (b ∨ c) = (a ∧ b) ∨ (a ∧ c) and a ∨ (b ∧ c) = (a ∨ b) ∧ (a ∨ c) for
      a, b, c ∈ B.

   4. There exist elements I and O such that a ∨ O = a and a ∧ I = a for
      all a ∈ B.

   5. For every a ∈ B there exists an a0 ∈ B such that a ∨ a0 = I and
      a ∧ a0 = O.
19.2   BOOLEAN ALGEBRAS                                                    313

Proof. Let B be a set satisfying (1)–(5) in the theorem. One of the
idempotent laws is satisfied since

                            a=a∨O
                              = a ∨ (a ∧ a0 )
                              = (a ∨ a) ∧ (a ∨ a0 )
                              = (a ∨ a) ∧ I
                              = a ∨ a.

Observe that

             I ∨ b = (I ∨ b) ∧ I = (I ∧ I) ∨ (b ∧ I) = I ∨ I = I.

Consequently, the first of the two absorption laws holds, since

                        a ∨ (a ∧ b) = (a ∧ I) ∨ (a ∧ b)
                                   = a ∧ (I ∨ b)
                                   =a∧I
                                   = a.

The other idempotent and absorption laws are proven similarly. Since B also
satisfies (1)–(3), the conditions of Theorem 19.3 are met; therefore, B must
be a lattice. Condition (4) tells us that B is a distributive lattice.
    For a ∈ B, O ∨ a = a; hence, O  a and O is the smallest element in B.
To show that I is the largest element in B, we will first show that a ∨ b = b
is equivalent to a ∧ b = a. Since a ∨ I = a for all a ∈ B, using the absorption
laws we can determine that

                    a ∨ I = (a ∧ I) ∨ I = I ∨ (I ∧ a) = I

or a  I for all a in B. Finally, since we know that B is complemented by
(5), B must be a Boolean algebra.
    Conversely, suppose that B is a Boolean algebra. Let I and O be the
greatest and least elements in B, respectively. If we define a ∨ b and a ∧ b as
least upper and greatest lower bounds of {a, b}, then B is a Boolean algebra
by Theorem 19.3 , Theorem 19.4, and our hypothesis.                          
    Many other identities hold in Boolean algebras. Some of these identities
are listed in the following theorem.

Theorem 19.6 Let B be a Boolean algebra. Then
314            CHAPTER 19          LATTICES AND BOOLEAN ALGEBRAS

  1. a ∨ I = I and a ∧ O = O for all a ∈ B.

  2. If a ∨ b = a ∨ c and a ∧ b = a ∧ c for a, b, c ∈ B, then b = c.

  3. If a ∨ b = I and a ∧ b = O, then b = a0 .

  4. (a0 )0 = a for all a ∈ B.

  5. I 0 = O and O0 = I.

  6. (a ∨ b)0 = a0 ∧ b0 and (a ∧ b)0 = a0 ∨ b0 (De Morgan’s Laws).

Proof. We will prove only (2). The rest of the identities are left as exercises.
For a ∨ b = a ∨ c and a ∧ b = a ∧ c, we have

                             b = b ∨ (b ∧ a)
                                 = b ∨ (a ∧ b)
                                 = b ∨ (a ∧ c)
                                 = (b ∨ a) ∧ (b ∨ c)
                                 = (a ∨ b) ∧ (b ∨ c)
                                 = (a ∨ c) ∧ (b ∨ c)
                                 = (c ∨ a) ∧ (c ∨ b)
                                 = c ∨ (a ∧ b)
                                 = c ∨ (a ∧ c)
                                 = c ∨ (c ∧ a)
                                 = c.

                                                                             

Finite Boolean Algebras
A Boolean algebra is a finite Boolean algebra if it contains a finite number
of elements as a set. Finite Boolean algebras are particularly nice since we
can classify them up to isomorphism.
    Let B and C be Boolean algebras. A bijective map φ : B → C is an
isomorphism of Boolean algebras if

                            φ(a ∨ b) = φ(a) ∨ φ(b)
                            φ(a ∧ b) = φ(a) ∧ φ(b)

for all a and b in B.
19.2   BOOLEAN ALGEBRAS                                                    315

    We will show that any finite Boolean algebra is isomorphic to the Boolean
algebra obtained by taking the power set of some finite set X. We will need
a few lemmas and definitions before we prove this result. Let B be a finite
Boolean algebra. An element a ∈ B is an atom of B if a 6= O and a ∧ b = a
for all nonzero b ∈ B. Equivalently, a is an atom of B if there is no nonzero
b ∈ B distinct from a such that O  b  a.
Lemma 19.7 Let B be a finite Boolean algebra. If b is a nonzero element
of B, then there is an atom a in B such that a  b.
Proof. If b is an atom, let a = b. Otherwise, choose an element b1 , not
equal to O or b, such that b1  b. We are guaranteed that this is possible
since b is not an atom. If b1 is an atom, then we are done. If not, choose b2 ,
not equal to O or b1 , such that b2  b1 . Again, if b2 is an atom, let a = b2 .
Continuing this process, we can obtain a chain
                         O  · · ·  b3  b2  b1  b.
Since B is a finite Boolean algebra, this chain must be finite. That is, for
some k, bk is an atom. Let a = bk .                                       
Lemma 19.8 Let a and b be atoms in a finite Boolean algebra B such that
a 6= b. Then a ∧ b = O.
Proof. Since a ∧ b is the greatest lower bound of a and b, we know that
a ∧ b  a. Hence, either a ∧ b = a or a ∧ b = O. However, if a ∧ b = a, then
either a  b or a = O. In either case we have a contradiction because a and
b are both atoms; therefore, a ∧ b = O.                                    
Lemma 19.9 Let B be a Boolean algebra and a, b ∈ B. The following
statements are equivalent.
  1. a  b.
  2. a ∧ b0 = O.
  3. a0 ∨ b = I.
Proof. (1) ⇒ (2). If a  b, then a ∨ b = b. Therefore,
                             a ∧ b0 = a ∧ (a ∨ b)0
                                   = a ∧ (a0 ∧ b0 )
                                   = (a ∧ a0 ) ∧ b0
                                   = O ∧ b0
                                   = O.
316               CHAPTER 19         LATTICES AND BOOLEAN ALGEBRAS

      (2) ⇒ (3). If a ∧ b0 = O, then a0 ∨ b = (a ∧ b0 )0 = O0 = I.
      (3) ⇒ (1). If a0 ∨ b = I, then

                                a = a ∧ (a0 ∨ b)
                                  = (a ∧ a0 ) ∨ (a ∧ b)
                                  = O ∨ (a ∧ b)
                                  = a ∧ b.

Thus, a  b.                                                                       

Lemma 19.10 Let B be a Boolean algebra and b and c be elements in B
such that b 6 c. Then there exists an atom a ∈ B such that a  b and a 6 c.

Proof. By Lemma 19.9, b ∧ c0 6= O. Hence, there exists an atom a such
that a  b ∧ c0 . Consequently, a  b and a 6 c.                   

Lemma 19.11 Let b ∈ B and a1 , . . . , an be the atoms of B such that ai  b.
Then b = a1 ∨ · · · ∨ an . Furthermore, if a, a1 , . . . , an are atoms of B such that
a  b, ai  b, and b = a ∨ a1 ∨ · · · ∨ an , then a = ai for some i = 1, . . . , n.

Proof. Let b1 = a1 ∨ · · · ∨ an . Since ai  b for each i, we know that b1  b.
If we can show that b  b1 , then the lemma is true by antisymmetry. Assume
b 6 b1 . Then there exists an atom a such that a  b and a 6 b1 . Since a is
an atom and a  b, we can deduce that a = ai for some ai . However, this is
impossible since a  b1 . Therefore, b  b1 .
    Now suppose that b = a1 ∨ · · · ∨ an . If a is an atom less than b,

           a = a ∧ b = a ∧ (a1 ∨ · · · ∨ an ) = (a ∧ a1 ) ∨ · · · ∨ (a ∧ an ).

But each term is O or a with a ∧ ai occurring for only one ai . Hence, by
Lemma 19.8, a = ai for some i.                                         

Theorem 19.12 Let B be a finite Boolean algebra. Then there exists a set
X such that B is isomorphic to P(X).

Proof. We will show that B is isomorphic to P(X), where X is the set
of atoms of B. Let a ∈ B. By Lemma 19.11, we can write a uniquely as
a = a1 ∨ · · · ∨ an for a1 , . . . , an ∈ X. Consequently, we can define a map
φ : B → P(X) by

                     φ(a) = φ(a1 ∨ · · · ∨ an ) = {a1 , . . . , an }.
19.3   THE ALGEBRA OF ELECTRICAL CIRCUITS                                          317

Clearly, φ is onto.
    Now let a = a1 ∨· · ·∨an and b = b1 ∨· · ·∨bm be elements in B, where each
ai and each bi is an atom. If φ(a) = φ(b), then {a1 , . . . , an } = {b1 , . . . , bm }
and a = b. Consequently, φ is injective.
    The join of a and b is preserved by φ since

                 φ(a ∨ b) = φ(a1 ∨ · · · ∨ an ∨ b1 ∨ · · · ∨ bm )
                           = {a1 , . . . , an , b1 , . . . , bm }
                           = {a1 , . . . , an } ∪ {b1 , . . . , bm }
                           = φ(a1 ∨ · · · ∨ an ) ∪ φ(b1 ∧ · · · ∨ bm )
                           = φ(a) ∪ φ(b).

Similarly, φ(a ∧ b) = φ(a) ∩ φ(b).                                                  
    We leave the proof of the following corollary as an exercise.

Corollary 19.13 The order of any finite Boolean algebra must be 2n for
some positive integer n.


19.3      The Algebra of Electrical Circuits
The usefulness of Boolean algebras has become increasingly apparent over
the past several decades with the development of the modern computer.
The circuit design of computer chips can be expressed in terms of Boolean
algebras. In this section we will develop the Boolean algebra of electrical
circuits and switches; however, these results can easily be generalized to the
design of integrated computer circuitry.
    A switch is a device, located at some point in an electrical circuit, that
controls the flow of current through the circuit. Each switch has two possible
states: it can be open, and not allow the passage of current through the
circuit, or a it can be closed, and allow the passage of current. These states
are mutually exclusive. We require that every switch be in one state or the
other: a switch cannot be open and closed at the same time. Also, if one
switch is always in the same state as another, we will denote both by the
same letter; that is, two switches that are both labeled with the same letter
a will always be open at the same time and closed at the same time.
    Given two switches, we can construct two fundamental types of circuits.
Two switches a and b are in series if they make up a circuit of the type
that is illustrated in Figure 19.3. Current can pass between the terminals A
and B in a series circuit only if both of the switches a and b are closed. We
318             CHAPTER 19        LATTICES AND BOOLEAN ALGEBRAS

will denote this combination of switches by a ∧ b. Two switches a and b are
in parallel if they form a circuit of the type that appears in Figure 19.4.
In the case of a parallel circuit, current can pass between A and B if either
one of the switches is closed. We denote a parallel combination of circuits a
and b by a ∨ b.

                        A         a         b         B


                             Figure 19.3. a ∧ b

                                       a

                        A                             B

                                       b


                             Figure 19.4. a ∨ b

     We can build more complicated electrical circuits out of series and par-
allel circuits by replacing any switch in the circuit with one of these two
fundamental types of circuits. Circuits constructed in this manner are called
series-parallel circuits.
     We will consider two circuits equivalent if they act the same. That is, if
we set the switches in equivalent circuits exactly the same we will obtain the
same result. For example, in a series circuit a ∧ b is exactly the same as b ∧ a.
Notice that this is exactly the commutative law for Boolean algebras. In
fact, the set of all series-parallel circuits forms a Boolean algebra under the
operations of ∨ and ∧. We can use diagrams to verify the different axioms
of a Boolean algebra. The distributive law, a ∧ (b ∨ c) = (a ∧ b) ∨ (a ∧ c),
is illustrated in Figure 19.5. If a is a switch, then a0 is the switch that is
always open when a is closed and always closed when a is open. A circuit
that is always closed is I in our algebra; a circuit that is always open is O.
The laws for a ∧ a0 = O and a ∨ a0 = I are shown in Figure 19.6.

Example 9. Every Boolean expression represents a switching circuit. For
example, given the expression (a ∨ b) ∧ (a ∨ b0 ) ∧ (a ∨ b), we can construct
the circuit in Figure 19.7.                                                

Theorem 19.14 The set of all circuits is a Boolean algebra.
19.3   THE ALGEBRA OF ELECTRICAL CIRCUITS                                  319

                             b                         a       b

                a

                             c                         a       c


                Figure 19.5. a ∧ (b ∨ c) = (a ∧ b) ∨ (a ∧ c)

                                                       a

                         a       a0

                                                      a0


                    Figure 19.6. a ∧ a0 = O and a ∨ a0 = I


    We leave as an exercise the proof of this theorem for the Boolean algebra
axioms not yet verified. We can now apply the techniques of Boolean algebras
to switching theory.

Example 10. Given a complex circuit, we can now apply the techniques
of Boolean algebra to reduce it to a simpler one. Consider the circuit in
Figure 19.7. Since

           (a ∨ b) ∧ (a ∨ b0 ) ∧ (a ∨ b) = (a ∨ b) ∧ (a ∨ b) ∧ (a ∨ b0 )
                                        = (a ∨ b) ∧ (a ∨ b0 )
                                        = a ∨ (b ∧ b0 )
                                        =a∨O
                                        = a,


                         a              a                  a



                         b              b0                 b


                    Figure 19.7. (a ∨ b) ∧ (a ∨ b0 ) ∧ (a ∨ b)
320              CHAPTER 19          LATTICES AND BOOLEAN ALGEBRAS

we can replace the more complicated circuit with a circuit containing the
single switch a and achieve the same function.                         

                                 Historical Note
George Boole (1815–1864) was the first person to study lattices. In 1847, he
published The Investigation of the Laws of Thought, a book in which he used lattices
to formalize logic and the calculus of propositions. Boole believed that mathematics
was the study of form rather than of content; that is, he was not so much concerned
with what he was calculating as with how he was calculating it. Boole’s work was
carried on by his friend Augustus De Morgan (1806–1871). De Morgan observed
that the principle of duality often held in set theory, as is illustrated by De Morgan’s
laws for set theory. He believed, as did Boole, that mathematics was the study of
symbols and abstract operations.
    Set theory and logic were further advanced by such mathematicians as Alfred
North Whitehead (1861–1947), Bertrand Russell (1872–1970), and David Hilbert
(1862–1943). In Principia Mathematica, Whitehead and Russell attempted to show
the connection between mathematics and logic by the deduction of the natural
number system from the rules of formal logic. If the natural numbers could be
determined from logic itself, then so could much of the rest of existing mathematics.
Hilbert attempted to build up mathematics by using symbolic logic in a way that
would prove the consistency of mathematics. His approach was dealt a mortal blow
by Kurt Gödel (1906–1978), who proved that there will always be “undecidable”
problems in any sufficiently rich axiomatic system; that is, that in any mathematical
system of any consequence, there will always be statements that can never be proven
either true or false.
    As often occurs, this basic research in pure mathematics later became indis-
pensable in a wide variety of applications. Boolean algebras and logic have become
essential in the design of the large-scale integrated circuitry found on today’s com-
puter chips. Sociologists have used lattices and Boolean algebras to model social
hierarchies; biologists have used them to describe biosystems.


Exercises
   1. Draw the lattice diagram for the power set of X = {a, b, c, d} with the set
      inclusion relation, ⊆.
   2. Draw the diagram for the set of positive integers that are divisors of 30. Is
      this poset a Boolean algebra?
   3. Draw a diagram of the lattice of subgroups of Z12 .
   4. Let B be the set of positive integers that are divisors of 36. Define an order
      on B by a  b if a | b. Prove that B is a Boolean algebra. Find a set X such
      that B is isomorphic to P(X).
EXERCISES                                                                                    321

  5. Prove or disprove: Z is a poset under the relation a  b if a | b.
  6. Draw the switching circuit for each of the following Boolean expressions.

      (a) (a ∨ b ∨ a0 ) ∧ a                                (c) a ∨ (a ∧ b)
                 0
      (b) (a ∨ b) ∧ (a ∨ b)                                (d) (c ∨ a ∨ b) ∧ c0 ∧ (a ∨ b)0

  7. Draw a circuit that will be closed exactly when only one of three switches a,
     b, and c are closed.
  8. Prove or disprove that the two circuits shown are equivalent.

                         a         b        c                                a   b
                              a0       b
                              a        c0                                    a   c0

  9. Let X be a finite set containing n elements. Prove that P(X) = 2n . Conclude
     that the order of any finite Boolean algebra must be 2n for some n ∈ N.
 10. For each of the following circuits, write a Boolean expression. If the circuit
     can be replaced by one with fewer switches, give the Boolean expression and
     draw a diagram for the new circuit.

                                                      a        b0
                                            a0
                                                           b


                                            a                  a         b
                                                                    a0
                                            b                  a0        b


                                                 a    b        c
                                                 a0   b0       c
                                                 a    b0       c0

 11. Prove or disprove: The set of all nonzero integers is a lattice, where a  b is
     defined by a | b.
 12. Prove that a ∧ b is the greatest lower bound of a and b in Theorem 19.3.
322             CHAPTER 19             LATTICES AND BOOLEAN ALGEBRAS

 13. Let L be a nonempty set with two binary operations ∨ and ∧ satisfying the
     commutative, associative, idempotent, and absorption laws. We can define a
     partial order on L, as in Theorem 19.3, by a  b if a ∨ b = b. Prove that the
     greatest lower bound of a and b is a ∧ b.
 14. Let G be a group and X be the set of subgroups of G ordered by set-theoretic
     inclusion. If H and K are subgroups of G, show that the least upper bound
     of H and K is the subgroup generated by H ∪ K.
 15. Let R be a ring and suppose that X is the set of ideals of R. Show that X is
     a poset ordered by set-theoretic inclusion, ⊆. Define the meet of two ideals I
     and J in X by I ∩ J and the join of I and J by I + J. Prove that the set of
     ideals of R is a lattice under these operations.
 16. Let B be a Boolean algebra. Prove each of the following identities.
       (a) a ∨ I = I and a ∧ O = O for all a ∈ B.
       (b) If a ∨ b = I and a ∧ b = O, then b = a0 .
       (c) (a0 )0 = a for all a ∈ B.
       (d) I 0 = O and O0 = I.
       (e) (a ∨ b)0 = a0 ∧ b0 and (a ∧ b)0 = a0 ∨ b0 (De Morgan’s laws).
 17. By drawing the appropriate diagrams, complete the proof of Theorem 19.14
     to show that the switching functions form a Boolean algebra.
 18. Let B be a Boolean algebra. Define binary operations + and · on B by

                                 a + b = (a ∧ b0 ) ∨ (a0 ∧ b)
                                  a · b = a ∧ b.

      Prove that B is a commutative ring under these operations satisfying a2 = a
      for all a ∈ B.
 19. Let X be a poset such that for every a and b in X, either a  b or b  a.
     Then X is said to be a totally ordered set.
       (a) Is a | b a total order on N?
       (b) Prove that N, Z, Q, and R are totally ordered sets under the usual
           ordering ≤.
 20. Let X and Y be posets. A map φ : X → Y is order-preserving if a  b
     implies that φ(a)  φ(b). Let L and M be lattices. A map ψ : L → M
     is a lattice homomorphism if ψ(a ∨ b) = ψ(a) ∨ ψ(b) and ψ(a ∧ b) =
     ψ(a) ∧ ψ(b). Show that every lattice homomorphism is order-preserving, but
     that it is not the case that every order-preserving homomorphism is a lattice
     homomorphism.
 21. Let B be a Boolean algebra. Prove that a = b if and only if (a∧b0 )∨(a0 ∧b) = O
     for a, b ∈ B.
EXERCISES                                                                          323


                       Table 19.1. Boolean polynomials
                              x   y   x0   x∨y      x∧y
                              0   0   1     0        0
                              0   1   1     1        0
                              1   0   0     1        0
                              1   1   0     1        1



  22. Let B be a Boolean algebra. Prove that a = 0 if and only if (a∧b0 )∨(a0 ∧b) = b
      for all b ∈ B.
  23. Let L and M be lattices. Define an order relation on L × M by (a, b)  (c, d)
      if a  c and b  d. Show that L × M is a lattice under this partial order.

Programming Exercises
A Boolean or switching function on n variables is a map f : {O, I}n → {0, I}.
A Boolean polynomial is a special type of Boolean function: it is any type of Boolean
expression formed from a finite combination of variables x1 , . . . , xn together with O
and I, using the operations ∨, ∧, and 0 . The values of the functions are defined in
Table 19.1. Write a program to evaluate Boolean polynomials.

References and Suggested Readings
  [1] Donnellan, T. Lattice Theory. Pergamon Press, Oxford, 1968.
  [2] Halmos, P. R. “The Basic Concepts of Algebraic Logic,” American Mathe-
      matical Monthly 53 (1956), 363–87.
  [3] Hohn, F. “Some Mathematical Aspects of Switching,” American Mathematical
      Monthly 62 (1955), 75–90.
  [4] Hohn, F. Applied Boolean Algebra. 2nd ed. Macmillan, New York, 1966.
  [5] Lidl, R. and Pilz, G. Applied Abstract Algebra. 2nd ed. Springer, New York,
      1998.
  [6] Whitesitt, J. Boolean Algebra and Its Applications. Dover, Mineola, NY,
      2010.

Sage Sage has a full suite of functionality for both posets and lattices, all as
part of its excellent support for combinatorics. There is little in this chapter
that cannot be investigated with Sage.
                                    20
                    Vector Spaces



In a physical system a quantity can often be described with a single number.
For example, we need to know only a single number to describe temperature,
mass, or volume. However, for some quantities, such as location, we need
several numbers. To give the location of a point in space, we need x, y,
and z coordinates. Temperature distribution over a solid object requires
four numbers: three to identify each point within the object and a fourth
to describe the temperature at that point. Often n-tuples of numbers, or
vectors, also have certain algebraic properties, such as addition or scalar
multiplication.
    In this chapter we will examine mathematical structures called vector
spaces. As with groups and rings, it is desirable to give a simple list of
axioms that must be satisfied to make a set of vectors a structure worth
studying.


20.1      Definitions and Examples
A vector space V over a field F is an abelian group with a scalar product
α · v or αv defined for all α ∈ F and all v ∈ V satisfying the following axioms.
   • α(βv) = (αβ)v;

   • (α + β)v = αv + βv;

   • α(u + v) = αu + αv;

   • 1v = v;
where α, β ∈ F and u, v ∈ V .
   The elements of V are called vectors; the elements of F are called
scalars. It is important to notice that in most cases two vectors cannot be

                                     324
20.1   DEFINITIONS AND EXAMPLES                                                           325

multiplied. In general, it is only possible to multiply a vector with a scalar.
To differentiate between the scalar zero and the vector zero, we will write
them as 0 and 0, respectively.
   Let us examine several examples of vector spaces. Some of them will be
quite familiar; others will seem less so.

Example 1. The n-tuples of real numbers, denoted by Rn , form a vector
space over R. Given vectors u = (u1 , . . . , un ) and v = (v1 , . . . , vn ) in Rn and
α in R, we can define vector addition by

         u + v = (u1 , . . . , un ) + (v1 , . . . , vn ) = (u1 + v1 , . . . , un + vn )

and scalar multiplication by

                       αu = α(u1 , . . . , un ) = (αu1 , . . . , αun ).

                                                                                           

Example 2. If F is a field, then F [x] is a vector space over F . The vectors
in F [x] are simply polynomials. Vector addition is just polynomial addition.
If α ∈ F and p(x) ∈ F [x], then scalar multiplication is defined by αp(x). 

Example 3. The set of all continuous real-valued functions on a closed
interval [a, b] is a vector space over R. If f (x) and g(x) are continuous on
[a, b], then (f + g)(x) is defined to be f (x) + g(x). Scalar multiplication is
defined by (αf )(x) = αf (x) for α ∈ R. For example, if f (x) = sin x and
g(x) = x2 , then (2f + 5g)(x) = 2 sin x + 5x2 .                              

                            √             √
Example 4. Let V = Q(      √  2 ) = {a + b √2 : a, b ∈ Q}. Then V is a vector√
space over Q. If u = a+b 2 and v = c+d 2, then u+v = (a+c)+(b+d) 2
is again in V . Also, for α ∈ Q, αv is in V . We will leave it as an exercise to
verify that all of the vector space axioms hold for V .                       

Proposition 20.1 Let V be a vector space over F . Then each of the fol-
lowing statements is true.

   1. 0v = 0 for all v ∈ V .

   2. α0 = 0 for all α ∈ F .

   3. If αv = 0, then either α = 0 or v = 0.
326                                         CHAPTER 20         VECTOR SPACES

   4. (−1)v = −v for all v ∈ V .
   5. −(αv) = (−α)v = α(−v) for all α ∈ F and all v ∈ V .

Proof. To prove (1), observe that

                            0v = (0 + 0)v = 0v + 0v;

consequently, 0 + 0v = 0v + 0v. Since V is an abelian group, 0 = 0v.
   The proof of (2) is almost identical to the proof of (1). For (3), we are
done if α = 0. Suppose that α 6= 0. Multiplying both sides of αv = 0 by
1/α, we have v = 0.
   To show (4), observe that

                 v + (−1)v = 1v + (−1)v = (1 − 1)v = 0v = 0,

and so −v = (−1)v. We will leave the proof of (5) as an exercise.                  


20.2      Subspaces
Just as groups have subgroups and rings have subrings, vector spaces also
have substructures. Let V be a vector space over a field F , and W a subset
of V . Then W is a subspace of V if it is closed under vector addition and
scalar multiplication; that is, if u, v ∈ W and α ∈ F , it will always be the
case that u + v and αv are also in W .

Example 5. Let W be the subspace of R3 defined by W = {(x1 , 2x1 +
x2 , x1 − x2 ) : x1 , x2 ∈ R}. We claim that W is a subspace of R3 . Since

         α(x1 , 2x1 + x2 , x1 − x2 ) = (αx1 , α(2x1 + x2 ), α(x1 − x2 ))
                                     = (αx1 , 2(αx1 ) + αx2 , αx1 − αx2 ),

W is closed under scalar multiplication. To show that W is closed under
vector addition, let u = (x1 , 2x1 + x2 , x1 − x2 ) and v = (y1 , 2y1 + y2 , y1 − y2 )
be vectors in W . Then

       u + v = (x1 + y1 , 2(x1 + y1 ) + (x2 + y2 ), (x1 + y1 ) − (x2 + y2 )).

                                                                                   

Example 6. Let W be the subset of polynomials of F [x] with no odd-power
terms. If p(x) and q(x) have no odd-power terms, then neither will p(x)+q(x).
Also, αp(x) ∈ W for α ∈ F and p(x) ∈ W .                                  
20.3    LINEAR INDEPENDENCE                                                                327

    Let V be any vector space over a field F and suppose that v1 , v2 , . . . , vn
are vectors in V and α1 , α2 , . . . , αn are scalars in F . Any vector w in V of
the form
                     Xn
                 w=       αi vi = α1 v1 + α2 v2 + · · · + αn vn
                            i=1
is called a linear combination of the vectors v1 , v2 , . . . , vn . The spanning
set of vectors v1 , v2 , . . . , vn is the set of vectors obtained from all possible
linear combinations of v1 , v2 , . . . , vn . If W is the spanning set of v1 , v2 , . . . , vn ,
then we often say that W is spanned by v1 , v2 , . . . , vn .
Proposition 20.2 Let S = {v1 , v2 , . . . , vn } be vectors in a vector space V .
Then the span of S is a subspace of V .
Proof. Let u and v be in S. We can write both of these vectors as linear
combinations of the vi ’s:
                            u = α1 v1 + α2 v2 + · · · + αn vn
                             v = β 1 v1 + β 2 v2 + · · · + β n vn .
Then
             u + v = (α1 + β1 )v1 + (α2 + β2 )v2 + · · · + (αn + βn )vn
is a linear combination of the vi ’s. For α ∈ F ,
                     αu = (αα1 )v1 + (αα2 )v2 + · · · + (ααn )vn
is in the span of S.                                                                         


20.3       Linear Independence
Let S = {v1 , v2 , . . . , vn } be a set of vectors in a vector space V . If there exist
scalars α1 , α2 . . . αn ∈ F such that not all of the αi ’s are zero and
                            α1 v1 + α2 v2 + · · · + αn vn = 0,
then S is said to be linearly dependent. If the set S is not linearly
dependent, then it is said to be linearly independent. More specifically,
S is a linearly independent set if
                             α1 v1 + α2 v2 + · · · + αn vn = 0
implies that
                                  α1 = α2 = · · · = αn = 0
for any set of scalars {α1 , α2 . . . αn }.
328                                          CHAPTER 20          VECTOR SPACES

Proposition 20.3 Let {v1 , v2 , . . . , vn } be a set of linearly independent vec-
tors in a vector space. Suppose that

           v = α1 v1 + α2 v2 + · · · + αn vn = β1 v1 + β2 v2 + · · · + βn vn .

Then α1 = β1 , α2 = β2 , . . . , αn = βn .

Proof. If

           v = α1 v1 + α2 v2 + · · · + αn vn = β1 v1 + β2 v2 + · · · + βn vn ,

then
              (α1 − β1 )v1 + (α2 − β2 )v2 + · · · + (αn − βn )vn = 0.
Since v1 , . . . , vn are linearly independent, αi − βi = 0 for i = 1, . . . , n.   
    The definition of linear dependence makes more sense if we consider the
following proposition.

Proposition 20.4 A set {v1 , v2 , . . . , vn } of vectors in a vector space V is
linearly dependent if and only if one of the vi ’s is a linear combination of
the rest.

Proof. Suppose that {v1 , v2 , . . . , vn } is a set of linearly dependent vectors.
Then there exist scalars α1 , . . . , αn such that

                          α1 v1 + α2 v2 + · · · + αn vn = 0,

with at least one of the αi ’s not equal to zero. Suppose that αk 6= 0. Then
                    α1              αk−1        αk+1                αn
           vk = −      v1 − · · · −      vk−1 −      vk+1 − · · · −    vn .
                    αk               αk          αk                 αk
      Conversely, suppose that

             vk = β1 v1 + · · · + βk−1 vk−1 + βk+1 vk+1 + · · · + βn vn .

Then

           β1 v1 + · · · + βk−1 vk−1 − vk + βk+1 vk+1 + · · · + βn vn = 0.

                                                                                    
   The following proposition is a consequence of the fact that any system of
homogeneous linear equations with more unknowns than equations will have
a nontrivial solution. We leave the details of the proof for the end-of-chapter
exercises.
20.3   LINEAR INDEPENDENCE                                                          329

Proposition 20.5 Suppose that a vector space V is spanned by n vectors.
If m > n, then any set of m vectors in V must be linearly dependent.

   A set {e1 , e2 , . . . , en } of vectors in a vector space V is called a basis for
V if {e1 , e2 , . . . , en } is a linearly independent set that spans V .

Example 7. The vectors e1 = (1, 0, 0), e2 = (0, 1, 0), and e3 = (0, 0, 1)
form a basis for R3 . The set certainly spans R3 , since any arbitrary vector
(x1 , x2 , x3 ) in R3 can be written as x1 e1 + x2 e2 + x3 e3 . Also, none of the
vectors e1 , e2 , e3 can be written as a linear combination of the other two;
hence, they are linearly independent. The vectors e1 , e2 , e3 are not the only
basis of R3 : the set {(3, 2, 1), (3, 2, 0), (1, 1, 1)} is also a basis for R3 . 

                    √             √                             √
Example
    √     8. √Let Q(  2 ) = {a + b  2√: a, b ∈ Q}. The sets {1,   2 } and
{1 + 2, 1 − 2 } are both bases of Q( 2 ).                               
    From the last two examples it should be clear that a given vector space
has several bases. In fact, there are an infinite number of bases for both
of these examples. In general, there is no unique basis for a vector space.
However,                  3
     √ every basis of R consists of exactly three vectors, and every basis
of Q( 2 ) consists of exactly two vectors. This is a consequence of the next
proposition.

Proposition 20.6 Let {e1 , e2 , . . . , em } and {f1 , f2 , . . . , fn } be two bases for
a vector space V . Then m = n.

Proof. Since {e1 , e2 , . . . , em } is a basis, it is a linearly independent set. By
Proposition 20.5, n ≤ m. Similarly, {f1 , f2 , . . . , fn } is a linearly independent
set, and the last proposition implies that m ≤ n. Consequently, m = n.
                                                                                    
   If {e1 , e2 , . . . , en } is a basis for a vector space V , then we say that the
dimension of V is n and we write dim V = n. We will leave the proof of
the following theorem as an exercise.

Theorem 20.7 Let V be a vector space of dimension n.

   1. If S = {v1 , . . . , vn } is a set of linearly independent vectors for V , then
      S is a basis for V .

   2. If S = {v1 , . . . , vn } spans V , then S is a basis for V .
330                                                CHAPTER 20               VECTOR SPACES

  3. If S = {v1 , . . . , vk } is a set of linearly independent vectors for V with
     k < n, then there exist vectors vk+1 , . . . , vn such that

                                   {v1 , . . . , vk , vk+1 , . . . , vn }

      is a basis for V .



Exercises
  1. If F is a field, show that F [x] is a vector space over F , where the vectors
     in F [x] are polynomials. Vector addition is polynomial addition, and scalar
     multiplication is defined by αp(x) for α ∈ F .
                     √
  2. Prove that Q( 2 ) is a vector space.
            √ √                                                          √     √
  3. Let Q( 2, 3 ) be the field generated√by √ elements of the form a + b 2 + c 3,
     where a, b, c are in Q. Prove√that√Q( 2, 3 ) is a vector space of dimension 4
     over Q. Find a basis for Q( 2, 3 ).
  4. Prove that the complex numbers are a vector space of dimension 2 over R.
  5. Prove that the set Pn of all polynomials of degree less than n form a subspace
     of the vector space F [x]. Find a basis for Pn and compute the dimension
     of Pn .
  6. Let F be a field and denote the set of n-tuples of F by F n . Given vectors
     u = (u1 , . . . , un ) and v = (v1 , . . . , vn ) in F n and α in F , define vector addition
     by
               u + v = (u1 , . . . , un ) + (v1 , . . . , vn ) = (u1 + v1 , . . . , un + vn )
      and scalar multiplication by

                            αu = α(u1 , . . . , un ) = (αu1 , . . . , αun ).

      Prove that F n is a vector space of dimension n under these operations.
  7. Which of the following sets are subspaces of R3 ? If the set is indeed a subspace,
     find a basis for the subspace and compute its dimension.
       (a) {(x1 , x2 , x3 ) : 3x1 − 2x2 + x3 = 0}
       (b) {(x1 , x2 , x3 ) : 3x1 + 4x3 = 0, 2x1 − x2 + x3 = 0}
       (c) {(x1 , x2 , x3 ) : x1 − 2x2 + 2x3 = 2}
       (d) {(x1 , x2 , x3 ) : 3x1 − 2x22 = 0}
EXERCISES                                                                             331

  8. Show that the set of all possible solutions (x, y, z) ∈ R3 of the equations

                                     Ax + By + Cz = 0
                                     Dx + Ey + Cz = 0

     form a subspace of R3 .
  9. Let W be the subset of continuous functions on [0, 1] such that f (0) = 0.
     Prove that W is a subspace of C[0, 1].
 10. Let V be a vector space over F . Prove that −(αv) = (−α)v = α(−v) for all
     α ∈ F and all v ∈ V .
 11. Let V be a vector space of dimension n. Prove each of the following statements.
      (a) If S = {v1 , . . . , vn } is a set of linearly independent vectors for V , then
          S is a basis for V .
      (b) If S = {v1 , . . . , vn } spans V , then S is a basis for V .
      (c) If S = {v1 , . . . , vk } is a set of linearly independent vectors for V with
          k < n, then there exist vectors vk+1 , . . . , vn such that

                                     {v1 , . . . , vk , vk+1 , . . . , vn }

          is a basis for V .
 12. Prove that any set of vectors containing 0 is linearly dependent.
 13. Let V be a vector space. Show that {0} is a subspace of V of dimension zero.
 14. If a vector space V is spanned by n vectors, show that any set of m vectors
     in V must be linearly dependent for m > n.
 15. Linear Transformations. Let V and W be vector spaces over a field F , of
     dimensions m and n, respectively. If T : V → W is a map satisfying

                                  T (u + v) = T (u) + T (v)
                                     T (αv) = αT (v)

     for all α ∈ F and all u, v ∈ V , then T is called a linear transformation
     from V into W .
      (a) Prove that the kernel of T , ker(T ) = {v ∈ V : T (v) = 0}, is a subspace
          of V . The kernel of T is sometimes called the null space of T .
      (b) Prove that the range or range space of T , R(V ) = {w ∈ W : T (v) =
          w for some v ∈ V }, is a subspace of W .
      (c) Show that T : V → W is injective if and only if ker(T ) = {0}.
      (d) Let {v1 , . . . , vk } be a basis for the null space of T . We can extend this
          basis to be a basis {v1 , . . . , vk , vk+1 , . . . , vm } of V . Why? Prove that
          {T (vk+1 ), . . . , T (vm )} is a basis for the range of T . Conclude that the
          range of T has dimension m − k.
332                                           CHAPTER 20           VECTOR SPACES

       (e) Let dim V = dim W . Show that a linear transformation T : V → W is
           injective if and only if it is surjective.
 16. Let V and W be finite dimensional vector spaces of dimension n over a field
     F . Suppose that T : V → W is a vector space isomorphism. If {v1 , . . . , vn }
     is a basis of V , show that {T (v1 ), . . . , T (vn )} is a basis of W . Conclude that
     any vector space over a field F of dimension n is isomorphic to F n .
 17. Direct Sums. Let U and V be subspaces of a vector space W . The sum of
     U and V , denoted U + V , is defined to be the set of all vectors of the form
     u + v, where u ∈ U and v ∈ V .
       (a) Prove that U + V and U ∩ V are subspaces of W .
       (b) If U + V = W and U ∩ V = 0, then W is said to be the direct sum of
           U and V and we write W = U ⊕ V . Show that every element w ∈ W
           can be written uniquely as w = u + v, where u ∈ U and v ∈ V .
       (c) Let U be a subspace of dimension k of a vector space W of dimension
           n. Prove that there exists a subspace V of dimension n − k such that
           W = U ⊕ V . Is the subspace V unique?
       (d) If U and V are arbitrary subspaces of a vector space W , show that

                          dim(U + V ) = dim U + dim V − dim(U ∩ V ).

 18. Dual Spaces. Let V and W be finite dimensional vector spaces over a
     field F .
       (a) Show that the set of all linear transformations from V into W , denoted
           by Hom(V, W ), is a vector space over F , where we define vector addition
           as follows:

                                     (S + T )(v) = S(v) + T (v)
                                        (αS)(v) = αS(v),

           where S, T ∈ Hom(V, W ), α ∈ F , and v ∈ V .
       (b) Let V be an F -vector space. Define the dual space of V to be V ∗ =
           Hom(V, F ). Elements in the dual space of V are called linear function-
           als. Let v1 , . . . , vn be an ordered basis for V . If v = α1 v1 + · · · + αn vn
           is any vector in V , define a linear functional φi : V → F by φi (v) = αi .
           Show that the φi ’s form a basis for V ∗ . This basis is called the dual
           basis of v1 , . . . , vn (or simply the dual basis if the context makes the
           meaning clear).
       (c) Consider the basis {(3, 1), (2, −2)} for R2 . What is the dual basis for
           (R2 )∗ ?
       (d) Let V be a vector space of dimension n over a field F and let V ∗∗ be the
           dual space V ∗ . Show that each element v ∈ V gives rise to an element
           λv in V ∗∗ and that the map v 7→ λv is an isomorphism of V with V ∗∗ .
EXERCISES                                                                       333

References and Suggested Readings
  [1] Beezer, R. A First Course in Linear Algebra. Available online at
      http://linear.ups.edu/. 2004.
  [2] Bretscher, O. Linear Algebra with Applications. 4th ed. Pearson, Upper
      Saddle River, NJ, 2009.
  [3] Curtis, C. W. Linear Algebra: An Introductory Approach. 4th ed. Springer,
      New York, 1984.
  [4] Hoffman, K. and Kunze, R. Linear Algebra. 2nd ed. Prentice-Hall, Englewood
      Cliffs, NJ, 1971.
  [5] Johnson, L. W., Riess, R. D., and Arnold, J. T. Introduction to Linear Algebra.
      6th ed. Pearson, Upper Saddle River, NJ, 2011.
  [6] Leon, S. J. Linear Algebra with Applications. 8th ed. Pearson, Upper Saddle
      River, NJ, 2010.

Sage Many of Sage’s computations, in a wide variety of algebraic settings,
come from solving problems in linear algebra. So you will find a wealth of
linear algebra functionality. Further, you can use structures such as finite
fields, to find vector spaces in new settings.
                                    21
                               Fields



It is natural to ask whether or not some field F is contained in a larger field.
We think of the rational numbers, which reside inside the real numbers, while
in turn, the real numbers live inside the complex numbers. We can also study
the fields between Q and R and inquire as to the nature of these fields.
     More specifically if we are given a field F and a polynomial p(x) ∈ F [x],
we can ask whether or not we can find a field E containing F such that
p(x) factors into linear factors over E[x]. For example, if we consider the
polynomial
                              p(x) = x4 − 5x2 + 6
in Q[x], then p(x) factors as (x2 − 2)(x2 − 3). However, both of these factors
are irreducible in Q[x]. If we wish to find a zero of p(x), we must go to a
larger field. Certainly the field of real numbers will work, since
                              √         √       √        √
                 p(x) = (x − 2)(x + 2)(x − 3)(x + 3).
It is possible to find a smaller field in which p(x) has a zero, namely
                           √              √
                         Q( 2) = {a + b 2 : a, b ∈ Q}.
We wish to be able to compute and study such fields for arbitrary polynomials
over a field F .


21.1      Extension Fields
A field E is an extension field of a field F if F is a subfield of E. The field
F is called the base field . We write F ⊂ E.

Example 1. For example, let
                        √           √
                 F = Q( 2 ) = {a + b 2 : a, b ∈ Q}

                                      334
21.1   EXTENSION FIELDS                                                     335
                √ √                                                    √ √
and let E = Q( 2+ 3 ) be the smallest field containing both Q and 2+ 3.
Both E and F are extension fields of the rational numbers. We √      claim that
E is an√ extension
             √     field of F√. To see
                                   √   this,√we need
                                                 √   only show that    2 is in E.
Since 2 + 3 is in E,√1/( √      2 + 3 )√= 3√− 2 must also√     be in E.√Taking
linear combinations of 2 + 3 and 3 − 2, we find that 2 and 3 must
both be in E.                                                                  

Example 2. Let p(x) = x2 + x + 1 ∈ Z2 [x]. Since neither 0 nor 1 is
a root of this polynomial, we know that p(x) is irreducible over Z2 . We
will construct a field extension of Z2 containing an element α such that
p(α) = 0. By Theorem 17.13, the ideal hp(x)i generated by p(x) is maximal;
hence, Z2 [x]/hp(x)i is a field. Let f (x) + hp(x)i be an arbitrary element of
Z2 [x]/hp(x)i. By the division algorithm,
                       f (x) = (x2 + x + 1)q(x) + r(x),
where the degree of r(x) is less than the degree of x2 + x + 1. Therefore,
                 f (x) + hx2 + x + 1i = r(x) + hx2 + x + 1i.
The only possibilities for r(x) are then 0, 1, x, and 1 + x. Consequently,
E = Z2 [x]/hx2 + x + 1i is a field with four elements and must be a field
extension of Z2 , containing a zero α of p(x). The field Z2 (α) consists of
elements
                               0 + 0α = 0
                               1 + 0α = 1
                               0 + 1α = α
                               1 + 1α = 1 + α.
Notice that α2 + α + 1 = 0; hence, if we compute (1 + α)2 ,
                   (1 + α)(1 + α) = 1 + α + α + (α)2 = α.
Other calculations are accomplished in a similar manner. We summarize
these computations in the following tables, which tell us how to add and
multiply elements in E.
                     +       0        1       α       1+α
                     0       0        1       α       1+α
                     1       1        0      1+α       α
                     α       α       1+α      0        1
                    1+α     1+α       α       1        0
336                                                   CHAPTER 21         FIELDS

                        ·       0    1       α       1+α
                        0       0    0       0        0
                        1       0    1       α       1+α
                        α       0    α      1+α       1
                       1+α      0   1+α      1        α

                                                                                
    The following theorem, due to Kronecker, is so important and so basic
to our understanding of fields that it is often known as the Fundamental
Theorem of Field Theory.

Theorem 21.1 Let F be a field and let p(x) be a nonconstant polynomial
in F [x]. Then there exists an extension field E of F and an element α ∈ E
such that p(α) = 0.

Proof. To prove this theorem, we will employ the method that we used
to construct Example 2. Clearly, we can assume that p(x) is an irreducible
polynomial. We wish to find an extension field E of F containing an element
α such that p(α) = 0. The ideal hp(x)i generated by p(x) is a maximal
ideal in F [x] by Theorem 17.13; hence, F [x]/hp(x)i is a field. We claim that
E = F [x]/hp(x)i is the desired field.
    We first show that E is a field extension of F . We can define a homo-
morphism of commutative rings by the map ψ : F → F [x]/hp(x)i, where
ψ(a) = a + hp(x)i for a ∈ F . It is easy to check that ψ is indeed a ring
homomorphism. Observe that

  ψ(a) + ψ(b) = (a + hp(x)i) + (b + hp(x)i) = (a + b) + hp(x)i = ψ(a + b)

and
         ψ(a)ψ(b) = (a + hp(x)i)(b + hp(x)i) = ab + hp(x)i = ψ(ab).
To prove that ψ is one-to-one, assume that

                    a + hp(x)i = ψ(a) = ψ(b) = b + hp(x)i.

Then a−b is a multiple of p(x), since it lives in the ideal hp(x)i. Since p(x) is a
nonconstant polynomial, the only possibility is that a − b = 0. Consequently,
a = b and ψ is injective. Since ψ is one-to-one, we can identify F with the
subfield {a + hp(x)i : a ∈ F } of E and view E as an extension field of F .
21.1   EXTENSION FIELDS                                                            337

   It remains for us to prove that p(x) has a zero α ∈ E. Set α = x + hp(x)i.
Then α is in E. If p(x) = a0 + a1 x + · · · + an xn , then
              p(α) = a0 + a1 (x + hp(x)i) + · · · + an (x + hp(x)i)n
                    = a0 + (a1 x + hp(x)i) + · · · + (an xn + hp(x)i)
                    = a0 + a1 x + · · · + an xn + hp(x)i
                    = 0 + hp(x)i.
Therefore, we have found an element α ∈ E = F [x]/hp(x)i such that α is a
zero of p(x).                                                          

Example 3. Let p(x) = x5 + x4 + 1 ∈ Z2 [x]. Then p(x) has irreducible
factors x2 + x + 1 and x3 + x + 1. For a field extension E of Z2 such that p(x)
has a root in E, we can let E be either Z2 [x]/hx2 +x+1i or Z2 [x]/hx3 +x+1i.
We will leave it as an exercise to show that Z2 [x]/hx3 + x + 1i is a field with
23 = 8 elements.                                                              


Algebraic Elements
An element α in an extension field E over F is algebraic over F if f (α) = 0
for some nonzero polynomial f (x) ∈ F [x]. An element in E that is not
algebraic over F is transcendental over F . An extension field E of a
field F is an algebraic extension of F if every element in E is algebraic
over F . If E is a field extension of F and α1 , . . . , αn are contained in E, we
denote the smallest field containing F and α1 , . . . , αn by F (α1 , . . . , αn ). If
E = F (α) for some α ∈ E, then E is a simple extension of F .
                      √
Example 4. Both 2 and i are algebraic over Q since they are zeros of the
polynomials x2 − 2 and x2 +1, respectively. Clearly π and e are algebraic over
the real numbers; however, it is a nontrivial fact that they are transcendental
over Q. Numbers in R that are algebraic over Q are in fact quite rare. Almost
all real numbers are transcendental over Q.1 (In many cases we do not know
whether or not a particular number is transcendental; for example, it is not
known whether π + e is transcendental or algebraic.)                                
   A complex number that is algebraic over Q is an algebraic number . A
transcendental number is an element of C that is transcendental over Q.
                                  p      √
Example  5. We will show that 2 + 3 is algebraic over Q. If α =
p    √                   √                        √
  2 + 3, then α2 = 2 + 3. Hence, α2 − 2 = 3 and (α2 − 2)2 = 3.
   1
    If we choose a number in R, then there is a probability of 1 that the number will be
transcendental over Q.
338                                                  CHAPTER 21        FIELDS

Since α4 − 4α2 + 1 = 0, it must be true that α is a zero of the polynomial
x4 − 4x2 + 1 ∈ Q[x].                                                    
   It is very easy to give an example of an extension field E over a field F ,
where E contains an element transcendental over F . The following theorem
characterizes transcendental extensions.
Theorem 21.2 Let E be an extension field of F and α ∈ E. Then α is
transcendental over F if and only if F (α) is isomorphic to F (x), the field of
fractions of F [x].
Proof. Let φα : F [x] → E be the evaluation homomorphism for α. Then α
is transcendental over F if and only if φα (p(x)) = p(α) 6= 0 for all nonconstant
polynomials p(x) ∈ F [x]. This is true if and only if ker φα = {0}; that is,
it is true exactly when φα is one-to-one. Hence, E must contain a copy of
F [x]. The smallest field containing F [x] is the field of fractions F (x). By
Theorem 18.4, E must contain a copy of this field.                             
      We have a more interesting situation in the case of algebraic extensions.
Theorem 21.3 Let E be an extension field of a field F and α ∈ E with
α algebraic over F . Then there is a unique irreducible monic polynomial
p(x) ∈ F [x] of smallest degree such that p(α) = 0. If f (x) is another
polynomial in F [x] such that f (α) = 0, then p(x) divides f (x).
Proof. Let φα : F [x] → E be the evaluation homomorphism. The kernel of
φα is a principal ideal generated by some p(x) ∈ F [x] with deg p(x) ≥ 1. We
know that such a polynomial exists, since F [x] is a principal ideal domain
and α is algebraic. The ideal hp(x)i consists exactly of those elements of
F [x] having α as a zero. If f (α) = 0 and f (x) is not the zero polynomial,
then f (x) ∈ hp(x)i and p(x) divides f (x). So p(x) is a polynomial of minimal
degree having α as a zero. Any other polynomial of the same degree having
α as a zero must have the form βp(x) for some β ∈ F .
    Suppose now that p(x) = r(x)s(x) is a factorization of p into polynomials
of lower degree. Since p(α) = 0, r(α)s(α) = 0; consequently, either r(α) = 0
or s(α) = 0, which contradicts the fact that p is of minimal degree. Therefore,
p(x) must be irreducible.                                                   
   Let E be an extension field of F and α ∈ E be algebraic over F . The
unique monic polynomial p(x) of the last theorem is called the minimal
polynomial for α over F . The degree of p(x) is the degree of α over F .
Example 6. Let f (x) = x2 − 2 and g(x)p
                                      = x4 − 4x2 + 1. These polynomials
                              √            √
are the minimal polynomials of 2 and 2 + 3, respectively.            
21.1   EXTENSION FIELDS                                                         339

Proposition 21.4 Let E be a field extension of F and α ∈ E be algebraic
over F . Then F (α) ∼
                    = F [x]/hp(x)i, where p(x) is the minimal polynomial of
α over F .

Proof. Let φα : F [x] → E be the evaluation homomorphism. The kernel of
this map is hp(x)i, where p(x) is the minimal polynomial of α. By the First
Isomorphism Theorem for rings, the image of φα in E is isomorphic to F (α)
since it contains both F and α.                                          

Theorem 21.5 Let E = F (α) be a simple extension of F , where α ∈ E
is algebraic over F . Suppose that the degree of α over F is n. Then every
element β ∈ E can be expressed uniquely in the form

                          β = b0 + b1 α + · · · + bn−1 αn−1

for bi ∈ F .

Proof. Since φα (F [x]) ∼= F (α), every element in E = F (α) must be of the
form φα (f (x)) = f (α), where f (α) is a polynomial in α with coefficients in
F . Let
                      p(x) = xn + an−1 xn−1 + · · · + a0
be the minimal polynomial of α. Then p(α) = 0; hence,

                           αn = −an−1 αn−1 − · · · − a0 .

Similarly,

       αn+1 = ααn
               = −an−1 αn − an−2 αn−1 − · · · − a0 α
               = −an−1 (−an−1 αn−1 − · · · − a0 ) − an−2 αn−1 − · · · − a0 α.

Continuing in this manner, we can express every monomial αm , m ≥ n, as a
linear combination of powers of α that are less than n. Hence, any β ∈ F (α)
can be written as
                      β = b0 + b1 α + · · · + bn−1 αn−1 .
    To show uniqueness, suppose that

         β = b0 + b1 α + · · · + bn−1 αn−1 = c0 + c1 α + · · · + cn−1 αn−1

for bi and ci in F . Then

             g(x) = (b0 − c0 ) + (b1 − c1 )x + · · · + (bn−1 − cn−1 )xn−1
340                                                  CHAPTER 21        FIELDS

is in F [x] and g(α) = 0. Since the degree of g(x) is less than the degree
of p(x), the irreducible polynomial of α, g(x) must be the zero polynomial.
Consequently,

                 b0 − c0 = b1 − c1 = · · · = bn−1 − cn−1 = 0,

or bi = ci for i = 0, 1, . . . , n − 1. Therefore, we have shown uniqueness.   

Example 7. Since x2 + 1 is irreducible over R, hx2 + 1i is a maximal ideal
in R[x]. So E = R[x]/hx2 + 1i is a field extension of R that contains a root of
x2 + 1. Let α = x + hx2 + 1i. We can identify E with the complex numbers.
By Proposition 21.4, E is isomorphic to R(α) = {a + bα : a, b ∈ R}. We
know that α2 = −1 in E, since

                  α2 + 1 = (x + hx2 + 1i)2 + (1 + hx2 + 1i)
                          = (x2 + 1) + hx2 + 1i
                          = 0.

Hence, we have an isomorphism of R(α) with C defined by the map that
takes a + bα to a + bi.                                           
    Let E be a field extension of a field F . If we regard E as a vector space
over F , then we can bring the machinery of linear algebra to bear on the
problems that we will encounter in our study of fields. The elements in the
field E are vectors; the elements in the field F are scalars. We can think
of addition in E as adding vectors. When we multiply an element in E
by an element of F , we are multiplying a vector by a scalar. This view of
field extensions is especially fruitful if a field extension E of F is a finite
dimensional vector space over F , and Theorem 21.5 states that E = F (α) is
finite dimensional vector space over F with basis {1, α, α2 , . . . , αn−1 }.
    If an extension field E of a field F is a finite dimensional vector space
over F of dimension n, then we say that E is a finite extension of degree
n over F . We write
                                 [E : F ] = n.
to indicate the dimension of E over F .

Theorem 21.6 Every finite extension field E of a field F is an algebraic
extension.

Proof. Let α ∈ E. Since [E : F ] = n, the elements

                                  1, α, . . . , αn
21.1   EXTENSION FIELDS                                                        341

cannot be linearly independent. Hence, there exist ai ∈ F , not all zero, such
that
                  an αn + an−1 αn−1 + · · · + a1 α + a0 = 0.
Therefore,
                         p(x) = an xn + · · · + a0 ∈ F [x]
is a nonzero polynomial with p(α) = 0.                                           
Remark. Theorem 21.6 says that every finite extension of a field F is an
algebraic extension. The converse is false, however. We will leave it as an
exercise to show that the set of all elements in R that are algebraic over Q
forms an infinite field extension of Q.
    The next theorem is a counting theorem, similar to Lagrange’s Theorem
in group theory. Theorem 21.6 will prove to be an extremely useful tool in
our investigation of finite field extensions.

Theorem 21.7 If E is a finite extension of F and K is a finite extension
of E, then K is a finite extension of F and

                            [K : F ] = [K : E][E : F ].

Proof. Let {α1 , . . . , αn } be a basis for E as a vector space over F and
{β1 , . . . , βm } be a basis for K as a vector space over E. We claim that {αi βj }
is a basis for K over   PmF . We will first Pshow that these vectors span K. Let
u ∈ K. Then u = j=1 bj βj and bj = ni=1 aij αi , where bj ∈ E and aij ∈ F .
Then
                              m     n
                                            !
                             X     X               X
                        u=            aij αi βj =      aij (αi βj ).
                         j=1     i=1                    i,j

So the mn vectors αi βj must span K over F .
   We must show that {αi βj } are linearly independent. Recall that a set of
vectors v1 , v2 , . . . , vn in a vector space V are linearly independent if

                          c1 v1 + c2 v2 + · · · + cn vn = 0

implies that
                               c1 = c2 = · · · = cn = 0.
Let                                    X
                                u=           cij (αi βj ) = 0
                                       i,j
342                                                         CHAPTER 21   FIELDS

for cij ∈ F . We need to prove that all of the cij ’s are zero. We can rewrite u
as
                            m     n
                                          !
                           X     X
                                    cij αi βj = 0,
                              j=1    i=1
        P
where i cij αi ∈ E. Since the βj ’s are linearly independent over E, it must
be the case that
                              X n
                                    cij αi = 0
                                    i=1

for all j. However, the αj are also linearly independent over F . Therefore,
cij = 0 for all i and j, which completes the proof.                       
      The following corollary is easily proved using mathematical induction.

Corollary 21.8 If Fi is a field for i = 1, . . . , k and Fi+1 is a finite extension
of Fi , then Fk is a finite extension of F1 and

                       [Fk : F1 ] = [Fk : Fk−1 ] · · · [F2 : F1 ].

Corollary 21.9 Let E be an extension field of F . If α ∈ E is algebraic over
F with minimal polynomial p(x) and β ∈ F (α) with minimal polynomial
q(x), then deg q(x) divides deg p(x).

Proof. We know that deg p(x) = [F (α) : F ] and deg q(x) = [F (β) : F ].
Since F ⊂ F (β) ⊂ F (α),

                     [F (α) : F ] = [F (α) : F (β)][F (β) : F ].

                                                                                 
                                                                √ √
Example 8. Let us determine an extension field of Q √containing
                                                         √         3+ 5. It
is easy to determine that the minimal polynomial of 3 + 5 is x4 − 16x2 + 4.
It follows that                √     √
                            [Q( 3 + 5 ) : Q] = 4.
                     √                     √                        √         √
We know that √    {1, 3 } is a basis for
                                      √ Q( 3 ) over Q. √Hence, 3 + 5
cannot be√in Q( 3 ). It follows √that√ 5 cannot√be in√Q( 3 ) either. √ There-
    √ {1,√ 5√} is
fore,           √ a basis
                      √ for Q( 3, 5 ) = √   (Q( √3 ))( 5 )√over √
                                                                Q( 3 ) and
{1, 3, 5, 3 5 = 15 } is a basis for Q( 3, 5 ) = Q( 3 + 5 ) over Q.
This example shows that it is possible that some extension F (α1 , . . . , αn ) is
actually a simple extension of F even though n > 1.                             
21.1    EXTENSION FIELDS                                                                  343
                                                            √
                                                            3
                                                                 √                √
Example 9. Let us compute           √   a   basis   for Q(    5,   5 i),  where      5 is the
                                    3
positive
√         square
           √      root of 5 and 5 is the real cube root of 5. We know that
  5i ∈/ Q( 3 5 ), so           √      √              √
                                3                    3
                          [Q( 5, 5 i) : Q( 5 )] = 2.
                                     √                            √3
                                                                         √               √
                                                                                         3
It is easy to determine that
                          √    {1,
                                 √       5i  } is a  basis for Q( √  5,    5 i) over  Q(   5 ).
We also know     that {1, 3
                            5, (  3
                                    5  ) 2 } is a basis for Q( 3 5 ) over Q. Hence, a
             √ √
basis for Q( 5, 3 5 i) over Q is
                √     √    √          √           √            √          √
            {1, 5 i, 5, ( 5 )2 , ( 5 )5 i, ( 5 )7 i = 5 5 i or 5 i}.
                      3     3           6          6            6         6


              √
Notice that 6 5 i is a zero of x6 + 5. We can show that this polynomial is
irreducible over Q using Eisenstein’s Criterion, where we let p = 5. Conse-
quently,                             √                √   √
                                      6               3
                          Q ⊂ Q( 5 i) ⊂ Q( 5, 5 i).
                                          √              √ √
But it must be the case that Q( 6 5 i) = Q( 3 5, 5 i), since the degree of
both of these extensions is 6.                                                              

Theorem 21.10 Let E be a field extension of F . Then the following state-
ments are equivalent.

   1. E is a finite extension of F .

   2. There exists a finite number of algebraic elements α1 , . . . , αn ∈ E such
      that E = F (α1 , . . . , αn ).

   3. There exists a sequence of fields

              E = F (α1 , . . . , αn ) ⊃ F (α1 , . . . , αn−1 ) ⊃ · · · ⊃ F (α1 ) ⊃ F,

       where each field F (α1 , . . . , αi ) is algebraic over F (α1 , . . . , αi−1 ).

Proof. (1) ⇒ (2). Let E be a finite algebraic extension of F . Then E is a
finite dimensional vector space over F and there exists a basis consisting of
elements α1 , . . . , αn in E such that E = F (α1 , . . . , αn ). Each αi is algebraic
over F by Theorem 21.6.
    (2) ⇒ (3). Suppose that E = F (α1 , . . . , αn ), where every αi is algebraic
over F . Then

           E = F (α1 , . . . , αn ) ⊃ F (α1 , . . . , αn−1 ) ⊃ · · · ⊃ F (α1 ) ⊃ F,

where each field F (α1 , . . . , αi ) is algebraic over F (α1 , . . . , αi−1 ).
344                                                                CHAPTER 21        FIELDS

      (3) ⇒ (1). Let

          E = F (α1 , . . . , αn ) ⊃ F (α1 , . . . , αn−1 ) ⊃ · · · ⊃ F (α1 ) ⊃ F,

where each field F (α1 , . . . , αi ) is algebraic over F (α1 , . . . , αi−1 ). Since

                       F (α1 , . . . , αi ) = F (α1 , . . . , αi−1 )(αi )

is simple extension and αi is algebraic over F (α1 , . . . , αi−1 ), it follows that

                          [F (α1 , . . . , αi ) : F (α1 , . . . , αi−1 )]

is finite for each i. Therefore, [E : F ] is finite.                                     

Algebraic Closure
Given a field F , the question arises as to whether or not we can find a field
E such that every polynomial p(x) has a root in E. This leads us to the
following theorem.

Theorem 21.11 Let E be an extension field of F . The set of elements in
E that are algebraic over F form a field.

Proof. Let α, β ∈ E be algebraic over F . Then F (α, β) is a finite extension
of F . Since every element of F (α, β) is algebraic over F , α ± β, αβ, and α/β
   6 0) are all algebraic over F . Consequently, the set of elements in E that
(β =
are algebraic over F forms a field.                                           

Corollary 21.12 The set of all algebraic numbers forms a field; that is, the
set of all complex numbers that are algebraic over Q makes up a field.

    Let E be a field extension of a field F . We define the algebraic closure
of a field F in E to be the field consisting of all elements in E that are
algebraic over F . A field F is algebraically closed if every nonconstant
polynomial in F [x] has a root in F .

Theorem 21.13 A field F is algebraically closed if and only if every non-
constant polynomial in F [x] factors into linear factors over F [x].

Proof. Let F be an algebraically closed field. If p(x) ∈ F [x] is a nonconstant
polynomial, then p(x) has a zero in F , say α. Therefore, x − α must be a
21.2   SPLITTING FIELDS                                                     345

factor of p(x) and so p(x) = (x − α)q1 (x), where deg q1 (x) = deg p(x) − 1.
Continue this process with q1 (x) to find a factorization
                          p(x) = (x − α)(x − β)q2 (x),
where deg q2 (x) = deg p(x) − 2. The process must eventually stop since the
degree of p(x) is finite.
    Conversely, suppose that every nonconstant polynomial p(x) in F [x]
factors into linear factors. Let ax − b be such a factor. Then p(b/a) = 0.
Consequently, F is algebraically closed.                                 

Corollary 21.14 An algebraically closed field F has no proper algebraic
extension E.

Proof. Let E be an algebraic extension of F ; then F ⊂ E. For α ∈ E, the
minimal polynomial of α is x − α. Therefore, α ∈ F and F = E.         

Theorem 21.15 Every field F has a unique algebraic closure.

   It is a nontrivial fact that every field has a unique algebraic closure. The
proof is not extremely difficult, but requires some rather sophisticated set
theory. We refer the reader to [3], [4], or [8] for a proof of this result.
   We now state the Fundamental Theorem of Algebra, first proven by
Gauss at the age of 22 in his doctoral thesis. This theorem states that
every polynomial with coefficients in the complex numbers has a root in the
complex numbers. The proof of this theorem will be given in Chapter 23.

Theorem 21.16 (Fundamental Theorem of Algebra) The field of com-
plex numbers is algebraically closed.


21.2      Splitting Fields
 Let F be a field and p(x) be a nonconstant polynomial in F [x]. We already
 know that we can find a field extension of F that contains a root of p(x).
 However, we would like to know whether an extension E of F containing all
 of the roots of p(x) exists. In other words, can we find a field extension of
 F such that p(x) factors into a product of linear polynomials? What is the
“smallest” extension containing all the roots of p(x)?
     Let F be a field and p(x) = a0 + a1 x + · · · + an xn be a nonconstant
 polynomial in F [x]. An extension field E of F is a splitting field of p(x) if
 there exist elements α1 , . . . , αn in E such that E = F (α1 , . . . , αn ) and
                     p(x) = (x − α1 )(x − α2 ) · · · (x − αn ).
346                                                  CHAPTER 21        FIELDS

A polynomial p(x) ∈ F [x] splits in E if it is the product of linear factors
in E[x].

Example 10. Let p(x) = x4 + 2x2 − 8 be in Q[x]. Then
                                                  √ p(x) has irreducible
factors x2 − 2 and x2 + 4. Therefore, the field Q( 2, i) is a splitting field
for p(x).                                                                  

Example √  11. Let p(x) = x3 − 3 be in Q[x]. Then p(x) has a root in the
         3
field Q( 3 ). However, this field is not a splitting field for p(x) since the
complex cube roots of 3,        √      √
                             − 3 3 ± ( 6 3 )5 i
                                                ,
                                     2
             √
are not in Q( 3 3 ).                                                       

Theorem 21.17 Let p(x) ∈ F [x] be a nonconstant polynomial. Then there
exists a splitting field E for p(x).

Proof. We will use mathematical induction on the degree of p(x). If
deg p(x) = 1, then p(x) is a linear polynomial and E = F . Assume that
the theorem is true for all polynomials of degree k with 1 ≤ k < n and let
deg p(x) = n. We can assume that p(x) is irreducible; otherwise, by our
induction hypothesis, we are done. By Theorem 21.1, there exists a field
K such that p(x) has a zero α1 in K. Hence, p(x) = (x − α1 )q(x), where
q(x) ∈ K[x]. Since deg q(x) = n − 1, there exists a splitting field E ⊃ K of
q(x) that contains the zeros α2 , . . . , αn of p(x) by our induction hypothesis.
Consequently,
                    E = K(α2 , . . . , αn ) = F (α1 , . . . , αn )
is a splitting field of p(x).                                                 
    The question of uniqueness now arises for splitting fields. This question
is answered in the affirmative. Given two splitting fields K and L of a
polynomial p(x) ∈ F [x], there exists a field isomorphism φ : K → L that
preserves F . In order to prove this result, we must first prove a lemma.

Lemma 21.18 Let φ : E → F be an isomorphism of fields. Let K be an
extension field of E and α ∈ K be algebraic over E with minimal polynomial
p(x). Suppose that L is an extension field of F such that β is root of the
polynomial in F [x] obtained from p(x) under the image of φ. Then φ extends
to a unique isomorphism ψ : E(α) → F (β) such that ψ(α) = β and ψ agrees
with φ on E.
21.2    SPLITTING FIELDS                                                         347

Proof. If p(x) has degree n, then by Theorem 21.5 we can write any
element in E(α) as a linear combination of 1, α, . . . , αn−1 . Therefore, the
isomorphism that we are seeking must be

   ψ(a0 + a1 α + · · · + an−1 αn−1 ) = φ(a0 ) + φ(a1 )β + · · · + φ(an−1 )β n−1 ,

where
                            a0 + a1 α + · · · + an−1 αn−1
is an element in E(α). The fact that ψ is an isomorphism could be checked by
direct computation; however, it is easier to observe that ψ is a composition
of maps that we already know to be isomorphisms.
    We can extend φ to be an isomorphism from E[x] to F [x], which we will
also denote by φ, by letting

         φ(a0 + a1 x + · · · + an xn ) = φ(a0 ) + φ(a1 )x + · · · + φ(an )xn .

This extension agrees with the original isomorphism φ : E → F , since
constant polynomials get mapped to constant polynomials. By assumption,
φ(p(x)) = q(x); hence, φ maps hp(x)i onto hq(x)i. Consequently, we have
an isomorphism φ : E[x]/h p(x)i → F [x]/h q(x)i. By Theorem 21.4, we have
isomorphisms σ : E[x]/hp(x)i → F (α) and τ : F [x]/hq(x)i → F (β), defined
by evaluation at α and β, respectively. Therefore, ψ = τ −1 φσ is the required
isomorphism.

                                          ψ
                             E(α)                  F (β)

                                   σ                     τ
                                          φ
                         E[x]/hp(x)i           F [x]/hq(x)i


                                          φ
                               E                     F

   We leave the proof of uniqueness as a exercise.                                  

Theorem 21.19 Let φ : E → F be an isomorphism of fields and let p(x)
be a nonconstant polynomial in E[x] and q(x) the corresponding polynomial
in F [x] under the isomorphism. If K is a splitting field of p(x) and L is a
splitting field of q(x), then φ extends to an isomorphism ψ : K → L.
348                                                CHAPTER 21       FIELDS

Proof. We will use mathematical induction on the degree of p(x). We can
assume that p(x) is irreducible over E. Therefore, q(x) is also irreducible
over F . If deg p(x) = 1, then by the definition of a splitting field, K = E
and L = F and there is nothing to prove.
   Assume that the theorem holds for all polynomials of degree less than n.
Since K is a splitting field of E, all of the roots of p(x) are in K. Choose
one of these roots, say α, such that E ⊂ E(α) ⊂ K. Similarly, we can find a
root β of q(x) in L such that F ⊂ F (β) ⊂ L. By Lemma 21.18, there exists
an isomorphism φ : E(α) → F (β) such that φ(α) = β and φ agrees with φ
on E.

                                     ψ
                              K             L


                                     φ
                            E(α)           F (β)


                                     φ
                              E             F

    Now write p(x) = (x − α)f (x) and q(x) = (x − β)g(x), where the degrees
of f (x) and g(x) are less than the degrees of p(x) and q(x), respectively.
The field extension K is a splitting field for f (x) over E(α), and L is a
splitting field for g(x) over F (β). By our induction hypothesis there exists
an isomorphism ψ : K → L such that ψ agrees with φ on E(α). Hence, there
exists an isomorphism ψ : K → L such that ψ agrees with φ on E.            

Corollary 21.20 Let p(x) be a polynomial in F [x]. Then there exists a
splitting field K of p(x) that is unique up to isomorphism.


21.3     Geometric Constructions
In ancient Greece, three classic problems were posed. These problems are
geometric in nature and involve straightedge-and-compass constructions from
what is now high school geometry; that is, we are allowed to use only a
straightedge and compass to solve them. The problems can be stated as
follows.

  1. Given an arbitrary angle, can one trisect the angle into three equal
     subangles using only a straightedge and compass?
21.3   GEOMETRIC CONSTRUCTIONS                                               349

   2. Given an arbitrary circle, can one construct a square with the same
      area using only a straightedge and compass?

   3. Given a cube, can one construct the edge of another cube having
      twice the volume of the original? Again, we are only allowed to use a
      straightedge and compass to do the construction.

After puzzling mathematicians for over two thousand years, each of these
constructions was finally shown to be impossible. We will use the theory of
fields to provide a proof that the solutions do not exist. It is quite remarkable
that the long-sought solution to each of these three geometric problems came
from abstract algebra.
     First, let us determine more specifically what we mean by a straightedge
and compass, and also examine the nature of these problems in a bit more
depth. To begin with, a straightedge is not a ruler. We cannot measure
arbitrary lengths with a straightedge. It is merely a tool for drawing a line
through two points. The statement that the trisection of an arbitrary angle
is impossible means that there is at least one angle that is impossible to
trisect with a straightedge-and-compass construction. Certainly it is possible
to trisect an angle in special cases. We can construct a 30◦ angle; hence, it
is possible to trisect a 90◦ angle. However, we will show that it is impossible
to construct a 20◦ angle. Therefore, we cannot trisect a 60◦ angle.

Constructible Numbers
A real number α is constructible if we can construct a line segment of
length |α| in a finite number of steps from a segment of unit length by using
a straightedge and compass.

Theorem 21.21 The set of all constructible real numbers forms a subfield
F of the field of real numbers.

Proof. Let α and β be constructible numbers. We must show that α + β,
α − β, αβ, and α/β (β =6 0) are also constructible numbers. We can assume
that both α and β are positive with α > β. It is quite obvious how to
construct α + β and α − β. To find a line segment with length αβ, we assume
that β > 1 and construct the triangle in Figure 21.1 such that triangles
4ABC and 4ADE are similar. Since α/1 = x/β, the line segment x has
length αβ. A similar construction can be made if β < 1. We will leave it as
an exercise to show that the same triangle can be used to construct α/β for
β 6= 0.                                                                   
350                                                CHAPTER 21         FIELDS


                                               D

                                 β    B

                             1
                                 α           C
                A                                           E
                                      x


                   Figure 21.1. Construction of products

                                                       √
Lemma 21.22 If α is a constructible number, then           α is a constructible
number.

Proof. In Figure 21.2 the triangles 4ABD, 4BCD, and 4ABC are
similar; hence, 1/x = x/α, or x2 = α.                     

                              B




                                 x


                        1                  α
               A              D                             C


                    Figure 21.2. Construction of roots

   By Theorem 21.21, we can locate in the plane any point P = (p, q) that
has rational coordinates p and q. We need to know what other points can
be constructed with a compass and straightedge from points with rational
coordinates.

Lemma 21.23 Let F be a subfield of R.

  1. If a line contains two points in F , then it has the equation ax+by+c = 0,
     where a, b, and c are in F .
21.3   GEOMETRIC CONSTRUCTIONS                                              351

   2. If a circle has a center at a point with coordinates in F and a radius
      that is also in F , then it has the equation x2 + y 2 + dx + ey + f = 0,
      where d, e, and f are in F .

Proof. Let (x1 , y1 ) and (x2 , y2 ) be points on a line whose coordinates are
in F . If x1 = x2 , then the equation of the line through the two points is
x − x1 = 0, which has the form ax + by + c = 0. If x1 = 6 x2 , then the equation
of the line through the two points is given by
                                            
                                     y2 − y1
                        y − y1 =               (x − x1 ),
                                     x2 − x1
which can also be put into the proper form.
    To prove the second part of the lemma, suppose that (x1 , y1 ) is the center
of a circle of radius r. Then the circle has the equation

                       (x − x1 )2 + (y − y1 )2 − r2 = 0.

This equation can easily be put into the appropriate form.                    
   Starting with a field of constructible numbers F , we have three possible
ways of constructing additional points in R with a compass and straightedge.
   1. To find possible new points in R, we can take the intersection of two
      lines, each of which passes through two known points with coordinates
      in F .
   2. The intersection of a line that passes through two points that have
      coordinates in F and a circle whose center has coordinates in F with
      radius of a length in F will give new points in R.
   3. We can obtain new points in R by intersecting two circles whose centers
      have coordinates in F and whose radii are of lengths in F .
The first case gives no new points in R, since the solution of two equations
of the form ax + by + c = 0 having coefficients in F will always be in F . The
third case can be reduced to the second case. Let

                        x2 + y 2 + d1 x + e1 y + f1 = 0
                        x2 + y 2 + d2 x + e2 y + f2 = 0

be the equations of two circles, where di , ei , and fi are in F for i = 1, 2.
These circles have the same intersection as the circle

                        x2 + y 2 + d1 x + e1 x + f1 = 0
352                                                       CHAPTER 21         FIELDS

and the line
                    (d1 − d2 )x + b(e2 − e1 )y + (f2 − f1 ) = 0.
The last equation is that of the chord passing through the intersection points
of the two circles. Hence, the intersection of two circles can be reduced to
the case of an intersection of a line with a circle.
    Considering the case of the intersection of a line and a circle, we must
determine the nature of the solutions of the equations
                                         ax + by + c = 0
                              2     2
                            x + y + dx + ey + f = 0.
If we eliminate y from these equations, we obtain an equation of the form
Ax2 + Bx + C = 0, where A, B, and C are in F . The x coordinate of the
intersection points is given by
                                    √
                                −B ± B 2 − 4AC
                           x=
                                     2A
             √
and is in F ( α ), where α = B 2 − 4AC > 0. We have proven the following
lemma.

Lemma 21.24 Let F be a field of constructible numbers. Then the points
                                                                              √
determined by the intersections of lines and circles in F lie in the field F ( α )
for some α in F .

Theorem 21.25 A real number α is a constructible number if and only if
there exists a sequence of fields
                          Q = F0 ⊂ F1 ⊂ · · · ⊂ Fk
                      √
such that Fi = Fi−1 ( αi ) with αi ∈ Fi and α ∈ Fk . In particular, there
exists an integer k > 0 such that [Q(α) : Q] = 2k .

Proof. The existence of the Fi ’s and the αi ’s is a direct consequence of
Lemma 21.24 and of the fact that
               [Fk : Q] = [Fk : Fk−1 ][Fk−1 : Fk−2 ] · · · [F1 : Q] = 2k .
                                                                                 

Corollary 21.26 The field of all constructible numbers is an algebraic ex-
tension of Q.

   As we can see by the field of constructible numbers, not every algebraic
extension of a field is a finite extension.
21.3   GEOMETRIC CONSTRUCTIONS                                             353

Doubling the Cube and Squaring the Circle
We are now ready to investigate the classical problems of doubling the cube
and squaring the circle. We can use the field of constructible numbers to
show exactly when a particular geometric construction can be accomplished.
    Doubling the cube is impossible. Given the edge of the cube, it is impos-
sible to construct with a straightedge and compass the edge of the cube that
has twice the volume of the original cube. Let the original cube have an
edge of length 1 and, therefore, a volume of 1. If we could construct a cube
                                                                         √
having a volume
           √      of 2, then this new cube would have an edge of length 3 2.
However, 3 2 is a zero of the irreducible polynomial x3 − 2 over Q; hence,
                                   √
                                   3
                               [Q( 2 ) : Q] = 3

This is impossible, since 3 is not a power of 2.
   Squaring the circle is impossible. Suppose that we have a circle of radius
1. The area of the circle is π; therefore, we must be able to construct a
                  √                                                  √
square with side π. This is impossible since π and consequently π are
both transcendental. Therefore, using a straightedge and compass, it is not
possible to construct a square with the same area as the circle.

Trisecting an Angle
Trisecting an arbitrary angle is impossible. We will show that it is impossible
to construct a 20◦ angle. Consequently, a 60◦ angle cannot be trisected. We
first need to calculate the triple-angle formula for the cosine:

               cos 3θ = cos(2θ + θ)
                     = cos 2θ cos θ − sin 2θ sin θ
                     = (2 cos2 θ − 1) cos θ − 2 sin2 θ cos θ
                     = (2 cos2 θ − 1) cos θ − 2(1 − cos2 θ) cos θ
                     = 4 cos3 θ − 3 cos θ.

The angle θ can be constructed if and only if α = cos θ is constructible. Let
θ = 20◦ . Then cos 3θ = cos 60◦ = 1/2. By the triple-angle formula for the
cosine,
                                            1
                                4α3 − 3α = .
                                            2
                              3
Therefore, α is a zero of 8x − 6x − 1. This polynomial has no factors in
Z[x], and hence is irreducible over Q[x]. Thus, [Q(α) : Q] = 3. Consequently,
α cannot be a constructible number.
354                                                      CHAPTER 21         FIELDS

                                 Historical Note
Algebraic number theory uses the tools of algebra to solve problems in number
theory. Modern algebraic number theory began with Pierre de Fermat (1601–1665).
Certainly we can find many positive integers that satisfy the equation x2 + y 2 = z 2 ;
Fermat conjectured that the equation xn + y n = z n has no positive integer solutions
for n ≥ 3. He stated in the margin of his copy of the Latin translation of Diophantus’
Arithmetica that he had found a marvelous proof of this theorem, but that the margin
of the book was too narrow to contain it. Building on work of other mathematicians,
it was Andrew Wiles who finally succeeded in proving Fermat’s Last Theorem in the
1990s. Wiles’s achievement was reported on the front page of the New York Times.
     Attempts to prove Fermat’s Last Theorem have led to important contributions to
algebraic number theory by such notable mathematicians as Leonhard Euler (1707–
1783). Significant advances in the understanding of Fermat’s Last Theorem were
made by Ernst Kummer (1810–1893). Kummer’s student, Leopold Kronecker (1823–
1891), became one of the leading algebraists of the nineteenth century. Kronecker’s
theory of ideals and his study of algebraic number theory added much to the
understanding of fields.
     David Hilbert (1862–1943) and Hermann Minkowski (1864–1909) were among
the mathematicians who led the way in this subject at the beginning of the twentieth
century. Hilbert and Minkowski were both mathematicians at Göttingen University
in Germany. Göttingen was truly one the most important centers of mathematical
research during the last two centuries. The large number of exceptional mathemati-
cians who studied there included Gauss, Dirichlet, Riemann, Dedekind, Noether,
and Weyl.
     André Weil answered questions in number theory using algebraic geometry, a
field of mathematics that studies geometry by studying commutative rings. From
about 1955 to 1970, A. Grothendieck dominated the field of algebraic geometry.
Pierre Deligne, a student of Grothendieck, solved several of Weil’s number-theoretic
conjectures. One of the most recent contributions to algebra and number theory is
Gerd Falting’s proof of the Mordell-Weil conjecture. This conjecture of Mordell and
Weil essentially says that certain polynomials p(x, y) in Z[x, y] have only a finite
number of integral solutions.


Exercises
   1. Show that each of the following numbers is algebraic over Q by finding the
      minimal polynomial of the number over Q.
           q       √
       (a)   1/3 + 7
           √     √
       (b) 3 + 3 5
           √    √
       (c) 3 + 2 i
EXERCISES                                                                         355

      (d) cos θ + i sin θ for θ = 2π/n with n ∈ N
          p√
             3
      (e)      2−i
  2. Find a basis for each of the following field extensions. What is the degree of
     each extension?
             √ √
      (a) Q( 3, 6 ) over Q
             √ √
      (b) Q( 3 2, 3 3 ) over Q
             √
      (c) Q( 2, i) over Q
             √ √ √
      (d) Q( 3, 5, 7 ) over Q
             √ √
      (e) Q( 2, 3 2 ) over Q
             √             √
       (f) Q( 8 ) over Q( 2 )
               √        √
      (g) Q(i, 2 + i, 3 + i) over Q
             √     √            √
      (h) Q( 2 + 5 ) over Q( 5 )
             √ √        √              √    √
       (i) Q( 2, 6 + 10 ) over Q( 3 + 5 )
  3. Find the splitting field for each of the following polynomials.

      (a) x4 − 10x2 + 21 over Q                 (c) x3 + 2x + 2 over Z3
      (b) x4 + 1 over Q                         (d) x3 − 3 over Q
                                         √
  4. Determine all of the subfields of Q( 4 3, i).
  5. Show that Z2 [x]/hx3 + x + 1i is a field with eight elements. Construct a
     multiplication table for the multiplicative group of the field.
  6. Show that the regular 9-gon is not constructible with a straightedge and
     compass, but that the regular 20-gon is constructible.
  7. Prove that the cosine of one degree (cos 1◦ ) is algebraic over Q but not
     constructible.
  8. Can a cube be constructed with three times the volume of a given cube?
                  √ √ √
  9. Prove that Q( 3, 4 3, 8 3, . . .) is an algebraic extension of Q but not a finite
     extension.
 10. Prove or disprove: π is algebraic over Q(π 3 ).
 11. Let p(x) be a nonconstant polynomial of degree n in F [x]. Prove that there
     exists a splitting field E for p(x) such that [E : F ] ≤ n!.
                             √         √
 12. Prove or disprove: Q( 2 ) ∼  = Q( 3 ).
                               √            √
 13. Prove that the fields Q( 4 3 ) and Q( 4 3 i) are isomorphic but not equal.
356                                                     CHAPTER 21          FIELDS

 14. Let K be an algebraic extension of E, and E an algebraic extension of F .
     Prove that K is algebraic over F . [Caution: Do not assume that the extensions
     are finite.]
 15. Prove or disprove: Z[x]/hx3 − 2i is a field.
 16. Let F be a field of characteristic p. Prove that p(x) = xp − a either is
     irreducible over F or splits in F .
 17. Let E be the algebraic closure of a field F . Prove that every polynomial p(x)
     in F [x] splits in E.
 18. If every irreducible polynomial p(x) in F [x] is linear, show that F is an
     algebraically closed field.
 19. Prove that if α and β are constructible numbers such that β 6= 0, then so is
     α/β.
 20. Show that the set of all elements in R that are algebraic over Q form a field
     extension of Q that is not finite.
 21. Let E be an algebraic extension of a field F , and let σ be an automorphism
     of E leaving F fixed. Let α ∈ E. Show that σ induces a permutation of the
     set of all zeros of the minimal polynomial of α that are in E.
                     √ √           √      √
 22. Show
        √ that
             √ Q( 3,    √ 7 )√= Q( 3 + 7 ). Extend your proof to show that
     Q( a, b ) = Q( a + b ), where gcd(a, b) = 1.
 23. Let E be a finite extension of a field F . If [E : F ] = 2, show that E is a
     splitting field of F .
 24. Prove or disprove: Given a polynomial p(x) in Z6 [x], it is possible to construct
     a ring R such that p(x) has a root in R.
 25. Let E be a field extension of F and α ∈ E. Determine [F (α) : F (α3 )].
 26. Let α, β be transcendental over Q. Prove that either αβ or α + β is also
     transcendental.
 27. Let E be an extension field of F and α ∈ E be transcendental over F . Prove
     that every element in F (α) that is not in F is also transcendental over F .

References and Suggested Readings
 [1] Dean, R. A. Elements of Abstract Algebra. Wiley, New York, 1966.
 [2] Dudley, U. A Budget of Trisections. Springer-Verlag, New York, 1987. An
     interesting and entertaining account of how not to trisect an angle.
 [3] Fraleigh, J. B. A First Course in Abstract Algebra. 7th ed. Pearson, Upper
     Saddle River, NJ, 2003.
 [4] Kaplansky, I. Fields and Rings, 2nd ed. University of Chicago Press, Chicago,
     1972.
EXERCISES                                                                   357

  [5] Klein, F. Famous Problems of Elementary Geometry. Chelsea, New York,
      1955.
  [6] Martin, G. Geometric Constructions. Springer, New York, 1998.
  [7] H. Pollard and H. G. Diamond. Theory of Algebraic Numbers, Dover, Mineola,
      NY, 2010.
  [8] Walker, E. A. Introduction to Abstract Algebra. Random House, New York,
      1987. This work contains a proof showing that every field has an algebraic
      closure.

Sage Extensions of the field of rational numbers are a central object of study
in number theory, so with Sage’s roots in this discipline, it is no surprise
that there is extensive support for fields and for extensions of the rationals.
Sage also contains an implementation of the entire field of algebraic numbers,
with exact representations. fields
                                     22
                       Finite Fields



Finite fields appear in many applications of algebra, including coding theory
and cryptography. We already know one finite field, Zp , where p is prime. In
this chapter we will show that a unique finite field of order pn exists for every
prime p, where n is a positive integer. Finite fields are also called Galois
fields in honor of Évariste Galois, who was one of the first mathematicians
to investigate them.


22.1      Structure of a Finite Field
Recall that a field F has characteristic p if p is the smallest positive integer
such that for every nonzero element α in F , we have pα = 0. If no such
integer exists, then F has characteristic 0. From Theorem 16.6 we know that
p must be prime. Suppose that F is a finite field with n elements. Then
nα = 0 for all α in F . Consequently, the characteristic of F must be p,
where p is a prime dividing n. This discussion is summarized in the following
proposition.

Proposition 22.1 If F is a finite field, then the characteristic of F is p,
where p is prime.

   Throughout this chapter we will assume that p is a prime number unless
otherwise stated.

Proposition 22.2 If F is a finite field of characteristic p, then the order
of F is pn for some n ∈ N.

Proof. Let φ : Z → F be the ring homomorphism defined by φ(n) = n · 1.
Since the characteristic of F is p, the kernel of φ must be pZ and the image of

                                      358
22.1   STRUCTURE OF A FINITE FIELD                                                  359

φ must be a subfield of F isomorphic to Zp . We will denote this subfield by
K. Since F is a finite field, it must be a finite extension of K and, therefore,
an algebraic extension of K. Suppose that [F : K] = n is the dimension of
F , where F is a K vector space. There must exist elements α1 , . . . , αn ∈ F
such that any element α in F can be written uniquely in the form

                                 α = a1 α1 + · · · + an αn ,

where the ai ’s are in K. Since there are p elements in K, there are pn possible
linear combinations of the αi ’s. Therefore, the order of F must be pn . 

Lemma 22.3 (Freshman’s Dream) Let p be prime and D be an integral
domain of characteristic p. Then
                                    n      n             n
                                  ap + bp = (a + b)p

for all positive integers n.

Proof. We will prove this lemma using mathematical induction on n. We
can use the binomial formula (see Chapter 2, Example 3) to verify the case
for n = 1; that is,
                                   p  
                               p
                                   X   p k p−k
                        (a + b) =         a b .
                                       k
                                           k=0

If 0 < k < p, then                   
                                     p        p!
                                        =
                                     k    k!(p − k)!
must be divisible by p, since p cannot divide k!(p − k)!. Note that D is an
integral domain of characteristic p, so all but the first and last terms in the
sum must be zero. Therefore, (a + b)p = ap + bp .
    Now suppose that the result holds for all k, where 1 ≤ k ≤ n. By the
induction hypothesis,
           n+1               n                   n           n   n    n+1          n+1
(a + b)p         = ((a + b)p )p = (ap + bp )p = (ap )p + (bp )p = ap        + bp         .

Therefore, the lemma is true for n + 1 and the proof is complete.                    
    Let F be a field. A polynomial f (x) ∈ F [x] of degree n is separable if
it has n distinct roots in the splitting field of f (x); that is, f (x) is separable
when it factors into distinct linear factors over the splitting field of f . An
360                                            CHAPTER 22            FINITE FIELDS

extension E of F is a separable extension of F if every element in E is
the root of a separable polynomial in F [x].
                                    2
Example   √ 1. The√ polynomial x −    √ 2 is separable over Q since it factors
as (x − √   2 )(x + 2 ). In fact, Q( √2 ) is a separable extension of Q. Let
α = a + b 2 be any element in Q( 2 ). If b = 0, then α is a root of x − a.
If b 6= 0, then α is the root of the separable polynomial
                                               √             √
            x2 − 2ax + a2 − 2b2 = (x − (a + b 2 ))(x − (a − b 2 )).

                                                                                  
   Fortunately, we have an easy test to determine the separability of any
polynomial. Let
                     f (x) = a0 + a1 x + · · · + an xn
be any polynomial in F [x]. Define the derivative of f (x) to be

                      f 0 (x) = a1 + 2a2 x + · · · + nan xn−1 .

Lemma 22.4 Let F be a field and f (x) ∈ F [x]. Then f (x) is separable if
and only if f (x) and f 0 (x) are relatively prime.

Proof. Let f (x) be separable. Then f (x) factors over some extension field
of F as f (x) = (x − α1 )(x − α2 ) · · · (x − αn ), where αi 6= αj for i 6= j. Taking
the derivative of f (x), we see that

                     f 0 (x) = (x − α2 ) · · · (x − αn )
                            + (x − α1 )(x − α3 ) · · · (x − αn )
                            + · · · + (x − α1 ) · · · (x − αn−1 ).

Hence, f (x) and f 0 (x) can have no common factors.
   To prove the converse, we will show that the contrapositive of the state-
ment is true. Suppose that f (x) = (x−α)k g(x), where k > 1. Differentiating,
we have
                 f 0 (x) = k(x − α)k−1 g(x) + (x − α)k g 0 (x).
Therefore, f (x) and f 0 (x) have a common factor.                                

Theorem 22.5 For every prime p and every positive integer n, there exists
a finite field F with pn elements. Furthermore, any field of order pn is
                                       n
isomorphic to the splitting field of xp − x over Zp .
22.1   STRUCTURE OF A FINITE FIELD                                         361

                       n
Proof. Let f (x) = xp − x and let F be the splitting field of f (x). Then by
                                                                    n
Lemma 22.4, f (x) has pn distinct zeros in F , since f 0 (x) = pn xp −1 − 1 = −1
is relatively prime to f (x). We claim that the roots of f (x) form a subfield
of F . Certainly 0 and 1 are zeros of f (x). If α and β are zeros of f (x),
                                                           n      n            n
then α + β and αβ are also zeros of f (x), since αp + β p = (α + β)p
        n   n           n
and αp β p = (αβ)p . We also need to show that the additive inverse
and the multiplicative inverse of each root of f (x) are roots of f (x). For
any zero α of f (x), −α = (p − 1)α is also a zero of f (x). If α 6= 0, then
       n        n
(α−1 )p = (αp )−1 = α−1 . Since the zeros of f (x) form a subfield of F and
f (x) splits in this subfield, the subfield must be all of F .
    Let E be any other field of order pn . To show that E is isomorphic to F ,
we must show that every element in E is a root of f (x). Certainly 0 is a root
of f (x). Let α be a nonzero element of E. The order of the multiplicative
                                                        n             n
group of nonzero elements of E is pn − 1; hence, αp −1 = 1 or αp − α = 0.
Since E contains pn elements, E must be a splitting field of f (x); however,
by Corollary 21.20, the splitting field of any polynomial is unique up to
isomorphism.                                                                   
   The unique finite field with pn elements is called the Galois field of
order pn . We will denote this field by GF(pn ).

Theorem 22.6 Every subfield of the Galois field GF(pn ) has pm elements,
where m divides n. Conversely, if m | n for m > 0, then there exists a unique
subfield of GF(pn ) isomorphic to GF(pm ).

Proof. Let F be a subfield of E = GF(pn ). Then F must be a field
extension of K that contains pm elements, where K is isomorphic to Zp .
Then m | n, since [E : K] = [E : F ][F : K].
    To prove the converse, suppose that m | n for some m > 0. Then pm − 1
                                m                  n                    m
divides pn − 1. Consequently, xp −1 − 1 divides xp −1 − 1. Therefore, xp − x
               n                          m                      n
must divide xp − x, and every zero of xp − x is also a zero of xp − x. Thus,
                                                        m
GF(pn ) contains, as a subfield, a splitting field of xp − x, which must be
isomorphic to GF(pm ).                                                    

Example 2. The lattice of subfields of GF(p24 ) is given in Figure 22.1.
                                                                             
    With each field F we have a multiplicative group of nonzero elements of
F which we will denote by F ∗ . The multiplicative group of any finite field is
cyclic. This result follows from the more general result that we will prove in
the next theorem.
362                                                  CHAPTER 22     FINITE FIELDS

                                            GF(p24 )

                                GF(p8 )                  GF(p12 )


                                GF(p4 )                   GF(p6 )


                                GF(p2 )                   GF(p3 )

                                             GF(p)


                               Figure 22.1. Subfields of GF(p24 )

Theorem 22.7 If G is a finite subgroup of F ∗ , the multiplicative group of
nonzero elements of a field F , then G is cyclic.
Proof. Let G be a finite subgroup of F ∗ of order n. By the Fundamental
Theorem of Finite Abelian Groups (Theorem 13.3),
                                     G∼
                                      = Zpe1 × · · · × Zpek ,
                                            1             k

where n =  pe11   · · · pekk
                     and the p1 , . . . , pk are (not necessarily distinct) primes.
Let m be the least common multiple of pe11 , . . . , pekk . Then G contains an
element of order m. Since every α in G satisfies xr − 1 for some r dividing
m, α must also be a root of xm − 1. Since xm − 1 has at most m roots in F ,
n ≤ m. On the other hand, we know that m ≤ |G|; therefore, m = n. Thus,
G contains an element of order n and must be cyclic.                            
Corollary 22.8 The multiplicative group of all nonzero elements of a finite
field is cyclic.
Corollary 22.9 Every finite extension E of a finite field F is a simple
extension of F .
Proof. Let α be a generator for the cyclic group E ∗ of nonzero elements of
E. Then E = F (α).                                                       

Example 3. The finite field GF(24 ) is isomorphic to the field Z2 /h1+x+x4 i.
Therefore, the elements of GF(24 ) can be taken to be
          {a0 + a1 α + a2 α2 + a3 α3 : ai ∈ Z2 and 1 + α + α4 = 0}.
22.2     POLYNOMIAL CODES                                                                 363

Remembering that 1 + α + α4 = 0, we add and multiply elements of GF(24 )
exactly as we add and multiply polynomials. The multiplicative group of
GF(24 ) is isomorphic to Z15 with generator α:

    α1   =    α                α6     =   α2 + α3         α11         =   α + α2 + α3
    α2   =    α2               α7     =   1 + α + α3      α12         =   1 + α + α2 + α3
    α3   =    α3               α8     =   1 + α2          α13         =   1 + α2 + α3
    α4   =    1+α              α9     =   α + α3          α14         =   1 + α3
    α5   =    α + α2          α10     =   1 + α + α2      α15         =   1.

                                                                                            


22.2       Polynomial Codes
With knowledge of polynomial rings and finite fields, it is now possible
to derive more sophisticated codes than those of Chapter 8. First let us
recall that an (n, k)-block code consists of a one-to-one encoding function
E : Zk2 → Zn2 and a decoding function D : Zn2 → Zk2 . The code is error-
correcting if D is onto. A code is a linear code if it is the null space of a
matrix H ∈ Mk×n (Z2 ).
    We are interested in a class of codes known as cyclic codes. Let φ :
Zk2 → Zn2 be a binary (n, k)-block code. Then φ is a cyclic code if for every
codeword (a1 , a2 , . . . , an ), the cyclically shifted n-tuple (an , a1 , a2 , . . . , an−1 )
is also a codeword. Cyclic codes are particularly easy to implement on a
computer using shift registers [2, 3].

Example 4. Consider the (6, 3)-linear codes generated                     by the two matrices
                                                                        
                    1 0 0                       1 0                       0
                 0 1 0                      1 1                        0
                                                                        
                 0 0 1                      1 1                        1
            G1 = 
                                and   G 2 =                             .
                 1 0 0
                                             1 1                        1
                                                                          
                 0 1 0                      0 1                        1
                                0 0 1                           0 0 1

Messages in the first code are encoded as follows:

                 (000)         7→   (000000)      (100)          7→   (100100)
                 (001)    7→        (001001)      (101)     7→        (101101)
                 (010)     7 →      (010010)      (110)      7 →      (110110)
                 (011)       7 →    (011011)      (111)        7 →    (111111).
364                                           CHAPTER 22             FINITE FIELDS

It is easy to see that the codewords form a cyclic code. In the second code,
3-tuples are encoded in the following manner:

               (000)   7→         (000000)   (100)   7→         (111100)
               (001)    7 →       (001111)   (101)    7 →       (110011)
               (010)      7 →     (011110)   (110)      7 →     (100010)
               (011)        7 →   (010001)   (111)        7 →   (101101).

This code cannot be cyclic, since (101101) is a codeword but (011011) is not
a codeword.                                                               


Polynomial Codes
We would like to find an easy method of obtaining cyclic linear codes. To
accomplish this, we can use our knowledge of finite fields and polynomial
rings over Z2 . Any binary n-tuple can be interpreted as a polynomial in
Z2 [x]. Stated another way, the n-tuple (a0 , a1 , . . . , an−1 ) corresponds to the
polynomial
                     f (x) = a0 + a1 x + · · · + an−1 xn−1 ,
where the degree of f (x) is at most n − 1. For example, the polynomial
corresponding to the 5-tuple (10011) is

                   1 + 0x + 0x2 + 1x3 + 1x4 = 1 + x3 + x4 .

Conversely, with any polynomial f (x) ∈ Z2 [x] with deg f (x) < n we can
associate a binary n-tuple. The polynomial x + x2 + x4 corresponds to the
5-tuple (01101).
    Let us fix a nonconstant polynomial g(x) in Z2 [x] of degree n − k. We can
define an (n, k)-code C in the following manner. If (a0 , . . . , ak−1 ) is a k-tuple
to be encoded, then f (x) = a0 + a1 x + · · · + ak−1 xk−1 is the corresponding
polynomial in Z2 [x]. To encode f (x), we multiply by g(x). The codewords in
C are all those polynomials in Z2 [x] of degree less than n that are divisible
by g(x). Codes obtained in this manner are called polynomial codes.

Example 5. If we let g(x) = 1 + x3 , we can define a (6, 3)-code C as follows.
To encode a 3-tuple (a0 , a1 , a2 ), we multiply the corresponding polynomial
f (x) = a0 + a1 x + a2 x2 by 1 + x3 . We are defining a map φ : Z32 → Z62
by φ : f (x) 7→ g(x)f (x). It is easy to check that this map is a group
homomorphism. In fact, if we regard Zn2 as a vector space over Z2 , φ is a
22.2   POLYNOMIAL CODES                                                      365

linear transformation of vector spaces (see Exercise 15, Chapter 20). Let us
compute the kernel of φ. Observe that φ(a0 , a1 , a2 ) = (000000) exactly when

 0 + 0x + 0x2 + 0x3 + 0x4 + 0x5 = (1 + x3 )(a0 + a1 x + a2 x2 )
                                   = a0 + a1 x + a2 x2 + a0 x3 + a1 x4 + a2 x5 .

Since the polynomials over a field form an integral domain, a0 + a1 x + a2 x2
must be the zero polynomial. Therefore, ker φ = {(000)} and φ is one-to-one.
   To calculate a generator matrix for C, we merely need to examine the
way the polynomials 1, x, and x2 are encoded:

                           (1 + x3 ) · 1 = 1 + x3
                             (1 + x3 )x = x + x4
                            (1 + x3 )x2 = x2 + x5 .

We obtain the code corresponding to the generator matrix G1 in Example 4.
The parity-check matrix for this code is
                                              
                               1 0 0 1 0 0
                       H = 0 1 0 0 1 0  .
                               0 0 1 0 0 1

Since the smallest weight of any nonzero codeword is 2, this code has the
ability to detect all single errors.                                   
   Rings of polynomials have a great deal of structure; therefore, our imme-
diate goal is to establish a link between polynomial codes and ring theory.
Recall that xn − 1 = (x − 1)(xn−1 + · · · + x + 1). The factor ring

                            Rn = Z2 [x]/hxn − 1i

can be considered to be the ring of polynomials of the form

                      f (t) = a0 + a1 t + · · · + an−1 tn−1

that satisfy the condition tn = 1. It is an easy exercise to show that Zn2 and
Rn are isomorphic as vector spaces. We will often identify elements in Zn2
with elements in Z[x]/hxn − 1i. In this manner we can interpret a linear code
as a subset of Z[x]/hxn − 1i.
    The additional ring structure on polynomial codes is very powerful in
describing cyclic codes. A cyclic shift of an n-tuple can be described by
366                                              CHAPTER 22          FINITE FIELDS

polynomial multiplication. If f (t) = a0 + a1 t + · · · + an−1 tn−1 is a code
polynomial in Rn , then

                       tf (t) = an−1 + a0 t + · · · + an−2 tn−1

is the cyclically shifted word obtained from multiplying f (t) by t. The
following theorem gives a beautiful classification of cyclic codes in terms of
the ideals of Rn .

Theorem 22.10 A linear code C in Zn2 is cyclic if and only if it is an ideal
in Rn = Z[x]/hxn − 1i.

Proof. Let C be a linear cyclic code and suppose that f (t) is in C.
Then tf (t) must also be in C. Consequently, tk f (t) is in C for all k ∈
N. Since C is a linear code, any linear combination of the codewords
f (t), tf (t), t2 f (t), . . . , tn−1 f (t) is also a codeword; therefore, for every poly-
nomial p(t), p(t)f (t) is in C. Hence, C is an ideal.
     Conversely, let C be an ideal in Z2 [x]/hxn + 1i. Suppose that f (t) =
a0 + a1 t + · · · + an−1 tn−1 is a codeword in C. Then tf (t) is a codeword in
C; that is, (a1 , . . . , an−1 , a0 ) is in C.                                          
    Theorem 22.10 tells us that knowing the ideals of Rn is equivalent to
knowing the linear cyclic codes in Zn2 . Fortunately, the ideals in Rn are easy
to describe. The natural ring homomorphism φ : Z2 [x] → Rn defined by
φ[f (x)] = f (t) is a surjective homomorphism. The kernel of φ is the ideal
generated by xn − 1. By Theorem 16.15, every ideal C in Rn is of the form
φ(I), where I is an ideal in Z2 [x] that contains hxn − 1i. By Theorem 17.12,
we know that every ideal I in Z2 [x] is a principal ideal, since Z2 is a field.
Therefore, I = hg(x)i for some unique monic polynomial in Z2 [x]. Since
hxn − 1i is contained in I, it must be the case that g(x) divides xn − 1.
Consequently, every ideal C in Rn is of the form

      C = hg(t)i = {f (t)g(t) : f (t) ∈ Rn and g(x) | (xn − 1) in Z2 [x]}.

The unique monic polynomial of the smallest degree that generates C is
called the minimal generator polynomial of C.

Example 6. If we factor x7 − 1 into irreducible components, we have

                   x7 − 1 = (1 + x)(1 + x + x3 )(1 + x2 + x3 ).

We see that g(t) = (1 + t + t3 ) generates an ideal C in R7 . This code is a
(7, 4)-block code. As in Example 5, it is easy to calculate a generator matrix
22.2   POLYNOMIAL CODES                                                          367

by examining what g(t) does to the polynomials 1, t, t2 , and t3 . A generator
matrix for C is                           
                                 1 0 0 0
                               1 1 0 0
                                          
                               0 1 1 0
                                          
                          G=   1  0   1 1.
                                           
                               0 1 0 1
                                          
                               0 0 1 0
                                      0 0 0 1
                                                                                   
    In general, we can determine a generator matrix for an (n, k)-code C by
the manner in which the elements tk are encoded. Let xn − 1 = g(x)h(x) in
Z2 [x]. If g(x) = g0 + g1 x + · · · + gn−k xn−k and h(x) = h0 + h1 x + · · · + hk xk ,
then the n × k matrix
                                                            
                                 g0        0     ···   0
                             g1
                                          g0    ···   0    
                             ..             ..  ..      .. 
                             .
                                             .      .    . 
                      G=   gn−k gn−k−1 · · ·         g0   
                             0
                                        gn−k    · · · g   1
                                                             
                                                             
                             ..            ..   ..     .
                                                        .. 
                             .              .       .       
                                 0        0     ···   gn−k
is a generator matrix for the code C with generator          polynomial g(t). The
parity-check matrix for C is the (n − k) × n matrix
                                                                 
                        0 ··· 0           0 hk · · ·         h0
                      0 · · · 0 hk · · · h0                  0
                H=  · · · · · · · · · · · · · · · · · ·
                                                                  .
                                                             · · ·
                       hk · · · h0        0     0 ···         0
We will leave the details of the proof of the following proposition as an
exercise.

Proposition 22.11 Let C = hg(t)i be a cyclic code in Rn and suppose that
xn − 1 = g(x)h(x). Then G and H are generator and parity-check matrices
for C, respectively. Furthermore, HG = 0.

Example 7. In Example 6,
             x7 − 1 = g(x)h(x) = (1 + x + x3 )(1 + x + x2 + x4 ).
368                                           CHAPTER 22     FINITE FIELDS

Therefore, a parity-check matrix for this   code is
                                                   
                             0 0 1 0          1 1 1
                      H = 0 1 0 1            1 1 0 .
                             1 0 1 1          1 0 0
                                                                              
    To determine the error-detecting and error-correcting capabilities of a
cyclic code, we need to know something about determinants. If α1 , . . . , αn
are elements in a field F , then the n × n matrix
                                                   
                              1     1    ···    1
                          α1
                                   α2 · · ·   αn  
                          α2       α  2 · · · α  2 
                              1       2          n 
                          ..        ..   ..    .. 
                          .          .      .   . 
                          α1n−1 α2n−1 · · ·     αnn−1
is called the Vandermonde matrix . The determinant of this matrix is
called the Vandermonde determinant. We will need the following lemma
in our investigation of cyclic codes.

Lemma 22.12 Let α1 , . . . , αn   be elements in a field F with n ≥ 2. Then
                                           
              1          1        ···    1
             α1
                       α2        ···   αn 
             α2        α   2     ···   αn2 
                                                   Y
        det  1             2               =           (αi − αj ).
             ..          ..      ..     ..  1≤j<i≤n
             .            .         .    . 
                  α1n−1 α2n−1 · · ·   αnn−1
In particular, if the αi ’s are distinct, then the determinant is nonzero.

Proof. We will induct on n. If n = 2, then the determinant is α2 − α1 . Let
us assume the result for n − 1 and consider the polynomial p(x) defined by
                                                        
                             1      1    ···    1     1
                          α1
                                  α2 · · · αn−1      x 
                              2    α2 · · · αn−1 x2 
                                      2         2
             p(x) = det  α1                             .
                         
                          ..       ..   . .     ..   .. 
                          .         .       .    .    . 
                            α1n−1 α2n−1 · · ·     n−1
                                                 αn−1 xn−1
Expanding this determinant by cofactors on the last column, we see that
p(x) is a polynomial of at most degree n − 1. Moreover, the roots of p(x)
22.2    POLYNOMIAL CODES                                                      369

are α1 , . . . , αn−1 , since the substitution of any one of these elements in the
last column will produce a column identical to the last column in the matrix.
Remember that the determinant of a matrix is zero if it has two identical
columns. Therefore,

                  p(x) = (x − α1 )(x − α2 ) · · · (x − αn−1 )β,

where                                                                    
                                        1         1        ···        1
                               
                                       α1        α2       ···    αn−1 
                                                                       
               β = (−1)n+n det 
                                       α12       α22      ···     2
                                                                  αn−1 .
                                                                       
                                        ..        ..      ..       .. 
                                         .         .         .      . 
                                       α1n−2 α2n−2 · · ·           n−2
                                                                  αn−1
By our induction hypothesis,
                                              Y
                       β = (−1)n+n                      (αi − αj ).
                                        1≤j<i≤n−1

If we let x = αn , the result now follows immediately.                         
    The following theorem gives us an estimate on the error detection and
correction capabilities for a particular generator polynomial.

Theorem 22.13 Let C = hg(t)i be a cyclic code in Rn and suppose that ω
is a primitive nth root of unity over Z2 . If s consecutive powers of ω are
roots of g(x), then the minimum distance of C is at least s + 1.

Proof. Suppose that

                   g(ω r ) = g(ω r+1 ) = · · · = g(ω r+s−1 ) = 0.

Let f (x) be some polynomial in C with s or fewer nonzero coefficients. We
can assume that

                   f (x) = ai0 xi0 + ai1 xi1 + · · · + ais−1 xis−1

be some polynomial in C. It will suffice to show that all of the ai ’s must be
0. Since
                g(ω r ) = g(ω r+1 ) = · · · = g(ω r+s−1 ) = 0
and g(x) divides f (x),

                  f (ω r ) = f (ω r+1 ) = · · · = f (ω r+s−1 ) = 0.
370                                              CHAPTER 22            FINITE FIELDS

Equivalently, we have the following system of equations:

                        ai0 (ω r )i0 + ai1 (ω r )i1 + · · · + ais−1 (ω r )is−1 = 0
                ai0 (ω r+1 )i0 + ai1 (ω r+1 )i2 + · · · + ais−1 (ω r+1 )is−1 = 0
                                                                            ..
                                                                             .
        ai0 (ω r+s−1 )i0 + ai1 (ω r+s−1 )i1 + · · · + ais−1 (ω r+s−1 )is−1 = 0.

Therefore, (ai0 , ai1 , . . . , ais−1 ) is a solution to the homogeneous system of
linear equations

                         (ω i0 )r x0 + (ω i1 )r x1 + · · · + (ω is−1 )r xn−1 = 0
                (ω i0 )r+1 x0 + (ω i1 )r+1 x1 + · · · + (ω is−1 )r+1 xn−1 = 0
                                                                         ..
                                                                          .
         (ω i0 )r+s−1 x0 + (ω i1 )r+s−1 x1 + · · · + (ω is−1 )r+s−1 xn−1 = 0.

However, this system has a unique solution, since the determinant of the
matrix
                  (ω i0 )r     (ω i1 )r           (ω is−1 )r
                                                                 
                                          ···
               (ω i0 )r+1    (ω i1 )r+1 · · ·   (ω is−1 )r+1 
                                                                 
                     ..           ..     . .            ..       
                      .            .         .           .       
                  i
                (ω )0  r+s−1   i
                             (ω )1  r+s−1 · · · (ω i s−1  ) r+s−1

can be shown to be nonzero using Lemma 22.12 and the basic properties of
determinants (Exercise). Therefore, this solution must be ai0 = ai1 = · · · =
ais−1 = 0.                                                                  

BCH Codes
Some of the most important codes, discovered independently by A. Hoc-
quenghem in 1959 and by R. C. Bose and D. V. Ray-Chaudhuri in 1960,
are BCH codes. The European and transatlantic communication systems
both use BCH codes. Information words to be encoded are of length
231, and a polynomial of degree 24 is used to generate the code. Since
231 + 24 = 255 = 28 − 1, we are dealing with a (255, 231)-block code. This
BCH code will detect six errors and has a failure rate of 1 in 16 million. One
advantage of BCH codes is that efficient error correction algorithms exist for
them.
    The idea behind BCH codes is to choose a generator polynomial of
smallest degree that has the largest error detection and error correction
22.2   POLYNOMIAL CODES                                                            371

capabilities. Let d = 2r + 1 for some r ≥ 0. Suppose that ω is a primitive
nth root of unity over Z2 , and let mi (x) be the minimal polynomial over Z2
of ω i . If
                   g(x) = lcm[m1 (x), m2 (x), . . . , m2r (x)],
then the cyclic code hg(t)i in Rn is called the BCH code of length n and
distance d. By Theorem 22.13, the minimum distance of C is at least d.
Theorem 22.14 Let C = hg(t)i be a cyclic code in Rn . The following
statements are equivalent.
   1. The code C is a BCH code whose minimum distance is at least d.
   2. A code polynomial f (t) is in C if and only if f (ω i ) = 0 for 1 ≤ i < d.
   3. The matrix
                                           ω2    ···         ω n−1
                                                                        
                              1      ω
                             1
                                    ω2    ω4    ···       ω (n−1)(2) 
                                                                      
                         H = 1
                                    ω3    ω6    ···       ω (n−1)(3) 
                                                                      
                             .       ..    ..   ..            ..
                              ..
                                                                      
                                       .     .      .           .     
                                 1 ω 2r ω 4r · · ·         ω (n−1)(2r)
       is a parity-check matrix for C.
Proof. (1) ⇒ (2). If f (t) is in C, then g(x) | f (x) in Z2 [x]. Hence, for
i = 1, . . . , 2r, f (ω i ) = 0 since g(ω i ) = 0. Conversely, suppose that f (ω i ) = 0
for 1 ≤ i ≤ d. Then f (x) is divisible by each mi (x), since mi (x) is the
minimal polynomial of ω i . Therefore, g(x) | f (x) by the definition of g(x).
Consequently, f (x) is a codeword.
    (2) ⇒ (3). Let f (t) = a0 + a1 t + · · · + an−1 vtn−1 be in Rn . The corre-
sponding n-tuple in Zn2 is x = (a0 a1 · · · an−1 )t . By (2),
                           a0 + a1 ω + · · · + an−1 ω n−1
                                                                     
                                                                  f (ω)
                    a0 + a1 ω 2 + · · · + an−1 (ω 2 )n−1   f (ω 2 ) 
          Hx =                                            =  ..  = 0
                                                                     
                                          ..
                                          .                       . 
                  a0 + a1 ω 2r + · · · + an−1 (ω 2r )n−1             f (ω 2r )
exactly when f (t) is in C. Thus, H is a parity-check matrix for C.
    (3) ⇒ (1). By (3), a code polynomial f (t) = a0 + a1 t + · · · + an−1 tn−1 is
in C exactly when f (ω i ) = 0 for i = 1, . . . , 2r. The smallest such polynomial
is g(t) = lcm[m1 (t), . . . , m2r (t)]. Therefore, C = hg(t)i.                  

Example 8. It is easy to verify that x15 − 1 ∈ Z2 [x] has a factorization
x15 − 1 = (x + 1)(x2 + x + 1)(x4 + x + 1)(x4 + x3 + 1)(x4 + x3 + x2 + x + 1),
372                                           CHAPTER 22        FINITE FIELDS

where each of the factors is an irreducible polynomial. Let ω be a root of
1 + x + x4 . The Galois field GF(24 ) is

          {a0 + a1 ω + a2 ω 2 + a3 ω 3 : ai ∈ Z2 and 1 + ω + ω 4 = 0}.

By Example 3, ω is a primitive 15th root of unity. The minimal polynomial
of ω is m1 (x) = 1 + x + x4 . It is easy to see that ω 2 and ω 4 are also roots
of m1 (x). The minimal polynomial of ω 3 is m2 (x) = 1 + x + x2 + x3 + x4 .
Therefore,
                g(x) = m1 (x)m2 (x) = 1 + x4 + x6 + x7 + x8
has roots ω, ω 2 , ω 3 , ω 4 . Since both m1 (x) and m2 (x) divide x15 −1, the BCH
code is a (15, 7)-code. If x15 − 1 = g(x)h(x), then h(x) = 1 + x4 + x6 + x7 ;
therefore, a parity-check matrix for this code is
                                                                    
               0 0 0 0 0 0 0 1 1 0 1 0 0 0 1
             0 0 0 0 0 0 1 1 0 1 0 0 0 1 0 
                                                                    
             0 0 0 0 0 1 1 0 1 0 0 0 1 0 0 
                                                                    
             0 0 0 0 1 1 0 1 0 0 0 1 0 0 0 
             0 0 0 1 1 0 1 0 0 0 1 0 0 0 0 .
                                                                    
                                                                    
             0 0 1 1 0 1 0 0 0 1 0 0 0 0 0 
                                                                    
             0 1 1 0 1 0 0 0 1 0 0 0 0 0 0 
               1 1 0 1 0 0 0 1 0 0 0 0 0 0 0

                                                                                


Exercises
   1. Calculate each of the following.

       (a) [GF(36 ) : GF(33 )]                  (c) [GF(625) : GF(25)]
       (b) [GF(128) : GF(16)]                  (d) [GF(p12 ) : GF(p2 )]

   2. Calculate [GF(pm ) : GF(pn )], where n | m.
   3. What is the lattice of subfields for GF(p30 )?
   4. Let α be a zero of x3 + x2 + 1 over Z2 . Construct a finite field of order 8.
      Show that x3 + x2 + 1 splits in Z2 (α).
   5. Construct a finite field of order 27.
   6. Prove or disprove: Q∗ is cyclic.
   7. Factor each of the following polynomials in Z2 [x].
EXERCISES                                                                           373

      (a) x5 − 1                                (c) x9 − 1
            6      5   4     3    2
      (b) x + x + x + x + x + x + 1             (d) x4 + x3 + x2 + x + 1

  8. Prove or disprove: Z2 [x]/hx3 + x + 1i ∼
                                            = Z2 [x]/hx3 + x2 + 1i.
  9. Determine the number of cyclic codes of length n for n = 6, 7, 8, 10.
 10. Prove that the ideal ht + 1i in Rn is the code in Zn2 consisting of all words of
     even parity.
 11. Construct all BCH codes of

      (a) length 7.                             (b) length 15.

 12. Prove or disprove: There exists a finite field that is algebraically closed.
 13. Let p be prime. Prove that the field of rational functions Zp (x) is an infinite
     field of characteristic p.
                                                                                    n
 14. Let D be an integral domain of characteristic p. Prove that (a − b)p =
       n    n
     ap − bp for all a, b ∈ D.
 15. Show that every element in a finite field can be written as the sum of two
     squares.
 16. Let E and F be subfields of a finite field K. If E is isomorphic to F , show
     that E = F .
 17. Let F ⊂ E ⊂ K be fields. If K is separable over F , show that K is also
     separable over E.
 18. Let E be an extension of a finite field F , where F has q elements. Let α ∈ E
     be algebraic over F of degree n. Prove that F (α) has q n elements.
 19. Show that every finite extension of a finite field F is simple; that is, if E is a
     finite extension of a finite field F , prove that there exists an α ∈ E such that
     E = F (α).
 20. Show that for every n there exists an irreducible polynomial of degree n
     in Zp [x].
 21. Prove that the Frobenius map φ : GF(pn ) → GF(pn ) given by φ : α 7→ αp
     is an automorphism of order n.
 22. Show that every element in GF(pn ) can be written in the form ap for some
     unique a ∈ GF(pn ).
 23. Let E and F be subfields of GF(pn ). If |E| = pr and |F | = ps , what is the
     order of E ∩ F ?
 24. Wilson’s Theorem. Let p be prime. Prove that (p − 1)! ≡ −1 (mod p).
374                                                CHAPTER 22            FINITE FIELDS

  25. If g(t) is the minimal generator polynomial for a cyclic code C in Rn , prove
      that the constant term of g(x) is 1.
  26. Often it is conceivable that a burst of errors might occur during transmission,
      as in the case of a power surge. Such a momentary burst of interference might
      alter several consecutive bits in a codeword. Cyclic codes permit the detection
      of such error bursts. Let C be an (n, k)-cyclic code. Prove that any error
      burst up to n − k digits can be detected.
  27. Prove that the rings Rn and Zn2 are isomorphic as vector spaces.
  28. Let C be a code in Rn that is generated by g(t). If hf (t)i is another code in
      Rn , show that hg(t)i ⊂ hf (t)i if and only if f (x) divides g(x) in Z2 [x].
  29. Let C = hg(t)i be a cyclic code in Rn and suppose that xn − 1 = g(x)h(x),
      where g(x) = g0 + g1 x + · · · + gn−k xn−k and h(x) = h0 + h1 x + · · · + hk xk .
      Define G to be the n × k matrix
                                                             
                                     g0      0     ···   0
                                g1          g0    ···   0 
                                ..           ..          .. 
                                                             
                                                   . .
                                .
                                              .       .   . 
                          G = gn−k gn−k−1 · · ·
                                                        g0  
                                0
                                          gn−k    ···   g1  
                                .             ..  ..      .. 
                                ..             .      .    . 
                                      0        0         ···   gn−k

      and H to be the (n − k) × n matrix
                                                                          
                            0 ···       0           0    hk    ···    h0
                          0 ···        0          hk    ···   h0      0
                    H=  · · · · · · · · ·
                                                                           .
                                                   ···   ···   ···    · · ·
                            hk · · · h0             0     0    ···     0

        (a) Prove that G is a generator matrix for C.
        (b) Prove that H is a parity-check matrix for C.
        (c) Show that HG = 0.

Additional Exercises: Error Correction for BCH Codes
BCH codes have very attractive error correction algorithms. Let C be a BCH code
in Rn , and suppose that a code polynomial c(t) = c0 + c1 t + · · · + cn−1 tn−1 is
transmitted. Let w(t) = w0 + w1 t + · · · wn−1 tn−1 be the polynomial in Rn that is
received. If errors have occurred in bits a1 , . . . , ak , then w(t) = c(t) + e(t), where
e(t) = ta1 + ta2 + · · · + tak is the error polynomial . The decoder must determine
the integers ai and then recover c(t) from w(t) by flipping the ai th bit. From w(t)
we can compute w(ω i ) = si for i = 1, . . . , 2r, where ω is a primitive nth root of
unity over Z2 . We say the syndrome of w(t) is s1 , . . . , s2r .
EXERCISES                                                                         375

   1. Show that w(t) is a code polynomial if and only if si = 0 for all i.
   2. Show that
                      si = w(ω i ) = e(ω i ) = ω ia1 + ω ia2 + · · · + ω iak
      for i = 1, . . . , 2r. The error-locator polynomial is defined to be

                         s(x) = (x + ω a1 )(x + ω a2 ) · · · (x + ω ak ).

   3. Recall the (15, 7)-block BCH code in Example 7. By Theorem 8.3, this code
      is capable of correcting two errors. Suppose that these errors occur in bits a1
      and a2 . The error-locator polynomial is s(x) = (x + ω a1 )(x + ω a2 ). Show that
                                                          
                                                        s3
                              s(x) = x2 + s1 x + s21 +       .
                                                        s1

   4. Let w(t) = 1 + t2 + t4 + t5 + t7 + t12 + t13 . Determine what the originally
      transmitted code polynomial was.

References and Suggested Readings
  [1] Childs, L. A Concrete Introduction to Higher Algebra. 2nd ed. Springer-Verlag,
      New York, 1995. .
  [2] Gåding, L. and Tambour, T. Algebra for Computer Science. Springer-Verlag,
      New York, 1988.
  [3] Lidl, R. and Pilz, G. Applied Abstract Algebra. 2nd ed. Springer, New York,
      1998. An excellent presentation of finite fields and their applications.
  [4] Mackiw, G. Applications of Abstract Algebra. Wiley, New York, 1985.
  [5] Roman, S. Coding and Information Theory. Springer-Verlag, New York, 1992.
  [6] van Lint, J. H. Introduction to Coding Theory. Springer, New York, 1999.

Sage Finite fields are important in a variety of applied disciplines, such as
cryptography and coding theory (see introductions to these topics in other
chapters). Sage has excellent support for finite fields allowing for a wide
variety of computations.
                                    23
                    Galois Theory



A classic problem of algebra has been to find the solutions of a polynomial
equation. The solution to the quadratic equation was known in antiquity.
Italian mathematicians found general solutions to the general cubic and
quartic equations in the sixteenth century; however, attempts to solve the
general fifth-degree, or quintic, polynomial were repulsed for the next three
hundred years. Certainly, equations such as x5 − 1 = 0 or x6 − x3 − 6 = 0
could be solved, but no solution like the quadratic formula was found for the
general quintic,

                    ax5 + bx4 + cx3 + dx2 + ex + f = 0.

Finally, at the beginning of the nineteenth century, Ruffini and Abel both
found quintics that could not be solved with any formula. It was Galois, how-
ever, who provided the full explanation by showing which polynomials could
and could not be solved by formulas. He discovered the connection between
groups and field extensions. Galois theory demonstrates the strong interde-
pendence of group and field theory, and has had far-reaching implications
beyond its original purpose.
   In this chapter we will prove the Fundamental Theorem of Galois Theory.
This result will be used to establish the insolvability of the quintic and to
prove the Fundamental Theorem of Algebra.


23.1     Field Automorphisms
Our first task is to establish a link between group theory and field theory by
examining automorphisms of fields.

Proposition 23.1 The set of all automorphisms of a field F is a group
under composition of functions.

                                     376
23.1   FIELD AUTOMORPHISMS                                                  377

Proof. If σ and τ are automorphisms of E, then so are στ and σ −1 . The
identity is certainly an automorphism; hence, the set of all automorphisms
of a field F is indeed a group.                                          

Proposition 23.2 Let E be a field extension of F . Then the set of all
automorphisms of E that fix F elementwise is a group; that is, the set of all
automorphisms σ : E → E such that σ(α) = α for all α ∈ F is a group.

Proof. We need only show that the set of automorphisms of E that fix F
elementwise is a subgroup of the group of all automorphisms of E. Let σ
and τ be two automorphisms of E such that σ(α) = α and τ (α) = α for all
α ∈ F . Then στ (α) = σ(α) = α and σ −1 (α) = α. Since the identity fixes
every element of E, the set of automorphisms of E that leave elements of F
fixed is a subgroup of the entire group of automorphisms of E.           
    Let E be a field extension of F . We will denote the full group of
automorphisms of E by Aut(E). We define the Galois group of E over F
to be the group of automorphisms of E that fix F elementwise; that is,

             G(E/F ) = {σ ∈ Aut(E) : σ(α) = α for all α ∈ F }.

If f (x) is a polynomial in F [x] and E is the splitting field of f (x) over F ,
then we define the Galois group of f (x) to be G(E/F ).

Example 1. Complex conjugation, defined by σ : a + bi 7→ a − bi, is an
automorphism of the complex numbers. Since

                       σ(a) = σ(a + 0i) = a − 0i = a,

the automorphism defined by complex conjugation must be in G(C/R). 
                                            √         √ √
Example  √ 2. Consider the fields Q ⊂ Q( 5 ) ⊂ Q( 3, 5 ). Then for
a, b ∈ Q( 5 ),                    √           √
                          σ(a + b 3 ) = a − b 3
                          √ √                 √
is an automorphism of Q( 3, 5 ) leaving Q( 5 ) fixed. Similarly,
                                  √           √
                          τ (a + b 5 ) = a − b 5
                         √ √                 √
is an automorphism of√Q( 3, √5 ) leaving Q( 3 ) fixed. The automorphism
µ = στ moves both √       √ 5. It will soon be clear that {id, σ, τ, µ} is
                       3 and
the Galois group of Q( 3, 5 ) over Q. The following table shows that this
group is isomorphic to Z2 × Z2 .
378                                        CHAPTER 23        GALOIS THEORY

                                  id   σ τ µ
                             id   id   σ τ µ
                             σ    σ    id µ τ
                             τ    τ    µ id σ
                             µ    µ    τ σ id
                                     √ √
We may also√regard
                 √ √  the field Q( 3, 5 ) as a vector space  √ over
                                                                 √ Q that
has√basis
       √  {1, 3,  5,   15 }.  It is no coincidence that |G(Q( 3,  5 )/Q)| =
[Q( 3, 5 ) : Q)] = 4.                                                     

Proposition 23.3 Let E be a field extension of F and f (x) be a polynomial
in F [x]. Then any automorphism in G(E/F ) defines a permutation of the
roots of f (x) that lie in E.

Proof. Let
                    f (x) = a0 + a1 x + a2 x2 + · · · + an xn
and suppose that α ∈ E is a zero of f (x). Then for σ ∈ G(E/F ),

               0 = σ(0)
                 = σ(f (α))
                 = σ(a0 + a1 α + a2 α2 + · · · + an αn )
                 = a0 + a1 σ(α) + a2 [σ(α)]2 + · · · + an [σ(α)]n ;

therefore, σ(α) is also a zero of f (x).                                   
    Let E be an algebraic extension of a field F . Two elements α, β ∈ E are
conjugate over√F if they have the√same minimal√     polynomial. For example,
in the field Q( 2 ) the elements 2 and − 2 are conjugate over Q since
they are both roots of the irreducible polynomial x2 − 2.
    A converse of the last proposition exists. The proof follows directly from
Lemma 21.18.

Proposition 23.4 If α and β are conjugate over F , there exists an iso-
morphism σ : F (α) → F (β) such that σ is the identity when restricted
to F .

Theorem 23.5 Let f (x) be a polynomial in F [x] and suppose that E is the
splitting field for f (x) over F . If f (x) has no repeated roots, then

                              |G(E/F )| = [E : F ].
23.1   FIELD AUTOMORPHISMS                                                379

Proof. We will use mathematical induction on the degree of f (x). If the
degree of f (x) is 0 or 1, then E = F and there is nothing to show. Assume
that the result holds for all polynomials of degree k with 0 ≤ k < n. Suppose
that the degree of f (x) is n. Let p(x) be an irreducible factor of f (x) of
degree r. Since all of the roots of p(x) are in E, we can choose one of these
roots, say α, so that F ⊂ F (α) ⊂ E. Then

                  [E : F (α)] = n/r    and    [F (α) : F ] = r.

If β is any other root of p(x), then F ⊂ F (β) ⊂ E. By Lemma 21.18, there
exists a unique isomorphism σ : F (α) → F (β) for each such β that fixes F
elementwise. Since E is a splitting field of F (β), there are exactly r such
isomorphisms. For each of these automorphisms, we can use our induction
hypothesis on [E : F (α)] = n/r < n to conclude that

                          |G(E/F (α))| = [E : F (α)].

Consequently, there are

                     [E : F ] = [E : F (α)][F (α) : F ] = n

possible automorphisms of E that fix F , or |G(E/F )| = [E : F ].
                                                                           

Corollary 23.6 Let F be a finite field with a finite extension E such that
[E : F ] = k. Then G(E/F ) is cyclic of order k.

Proof. Let p be the characteristic of E and F and assume that the orders
of E and F are pm and pn , respectively. Then nk = m. We can also assume
                                   m
that E is the splitting field of xp − x over a subfield of order p. Therefore,
                                        m
E must also be the splitting field of xp − x over F . Applying Theorem 23.5,
we find that |G(E/F )| = k.
    To prove that G(E/F ) is cyclic, we must find a generator for G(E/F ).
                                          n
Let σ : E → E be defined by σ(α) = αp . We claim that σ is the element in
G(E/F ) that we are seeking. We first need to show that σ is in Aut(E). If
α and β are in E,
                                   n      n      n
             σ(α + β) = (α + β)p = αp + β p = σ(α) + σ(β)

by Lemma 22.3. Also, it is easy to show that σ(αβ) = σ(α)σ(β). Since σ is
a nonzero homomorphism of fields, it must be injective. It must also be onto,
since E is a finite field. We know that σ must be in G(E/F ), since F is the
380                                            CHAPTER 23    GALOIS THEORY

                     n
splitting field of xp − x over the base field of order p. This means that σ
leaves every element in F fixed. Finally, we must show that the order of σ is
k. By Theorem 23.5, we know that
                                          nk      m
                           σ k (α) = αp        = αp = α

is the identity of G(E/F ). However, σ r cannot be the identity for 1 ≤ r < k;
               nr
otherwise, xp − x would have pm roots, which is impossible.                 
                                                                      √ √
Example 3. We can now confirm that the Galois group of Q( 3, 5 )
over Q in Example 2 is indeed isomorphic√ √ to Z2 × Z2 . Certainly the group
H = {id,√σ, τ,√µ} is a subgroup of G(Q( 3, 5 )/Q); however, H must be all
of G(Q( 3, 5 )/Q), since
                         √ √                  √ √
               |H| = [Q( 3, 5 ) : Q] = |G(Q( 3, 5 )/Q)| = 4.

                                                                                 

Example 4. Let us compute the Galois group of

                          f (x) = x4 + x3 + x2 + x + 1

over Q. We know that f (x) is irreducible by Exercise 20 in Chapter 17.
Furthermore, since (x − 1)f (x) = x5 − 1, we can use DeMoivre’s Theorem to
determine that the roots of f (x) are ω i , where i = 1, . . . , 4 and

                          ω = cos(2π/5) + i sin(2π/5).

Hence, the splitting field of f (x) must be Q(ω). We can define automorphisms
σi of Q(ω) by σi (ω) = ω i for i = 1, . . . , 4. It is easy to check that these are
indeed distinct automorphisms in G(Q(ω)/Q). Since

                         [Q(ω) : Q] = |G(Q(ω)/Q)| = 4,

the σi ’s must be all of G(Q(ω)/Q). Therefore, G(Q(ω)/Q) ∼
                                                         = Z4 since ω is a
generator for the Galois group.                                         


Separable Extensions
Many of the results that we have just proven depend on the fact that a
polynomial f (x) in F [x] has no repeated roots in its splitting field. It is
evident that we need to know exactly when a polynomial factors into distinct
23.1   FIELD AUTOMORPHISMS                                                       381

linear factors in its splitting field. Let E be the splitting field of a polynomial
f (x) in F [x]. Suppose that f (x) factors over E as
                                                               r
                                                               Y
         f (x) = (x − α1 )n1 (x − α2 )n2 · · · (x − αr )nr =     (x − αi )ni .
                                                               i=1

We define the multiplicity of a root αi of f (x) to be ni . A root with
multiplicity 1 is called a simple root. Recall that a polynomial f (x) ∈ F [x]
of degree n is separable if it has n distinct roots in its splitting field E.
Equivalently, f (x) is separable if it factors into distinct linear factors over
E[x]. An extension E of F is a separable extension of F if every element
in E is the root of a separable polynomial in F [x]. Also recall that f (x) is
separable if and only if gcd(f (x), f 0 (x)) = 1 (Lemma 22.4).

Proposition 23.7 Let f (x) be an irreducible polynomial over F . If the
characteristic of F is 0, then f (x) is separable. If the characteristic of F is
p and f (x) 6= g(xp ) for some g(x) in F [x], then f (x) is also separable.

Proof. First assume that charF = 0. Since deg f 0 (x) < deg f (x) and
f (x) is irreducible, the only way gcd(f (x), f 0 (x)) 6= 1 is if f 0 (x) is the zero
polynomial; however, this is impossible in a field of characteristic zero. If
charF = p, then f 0 (x) can be the zero polynomial if every coefficient of f (x)
is a multiple of p. This can happen only if we have a polynomial of the form
f (x) = a0 + a1 xp + a2 x2p + · · · + an xnp .                                     
   Certainly extensions of a field F of the form F (α) are some of the easiest
to study and understand. Given a field extension E of F , the obvious
question to ask is when it is possible to find an element α ∈ E such that
E = F (α). In this case, α is called a primitive element. We already know
that primitive elements exist for certain extensions. For example,
                            √ √            √    √
                         Q( 3, 5 ) = Q( 3 + 5 )

and                            √  √         √
                               3            6
                             Q( 5, 5 i) = Q( 5 i).
Corollary 22.9 tells us that there exists a primitive element for any finite
extension of a finite field. The next theorem tells us that we can often find a
primitive element.

Theorem 23.8 (Primitive Element Theorem) Let E be a finite sepa-
rable extension of a field F . Then there exists an α ∈ E such that E = F (α).
382                                         CHAPTER 23        GALOIS THEORY

Proof. We already know that there is no problem if F is a finite field.
Suppose that E is a finite extension of an infinite field. We will prove the
result for F (α, β). The general case easily follows when we use mathematical
induction. Let f (x) and g(x) be the minimal polynomials of α and β,
respectively. Let K be the field in which both f (x) and g(x) split. Suppose
that f (x) has zeros α = α1 , . . . , αn in K and g(x) has zeros β = β1 , . . . , βm
in K. All of these zeros have multiplicity 1, since E is separable over F .
Since F is infinite, we can find an a in F such that
                                          αi − α
                                   a 6=
                                          β − βj
for all i and j with j 6= 1. Therefore, a(β − βj ) 6= αi − α. Let γ = α + aβ.
Then
                            γ = α + aβ 6= αi + aβj ;
hence, γ − aβj 6= αi for all i, j with j 6= 1. Define h(x) ∈ F (γ)[x] by
h(x) = f (γ − ax). Then h(β) = f (α) = 0. However, h(βj ) 6= 0 for j 6= 1.
Hence, h(x) and g(x) have a single common factor in F (γ)[x]; that is, the
irreducible polynomial of β over F (γ) must be linear, since β is the only zero
common to both g(x) and h(x). So β ∈ F (γ) and α = γ − aβ is in F (γ).
Hence, F (α, β) = F (γ).                                                     


23.2      The Fundamental Theorem
The goal of this section is to prove the Fundamental Theorem of Galois
Theory. This theorem explains the connection between the subgroups of
G(E/F ) and the intermediate fields between E and F .

Proposition 23.9 Let {σi : i ∈ I} be a collection of automorphisms of a
field F . Then
                F{σi } = {a ∈ F : σi (a) = a for all σi }
is a subfield of F .

Proof. Let σi (a) = a and σi (b) = b. Then

                       σi (a ± b) = σi (a) ± σi (b) = a ± b

and
                            σi (ab) = σi (a)σi (b) = ab.
     6 0, then σi (a−1 ) = [σi (a)]−1 = a−1 . Finally, σi (0) = 0 and σi (1) = 1
If a =
since σi is an automorphism.                                                  
23.2   THE FUNDAMENTAL THEOREM                                             383

Corollary 23.10 Let F be a field and let G be a subgroup of Aut(F ). Then

                       FG = {α ∈ F : σ(α) = α for all σ ∈ G}

is a subfield of F .

    The subfield F{σi } of F is called the fixed field of {σi }. The field fixed
for a subgroup G of Aut(F ) will be denoted by FG .
                          √ √             √ √
Example√   5. Let
              √   σ  : Q(   3,
                             √  5 ) →  Q(   3, 5 ) be the
                                                       √ automorphism
                                                           √                that
maps 3 to − 3. Then Q( 5 ) is the subfield of Q( 3, 5 ) left fixed by σ.
                                                                              

Proposition 23.11 Let E be a splitting field over F of a separable polyno-
mial. Then EG(E/F ) = F .

Proof. Let G = G(E/F ). Clearly, F ⊂ EG ⊂ E. Also, E must be a
splitting field of EG and G(E/F ) = G(E/EG ). By Theorem 23.5,

                              |G| = [E : EG ] = [E : F ].

Therefore, [EG : F ] = 1. Consequently, EG = F .                             
   A large number of mathematicians first learned Galois theory from Emil
Artin’s monograph on the subject [1]. The very clever proof of the following
lemma is due to Artin.

Lemma 23.12 Let G be a finite group of automorphisms of E and let
F = EG . Then [E : F ] ≤ |G|.

Proof. Let |G| = n. We must show that any set of n + 1 elements
α1 , . . . , αn+1 in E is linearly dependent over F ; that is, we need to find
elements ai ∈ F , not all zero, such that

                         a1 α1 + a2 α2 + · · · + an+1 αn+1 = 0.

Suppose that σ1 = id, σ2 , . . . , σn are the automorphisms in G. The homoge-
neous system of linear equations

           σ1 (α1 )x1 + σ1 (α2 )x2 + · · · + σ1 (αn+1 )xn+1 = 0
           σ2 (α1 )x1 + σ2 (α2 )x2 + · · · + σ2 (αn+1 )xn+1 = 0
                                                           ..
                                                            .
          σn (α1 )x1 + σn (α2 )x2 + · · · + σn (αn+1 )xn+1 = 0
384                                       CHAPTER 23           GALOIS THEORY

has more unknowns than equations. From linear algebra we know that this
system has a nontrivial solution, say xi = ai for i = 1, 2, . . . , n + 1. Since σ1
is the identity, the first equation translates to

                      a1 α1 + a2 α2 + · · · + an+1 αn+1 = 0.

The problem is that some of the ai ’s may be in E but not in F . We must
show that this is impossible.
    Suppose that at least one of the ai ’s is in E but not in F . By rearranging
the αi ’s we may assume that a1 is nonzero. Since any nonzero multiple of a
solution is also a solution, we can also assume that a1 = 1. Of all possible
solutions fitting this description, we choose the one with the smallest number
of nonzero terms. Again, by rearranging α2 , . . . , αn+1 if necessary, we can
assume that a2 is in E but not in F . Since F is the subfield of E that is fixed
elementwise by G, there exists a σi in G such that σi (a2 ) 6= a2 . Applying
σi to each equation in the system, we end up with the same homogeneous
system, since G is a group. Therefore, x1 = σi (a1 ) = 1, x2 = σi (a2 ), . . .,
xn+1 = σi (an+1 ) is also a solution of the original system. We know that
a linear combination of two solutions of a homogeneous system is also a
solution; consequently,

                     x1 = 1 − 1 = 0
                     x2 = a2 − σi (a2 )
                       ..
                        .
                  xn+1 = an+1 − σi (an+1 )

must be another solution of the system. This is a nontrivial solution because
σi (a2 ) 6= a2 , and has fewer nonzero entries than our original solution. This
is a contradiction, since the number of nonzero solutions to our original
solution was assumed to be minimal. We can therefore conclude that a1 =
· · · = an+1 = 0.                                                            
    Let E be an algebraic extension of F . If every irreducible polynomial in
F [x] with a root in E has all of its roots in E, then E is called a normal
extension of F ; that is, every irreducible polynomial in F [x] containing a
root in E is the product of linear factors in E[x].

Theorem 23.13 Let E be a field extension of F . Then the following state-
ments are equivalent.

   1. E is a finite, normal, separable extension of F .
23.2   THE FUNDAMENTAL THEOREM                                                 385

   2. E is a splitting field over F of a separable polynomial.
   3. F = EG for some finite group of automorphisms of E.

Proof. (1) ⇒ (2). Let E be a finite, normal, separable extension of F . By
the Primitive Element Theorem, we can find an α in E such that E = F (α).
Let f (x) be the minimal polynomial of α over F . The field E must contain
all of the roots of f (x) since it is a normal extension F ; hence, E is a splitting
field for f (x).
    (2) ⇒ (3). Let E be the splitting field over F of a separable polynomial.
By Proposition 23.11, EG(E/F ) = F . Since |G(E/F )| = [E : F ], this is a
finite group.
    (3) ⇒ (1). Let F = EG for some finite group of automorphisms G of E.
Since [E : F ] ≤ |G|, E is a finite extension of F . To show that E is a finite,
normal extension of F , let f (x) ∈ F [x] be an irreducible monic polynomial
that has a root α in E. We must show that f (x) is the product of distinct
linear factors in E[x]. By Proposition 23.3, automorphisms in G permute
the roots of f (x) lying in E. Hence, if we let G act   Qn on α, we can obtain
distinct roots α1 = α, α2 , . . . , αn in E. Let g(x) = i=1 (x − αi ). Then g(x)
is separable over F and g(α) = 0. Any automorphism σ in G permutes the
factors of g(x) since it permutes these roots; hence, when σ acts on g(x), it
must fix the coefficients of g(x). Therefore, the coefficients of g(x) must be
in F . Since deg g(x) ≤ deg f (x) and f (x) is the minimal polynomial of α,
f (x) = g(x).                                                                     

Corollary 23.14 Let K be a field extension of F such that F = KG for
some finite group of automorphisms G of K. Then G = G(K/F ).

Proof. Since F = KG , G is a subgroup of G(K/F ). Hence,
                     [K : F ] ≤ |G| ≤ |G(K/F )| = [K : F ].
It follows that G = G(K/F ), since they must have the same order.                
    Before we determine the exact correspondence between field extensions
and automorphisms of fields, let us return to a familiar example.
                                                                     √ √
Example 6. In Example 2 we examined the automorphisms of Q( 3, 5 )
fixing Q. Figure 23.1 compares
                             √ the√ lattice of field extensions of Q with the
lattice of subgroups of G(Q( 3, 5 )/Q). The Fundamental Theorem of
Galois Theory tells us what the relationship is between the two lattices. 
   We are now ready to state and prove the Fundamental Theorem of Galois
Theory.
386                                         CHAPTER 23        GALOIS THEORY

                                                        √ √
                  {id, σ, τ, µ}                       Q( 3, 5 )


                                               √         √      √
        {id, σ}     {id, τ }      {id, µ}    Q( 3 )    Q( 5 ) Q( 15 )



                     {id}                                 Q

                                          √ √
                         Figure 23.1. G(Q( 3, 5 )/Q)


Theorem 23.15 (Fundamental Theorem of Galois Theory) Let F be
a finite field or a field of characteristic zero. If E is a finite normal extension
of F with Galois group G(E/F ), then the following statements are true.

   1. The map K 7→ G(E/K) is a bijection of subfields K of E containing
      F with the subgroups of G(E/F ).

   2. If F ⊂ K ⊂ E, then

             [E : K] = |G(E/K)| and [K : F ] = [G(E/F ) : G(E/K)].

   3. F ⊂ K ⊂ L ⊂ E if and only if {id} ⊂ G(E/L) ⊂ G(E/K) ⊂ G(E/F ).

   4. K is a normal extension of F if and only if G(E/K) is a normal
      subgroup of G(E/F ). In this case

                               G(K/F ) ∼
                                       = G(E/F )/G(E/K).

Proof. (1) Suppose that G(E/K) = G(E/L) = G. Both K and L are
fixed fields of G; hence, K = L and the map defined by K 7→ G(E/K) is
one-to-one. To show that the map is onto, let G be a subgroup of G(E/F )
and K be the field fixed by G. Then F ⊂ K ⊂ E; consequently, E is a
normal extension of K. Thus, G(E/K) = G and the map K 7→ G(E/K) is
a bijection.
    (2) By Theorem 23.5, |G(E/K)| = [E : K]; therefore,

 |G(E/F )| = [G(E/F ) : G(E/K)] · |G(E/K)| = [E : F ] = [E : K][K : F ].

Thus, [K : F ] = [G(E/F ) : G(E/K)].
23.2   THE FUNDAMENTAL THEOREM                                            387

                             E            {id}



                             L          G(E/L)



                             K          G(E/K)



                             F          G(E/F )


          Figure 23.2. Subgroups of G(E/F ) and subfields of E

    (3) Statement (3) is illustrated in Figure 23.2. We leave the proof of this
property as an exercise.
    (4) This part takes a little more work. Let K be a normal extension of
F . If σ is in G(E/F ) and τ is in G(E/K), we need to show that σ −1 τ σ
is in G(E/K); that is, we need to show that σ −1 τ σ(α) = α for all α ∈ K.
Suppose that f (x) is the minimal polynomial of α over F . Then σ(α) is
also a root of f (x) lying in K, since K is a normal extension of F . Hence,
τ (σ(α)) = σ(α) or σ −1 τ σ(α) = α.
    Conversely, let G(E/K) be a normal subgroup of G(E/F ). We need to
show that F = KG(K/F ) . Let τ ∈ G(E/K). For all σ ∈ G(E/F ) there exists
a τ ∈ G(E/K) such that τ σ = στ . Consequently, for all α ∈ K

                         τ (σ(α)) = σ(τ (α)) = σ(α);

hence, σ(α) must be in the fixed field of G(E/K). Let σ be the restriction
of σ to K. Then σ is an automorphism of K fixing F , since σ(α) ∈ K for
all α ∈ K; hence, σ ∈ G(K/F ). Next, we will show that the fixed field of
G(K/F ) is F . Let β be an element in K that is fixed by all automorphisms
in G(K/F ). In particular, σ(β) = β for all σ ∈ G(E/F ). Therefore, β
belongs to the fixed field F of G(E/F ).
    Finally, we must show that when K is a normal extension of F ,

                       G(K/F ) ∼
                               = G(E/F )/G(E/K).
For σ ∈ G(E/F ), let σK be the automorphism of K obtained by restrict-
ing σ to K. Since K is a normal extension, the argument in the preced-
388                                          CHAPTER 23          GALOIS THEORY

ing paragraph shows that σK ∈ G(K/F ). Consequently, we have a map
φ : G(E/F ) → G(K/F ) defined by σ 7→ σK . This map is a group homomor-
phism since
                 φ(στ ) = (στ )K = σK τK = φ(σ)φ(τ ).
The kernel of φ is G(E/K). By (2),

                  |G(E/F )|/|G(E/K)| = [K : F ] = |G(K/F )|.

Hence, the image of φ is G(K/F ) and φ is onto. Applying the First Isomor-
phism Theorem, we have

                          G(K/F ) ∼
                                  = G(E/F )/G(E/K).

                                                                                      

Example 7. In this example we will illustrate the Fundamental Theorem of
Galois Theory by determining the lattice of subgroups of the Galois group of
f (x) = x4 − 2. We will compare this lattice to the lattice of field extensions
of Q that √  are contained in the splitting field of x4 − 2. The splitting√       field
                                                                                     √ of
f (x) is Q( 4 2, i). To see this, notice  that   f (x) factors  as  (x 2 + 2 )(x2 − 2 );
                                    √           √                                   √
hence, the roots of f (x) are ± 4 2 and ± 4 2 i.√We first adjoin the root 4 2 to
Q and then√adjoin the root   √   i of x2 + 1 to Q( 4 2 ). The splitting field of f (x)
              4               4
is then Q( 2√    )(i) = Q( 2, i).                      √
                 4
    Since
    √       [Q(  √ 2 ) : Q] = 4 and i is not
                                          √     in Q( 4 2 ), it must be the case that
[Q( 4 2, i) : Q( 4 2 )] = 2. Hence, [Q( 4 2, i) : Q] = 8. The set
                       √      √      √           √     √         √
                   {1, 2, ( 2 )2 , ( 2 )3 , i, i 2, i( 2 )2 , i( 2 )3 }
                        4     4      4           4      4         4


                   √4
is a basis
       √    of  Q(    2, i) over Q. The lattice of field extensions of Q contained
in Q( 4 2, i) is illustrated in Figure 23.3(a).
    The Galois√group G√of f (x) must be of order 8. Let σ be the automorphism
defined by σ( 4 2 ) = i 4 2 and σ(i) = i, and τ be the automorphism defined
by complex conjugation; that is, τ (i) = −i. Then G has an element of order
4 and an element of order 2. It is easy to verify by direct computation that
the elements of G are {id, σ, σ 2 , σ 3 , τ, στ, σ 2 τ, σ 3 τ } and that the relations
τ 2 = id, σ 4 = id, and τ στ = σ −1 are satisfied; hence, G must be isomorphic
to D4 . The lattice of subgroups of G is illustrated in Figure 23.3(b).                 


                                  Historical Note
23.2     THE FUNDAMENTAL THEOREM                                                                   389

                                            √
                                          Q( 4 2, i)


      √                 √                   √                       √               √
    Q( 4 2 )          Q( 4 2 i)           Q( 2, i)         Q((1 + i) 4 2 ) Q((1 − i) 4 2 )


                         √                                       √
                       Q( 2 )                Q(i)              Q( 2 i)



                                               Q                                        (a)



                                              D4



                  {id, σ 2 , τ, σ 2 τ } {id, σ, σ 2 , σ 3 }{id, σ 2 , στ, σ 3 τ }



       {id, τ }      {id, σ 2 τ }          {id, σ 2 }          {id, στ }            {id, σ 3 τ }



                                             {id}                                      (b)


                        Figure 23.3. Galois group of x4 − 2


Solutions for the cubic and quartic equations were discovered in the 1500s. Attempts
to find solutions for the quintic equations puzzled some of history’s best mathe-
maticians. In 1798, P. Ruffini submitted a paper that claimed no such solution
could be found; however, the paper was not well received. In 1826, Niels Henrik
Abel (1802–1829) finally offered the first correct proof that quintics are not always
solvable by radicals.
    Abel inspired the work of Évariste Galois. Born in 1811, Galois began to display
extraordinary mathematical talent at the age of 14. He applied for entrance to the
École Polytechnique several times; however, he had great difficulty meeting the
formal entrance requirements, and the examiners failed to recognize his mathematical
genius. He was finally accepted at the École Normale in 1829.
390                                         CHAPTER 23         GALOIS THEORY

    Galois worked to develop a theory of solvability for polynomials. In 1829, at
the age of 17, Galois presented two papers on the solution of algebraic equations
to the Académie des Sciences de Paris. These papers were sent to Cauchy, who
subsequently lost them. A third paper was submitted to Fourier, who died before
he could read the paper. Another paper was presented, but was not published
until 1846.
    Galois’ democratic sympathies led him into the Revolution of 1830. He was
expelled from school and sent to prison for his part in the turmoil. After his release
in 1832, he was drawn into a duel over a love affair. Certain that he would be killed,
he spent the evening before his death outlining his work and his basic ideas for
research in a long letter to his friend Chevalier. He was indeed dead the next day,
at the age of 20.


23.3      Applications
Solvability by Radicals
Throughout this section we shall assume that all fields have characteristic
zero to ensure that irreducible polynomials do not have multiple roots. The
immediate goal of this section is to determine when the roots of a polynomial
f (x) can be computed with a finite number of operations on the coefficients
of f (x). The allowable operations are addition, subtraction, multiplication,
division, and the extraction of nth roots. Certainly the solution to the
quadratic equation, ax2 + bx + c = 0, illustrates this process:
                                        √
                                  −b ± b2 − 4ac
                            x=                   .
                                         2a
The only one of these operations that might demand a larger field is the
taking of nth roots. We are led to the following definition.
    An extension field E of a field F is an extension by radicals if there
exists a chain of subfields

                       F = F0 ⊆ F1 ⊆ F2 ⊆ · · · ⊆ Fr = E

such for i = 1, 2, . . . , r, we have Fi = Fi−1 (αi ) and αini ∈ Fi−1 for some
positive integer ni . A polynomial f (x) is solvable by radicals over F if
the splitting field K of f (x) over F is contained in an extension of F by
radicals. Our goal is to arrive at criteria that will tell us whether or not a
polynomial f (x) is solvable by radicals by examining the Galois group f (x).
   The easiest polynomial to solve by radicals is one of the form xn − a. As
we discussed in Chapter 4, the roots of xn − 1 are called the nth roots of
23.3   APPLICATIONS                                                               391

unity . These roots are a finite subgroup of the splitting field of xn − 1. By
Theorem 22.7, the nth roots of unity form a cyclic group. Any generator of
this group is called a primitive nth root of unity .

Example 8. The polynomial xn − 1 is solvable by radicals over Q. The
roots of this polynomial are 1, ω, ω 2 , . . . , ω n−1 , where
                                                    
                                   2π                   2π
                       ω = cos             + i sin          .
                                    n                    n

The splitting field of xn − 1 over Q is Q(ω).                                      
    We shall prove that a polynomial is solvable by radicals if its Galois group
is solvable. Recall that a subnormal series of a group G is a finite sequence
of subgroups

                   G = Hn ⊃ Hn−1 ⊃ · · · ⊃ H1 ⊃ H0 = {e},

where Hi is normal in Hi+1 . A group G is solvable if it has a subnormal series
{Hi } such that all of the factor groups Hi+1 /Hi are abelian. For example, if
we examine the series {id} ⊂ A3 ⊂ S3 , we see that S3 is solvable. On the
other hand, S5 is not solvable, by Theorem 10.6.

Lemma 23.16 Let F be a field of characteristic zero and E be the splitting
field of xn − a over F with a ∈ F . Then G(E/F ) is a solvable group.
                                           √    √           √
Proof. The roots of xn − a are n a, ω n a, . . . , ω n−1 n a, where ω is a
primitive nth root of unity. Suppose that F contains all of its nth roots of
unity. If ζ is one of the roots of xn − a, then distinct roots of xn − a are
ζ, ωζ, . . . , ω n−1 ζ, and E = F (ζ). Since G(E/F ) permutes the roots xn − a,
the elements in G(E/F ) must be determined by their action on these roots.
Let σ and τ be in G(E/F ) and suppose that σ(ζ) = ω i ζ and τ (ζ) = ω j ζ. If
F contains the roots of unity, then

       στ (ζ) = σ(ω j ζ) = ω j σ(ζ) = ω i+j ζ = ω i τ (ζ) = τ (ω i ζ) = τ σ(ζ).

Therefore, στ = τ σ and G(E/F ) is abelian, and G(E/F ) must be solvable.
    Now suppose that F does not contain a primitive nth root of unity. Let
ω be a generator of the cyclic group of the nth roots of unity. Let α be
a zero of xn − a. Since α and ωα are both in the splitting field of xn − a,
ω = (ωα)/α is also in E. Let K = F (ω). Then F ⊂ K ⊂ E. Since K is
the splitting field of xn − 1, K is a normal extension of F . Therefore, any
392                                         CHAPTER 23         GALOIS THEORY

automorphism σ in G(F (ω)/F ) is determined by σ(ω). It must be the case
that σ(ω) = ω i for some integer i since all of the zeros of xn − 1 are powers
of ω. If τ (ω) = ω j is in G(F (ω)/F ), then
          στ (ω) = σ(ω j ) = [σ(ω)]j = ω ij = [τ (ω)]i = τ (ω i ) = τ σ(ω).
Therefore, G(F (ω)/F ) is abelian. By the Fundamental Theorem of Galois
Theory the series
                      {id} ⊂ G(E/F (ω)) ⊂ G(E/F )
is a normal series. By our previous argument, G(E/F (ω)) is abelian. Since
                      G(E/F )/G(E/F (ω)) ∼
                                         = G(F (ω)/F )
is also abelian, G(E/F ) is solvable.                                              
Lemma 23.17 Let F be a field of characteristic zero and let
                       F = F0 ⊆ F1 ⊆ F2 ⊆ · · · ⊆ Fr = E
a radical extension of F . Then there exists a normal radical extension
                      F = K0 ⊆ K1 ⊆ K2 ⊆ · · · ⊆ Kr = K
such that K that contains E and Ki is a normal extension of Ki−1 .
Proof. Since E is a radical extension of F , there exists a chain of subfields
                       F = F0 ⊆ F1 ⊆ F2 ⊆ · · · ⊆ Fr = E
such for i = 1, 2, . . . , r, we have Fi = Fi−1 (αi ) and αini ∈ Fi−1 for some
positive integer ni . We will build a normal radical extension of F ,
                      F = K0 ⊆ K1 ⊆ K2 ⊆ · · · ⊆ Kr = K
such that K ⊇ E. Define K1 for be the splitting field of xn1 − α1n1 . The roots
of this polynomial are α1 , α1 ω, α1 ω 2 , . . . , α1 ω n1 −1 , where ω is a primitive
n1 th root of unity. If F contains all of its n1 roots of unity, then K1 = F (α! ).
On the other hand, suppose that F does not contain a primitive n1 th root
of unity. If β is a root of xn1 − α1n1 , then all of the roots of xn1 − α1n1 must
be β, ωβ, . . . , ω n1 −1 , where ω is a primitive n1 th root of unity. In this case,
K1 = F (ωβ). Thus, K1 is a normal radical extension of F containing F1 .
Continuing in this manner, we obtain
                      F = K0 ⊆ K1 ⊆ K2 ⊆ · · · ⊆ Kr = K
such that Ki is a normal extension of Ki−1 and Ki ⊇ Fi for i = 1, 2, . . . , r.
                                                                            
      We will now prove the main theorem about solvability by radicals.
23.3   APPLICATIONS                                                                393

Theorem 23.18 Let f (x) be in F [x], where char F = 0. If f (x) is solvable
by radicals, then the Galois group of f (x) over F is solvable.

Proof. Since f (x) is solvable by radicals there exists an extension E of
F by radicals F = F0 ⊆ F1 ⊆ · · · ⊆ Fn = E. By Lemma 23.17, we can
assume that E is a splitting field f (x) and Fi is normal over Fi−1 . By the
Fundamental Theorem of Galois Theory, G(E/Fi ) is a normal subgroup of
G(E/Fi−1 ). Therefore, we have a subnormal series of subgroups of G(E/F ):

               {id} ⊂ G(E/Fn−1 ) ⊂ · · · ⊂ G(E/F1 ) ⊂ G(E/F ).

Again by the Fundamental Theorem of Galois Theory, we know that

                       G(E/Fi−1 )/G(E/Fi ) ∼
                                           = G(Fi /Fi−1 ).

By Lemma 23.16, G(Fi /Fi−1 ) is solvable; hence, G(E/F ) is also solvable.
                                                                       
    The converse of Theorem 23.18 is also true. For a proof, see any of the
references at the end of this chapter.

Insolvability of the Quintic
We are now in a position to find a fifth-degree polynomial that is not solvable
by radicals. We merely need to find a polynomial whose Galois group is S5 .
We begin by proving a lemma.

Lemma 23.19 If p is prime, then any subgroup of Sp that contains a trans-
position and a cycle of length p must be all of Sp .

Proof. Let G be a subgroup of Sp that contains a transposition σ and
τ a cycle of length p. We may assume that σ = (12). The order of τ
is p and τ n must be a cycle of length p for 1 ≤ n < p. Therefore, we
may assume that µ = τ n = (12i3 . . . ip ) for some n, where 1 ≤ n < p (see
Exercise 13 in Chapter 5). Noting that (12)(12i3 . . . ip ) = (2i3 . . . ip ) and
(2i3 . . . ip )k (12)(2i3 . . . ip )−k = (1ik ), we can obtain all the transpositions of
the form (1n) for 1 ≤ n < p. However, these transpositions generate all
transpositions in Sp , since (1j)(1i)(1j) = (ij). The transpositions generate
Sp .                                                                                  

Example 9. We will show that f (x) = x5 − 6x3 − 27x − 3 ∈ Q[x] is
not solvable. We claim that the Galois group of f (x) over Q is S5 . By
394                                         CHAPTER 23         GALOIS THEORY

                                  y


                                       f (x) = x5 − 6x3 − 27x − 3

                                      40



              -4        -2                    2        4
                                                           x




                                      -40




          Figure 23.4. The graph of f (x) = x5 − 6x3 − 27x − 3


Eisenstein’s Criterion, f (x) is irreducible and, therefore, must be separable.
The derivative of f (x) is f 0 (x) = 5x4 − 18x2 − 27; hence, setting f 0 (x) = 0
and solving, we find that the only real roots of f 0 (x) are
                                      s √
                                         6 6+9
                                x=±              .
                                            5

Therefore, f (x) can have at most one maximum and one minimum. It is
easy to show that f (x) changes sign between −3 and −2, between −2 and 0,
and once again between 0 and 4 (Figure 23.4). Therefore, f (x) has exactly
three distinct real roots. The remaining two roots of f (x) must be complex
conjugates. Let K be the splitting field of f (x). Since f (x) has five distinct
roots in K and every automorphism of K fixing Q is determined by the
way it permutes the roots of f (x), we know that G(K/Q) is a subgroup of
S5 . Since f is irreducible, there is an element in σ ∈ G(K/Q) such that
σ(a) = b for two roots a and b of f (x). The automorphism of C that takes
a + bi 7→ a − bi leaves the real roots fixed and interchanges the complex
roots; consequently, G(K/Q) ⊂ S5 . By Lemma 23.19, S5 is generated by
23.3   APPLICATIONS                                                          395

a transposition and an element of order 5; therefore, G(K/Q) must be all
of S5 . By Theorem 10.6, S5 is not solvable. Consequently, f (x) cannot be
solved by radicals.                                                     


The Fundamental Theorem of Algebra
It seems fitting that the last theorem that we will state and prove is the
Fundamental Theorem of Algebra. This theorem was first proven by Gauss
in his doctoral thesis. Prior to Gauss’s proof, mathematicians suspected that
there might exist polynomials over the real and complex numbers having no
solutions. The Fundamental Theorem of Algebra states that every polynomial
over the complex numbers factors into distinct linear factors.

Theorem 23.20 (Fundamental Theorem of Algebra) The field of com-
plex numbers is algebraically closed; that is, every polynomial in C[x] has a
root in C.

    For our proof we shall assume two facts from calculus. We need the
results that every polynomial of odd degree over R has a real root and that
every positive real number has a square root.
Proof. Suppose that E is a proper finite field extension of the complex
numbers. Since any finite extension of a field of characteristic zero is a simple
extension, there exists an α ∈ E such that E = C(α) with α the root of an
irreducible polynomial f (x) in C[x]. The splitting field L of f (x) is a finite
normal separable extension of C that contains E. We must show that it is
impossible for L to be a proper extension of C.
     Suppose that L is a proper extension of C. Since L is the splitting field
of f (x)(x2 + 1) over R, L is a finite normal separable extension of R. Let K
be the fixed field of a Sylow 2-subgroup G of G(L/R). Then L ⊃ K ⊃ R and
|G(L/K)| = [L : K]. Since [L : R] = [L : K][K : R], we know that [K : R]
must be odd. Consequently, K = R(β) with β having a minimal polynomial
f (x) of odd degree. Therefore, K = R.
     We now know that G(L/R) must be a 2-group. It follows that G(L/C)
is a 2-group. We have assumed that L =   6 C; therefore, |G(L/C)| ≥ 2. By the
first Sylow Theorem and the Fundamental Theorem of Galois Theory, there
exists a subgroup G of G(L/C) of index 2 and a field E fixed elementwise
by G. Then [E : C] = 2 and there exists an element γ ∈ E with       √ minimal
              2
polynomial x + bx + c in C[x]. This polynomial has roots (−b ± b2 − 4c )/2
that are in C, since b2 − 4c is in C. This is impossible; hence, L = C.        
396                                        CHAPTER 23         GALOIS THEORY

    Although our proof was strictly algebraic, we were forced to rely on
results from calculus. It is necessary to assume the completeness axiom from
analysis to show that every polynomial of odd degree has a real root and
that every positive real number has a square root. It seems that there is
no possible way to avoid this difficulty and formulate a purely algebraic
argument. It is somewhat amazing that there are several elegant proofs of
the Fundamental Theorem of Algebra that use complex analysis. It is also
interesting to note that we can obtain a proof of such an important theorem
from two very different fields of mathematics.


Exercises
  1. Compute each of the following Galois groups. Which of these field extensions
     are normal field extensions? If the extension is not normal, find a normal
     extension of Q in which the extension field is contained.
              √                                        √ √
      (a) G(Q( 30 )/Q)                         (d) G(Q( 2, 3 2, i)/Q)
              √
      (b) G(Q( 4 5 )/Q)
              √ √ √                                    √
      (c) G(Q( 2, 3, 5 )/Q)                    (e) G(Q( 6, i)/Q)

  2. Determine the separability of each of the following polynomials.

       (a) x3 + 2x2 − x − 2 over Q             (c) x4 + x2 + 1 over Z3
      (b) x4 + 2x2 + 1 over Q                  (d) x3 + x2 + 1 over Z2

  3. Give the order and describe a generator of the Galois group of GF(729)
     over GF(9).
  4. Determine the Galois groups of each of the following polynomials in Q[x];
     hence, determine the solvability by radicals of each of the polynomials.

      (a)   x5 − 12x2 + 2                      (f) (x2 − 2)(x2 + 2)
      (b)   x5 − 4x4 + 2x + 2                  (g) x8 − 1
      (c)   x3 − 5
      (d)   x4 − x2 − 6                        (h) x8 + 1
      (e)   x5 + 1                              (i) x4 − 3x2 − 10

  5. Find a primitive element in the splitting field of each of the following polyno-
     mials in Q[x].
EXERCISES                                                                         397

      (a) x4 − 1                                  (c) x4 − 2x2 − 15
            4      2
      (b) x − 8x + 15                            (d) x3 − 2

  6. Prove that the Galois group of an irreducible quadratic polynomial is isomor-
     phic to Z2 .
  7. Prove that the Galois group of an irreducible cubic polynomial is isomorphic
     to S3 or Z3 .
  8. Let F ⊂ K ⊂ E be fields. If E is a normal extension of F , show that E must
     also be a normal extension of K.
  9. Let G be the Galois group of a polynomial of degree n. Prove that |G|
     divides n!.
 10. Let F ⊂ E. If f (x) is solvable over F , show that f (x) is also solvable over E.
 11. Construct a polynomial f (x) in Q[x] of degree 7 that is not solvable by
     radicals.
 12. Let p be prime. Prove that there exists a polynomial f (x) ∈ Q[x] of degree
     p with Galois group isomorphic to Sp . Conclude that for each prime p with
     p ≥ 5 there exists a polynomial of degree p that is not solvable by radicals.
 13. Let p be a prime and Zp (t) be the field of rational functions over Zp . Prove
     that f (x) = xp − t is an irreducible polynomial in Zp (t)[x]. Show that f (x) is
     not separable.
 14. Let E be an extension field of F . Suppose that K and L are two intermediate
     fields. If there exists an element σ ∈ G(E/F ) such that σ(K) = L, then K
     and L are said to be conjugate fields. Prove that K and L are conjugate
     if and only if G(E/K) and G(E/L) are conjugate subgroups of G(E/F ).
 15. Let σ ∈ Aut(R). If a is a positive real number, show that σ(a) > 0.
 16. Let K be the splitting field of x3 + x2 + 1 ∈ Z2 [x]. Prove or disprove that K
     is an extension by radicals.
 17. Let F be a field such that √ char F 6= 2. Prove that the splitting field of
     f (x) = ax2 + bx + c is F ( α ), where α = b2 − 4ac.
 18. Prove or disprove: Two different subgroups of a Galois group will have different
     fixed fields.
 19. Let K be the splitting field of a polynomial over F . If E is a field extension
     of F contained in K and [E : F ] = 2, then E is the splitting field of some
     polynomial in F [x].
 20. We know that the cyclotomic polynomial
                                  xp − 1
                       Φp (x) =          = xp−1 + xp−2 + · · · + x + 1
                                  x−1
     is irreducible over Q for every prime p. Let ω be a zero of Φp (x), and consider
     the field Q(ω).
398                                           CHAPTER 23          GALOIS THEORY

       (a) Show that ω, ω 2 , . . . , ω p−1 are distinct zeros of Φp (x), and conclude that
           they are all the zeros of Φp (x).
      (b) Show that G(Q(ω)/Q) is abelian of order p − 1.
       (c) Show that the fixed field of G(Q(ω)/Q) is Q.
 21. Let F be a finite field or a field of characteristic zero. Let E be a finite normal
     extension of F with Galois group G(E/F ). Prove that F ⊂ K ⊂ L ⊂ E if
     and only if {id} ⊂ G(E/L) ⊂ G(E/K) ⊂ G(E/F ).
 22. Let F be a field of characteristic zero and let f (x) ∈ F [x] be a separable
     polynomial of degree n. If E is Q
                                     the splitting field of f (x), let α1 , . . . , αn be
     the roots of f (x) in E. Let ∆ = i<j (αi − αj ). We define the discriminant
     of f (x) to be ∆2 .
       (a) If f (x) = x2 + bx + c, show that ∆2 = b2 − 4c.
      (b) If f (x) = x3 + px + q, show that ∆2 = −4p3 − 27q 2 .
       (c) Prove that ∆2 is in F .
      (d) If σ ∈ G(E/F ) is a transposition of two roots of f (x), show that
          σ(∆) = − ∆.
       (e) If σ ∈ G(E/F ) is an even permutation of the roots of f (x), show that
           σ(∆) = ∆.
       (f) Prove that G(E/F ) is isomorphic to a subgroup of An if and only if
           ∆ ∈ F.
       (g) Determine the Galois groups of x3 + 2x − 4 and x3 + x − 3.

References and Suggested Readings
 [1] Artin, E. Theory: Lectures Delivered at the University of Notre Dame (Notre
     Dame Mathematical Lectures, Number 2). Dover, Mineola, NY, 1997.
 [2] Edwards, H. M. Galois Theory. Springer-Verlag, New York, 1984.
 [3] Fraleigh, J. B. A First Course in Abstract Algebra. 7th ed. Pearson, Upper
     Saddle River, NJ, 2003.
 [4] Gaal, L. Classical Galois Theory with Examples. American Mathematical
     Society, Providence, 1979.
 [5] Garling, D. J. H. A Course in Galois Theory. Cambridge University Press,
     Cambridge, 1986.
 [6] Kaplansky, I. Fields and Rings. 2nd ed. University of Chicago Press, Chicago,
     1972.
 [7] Rothman, T. “The Short Life of Évariste Galois,” Scientific American, April
     1982, 136–49.
EXERCISES                                                             399

Sage Fields, field extensions, roots of polynomials, and group theory —
Sage has it all, and so it is possible to carefully study very complicated
examples from Galois theory with Sage.
400   CHAPTER 23   GALOIS THEORY
                    Hints and Solutions



Chapter 1. Preliminaries
  1. (a) {2}. (b) {5}.
  2. (a) {(a, 1), (a, 2), (a, 3), (b, 1), (b, 2), (b, 3), (c, 1), (c, 2), (c, 3)}.
     (d) ∅.
  6. If x ∈ A ∪ (B ∩ C), then either x ∈ A or x ∈ B ∩ C ⇒ x ∈ A ∪ B and A ∪ C ⇒
     x ∈ (A ∪ B) ∩ (A ∪ C) ⇒ A ∪ (B ∩ C) ⊂ (A ∪ B) ∩ (A ∪ C).
     Conversely, x ∈ (A ∪ B) ∩ (A ∪ C) ⇒ x ∈ A ∪ B and A ∪ C ⇒ x ∈
     A or x is in both B and C⇒ x ∈ A∪(B∩C) ⇒ (A∪B)∩(A∪C) ⊂ A∪(B∩C).
     Hence, A ∪ (B ∩ C) = (A ∪ B) ∩ (A ∪ C).
 10. (A ∩ B) ∪ (A \ B) ∪ (B \ A) = (A ∩ B) ∪ (A ∩ B 0 ) ∪ (B ∩ A0 ) = [A ∩ (B ∪
     B 0 )] ∪ (B ∩ A0 ) = A ∪ (B ∩ A0 ) = (A ∪ B) ∩ (A ∪ A0 ) = A ∪ B.
 14. A \ (B ∪ C) = A ∩ (B ∪ C)0 = (A ∩ A) ∩ (B 0 ∩ C 0 ) = (A ∩ B 0 ) ∩ (A ∩ C 0 ) =
     (A \ B) ∩ (A \ C).
 17. (a) Not a map. f (2/3) is undefined.
     (c) Not a map. f (1/2) = 3/4 and f (2/4) = 3/8.
 18. (a) One-to-one but not onto. f (R) = {x ∈ R : x > 0}.
     (c) Neither one-to-one nor onto.
 20. (a) f (n) = n + 1.
 22. (a) Let x, y ∈ A. Then g(f (x)) = (g ◦ f )(x) = (g ◦ f )(y) = g(f (y)) ⇒ f (x) =
     f (y) ⇒ x = y, so g ◦ f is one-to-one.
     (b) Let c ∈ C, then c = (g ◦ f )(x) = g(f (x)) for some x ∈ A. Since f (x) ∈ B,
     g is onto.
 23. f −1 (x) = (x + 1)/(x − 1).
 24. (a) Let y ∈ f (A1 ∪ A2 ) ⇒ there exists an x ∈ A1 ∪ A2 such that f (x) = y ⇒
     y ∈ f (A1 ) or f (A2 ) ⇒ y ∈ f (A1 ) ∪ f (A2 ) ⇒ f (A1 ∪ A2 ) ⊂ f (A1 ) ∪ f (A2 ).



                                               401
402                                                   HINTS AND SOLUTIONS

      Conversely, let y ∈ f (A1 ) ∪ f (A2 ) ⇒ y ∈ f (A1 ) or f (A2 ) ⇒ there exists
      an x ∈ A1 or there exists an x ∈ A2 such that f (x) = y ⇒ there exists an
      x ∈ A1 ∪ A2 such that f (x) = y ⇒ f (A1 ) ∪ f (A2 ) ⊂ f (A1 ∪ A2 ). Hence,
      f (A1 ∪ A2 ) = f (A1 ) ∪ f (A2 ).
 25. (a) Not an equivalence relation. Fails to be symmetric.
     (b) Not an equivalence relation. Fails to be reflexive since 0 is not equivalent
     to itself.
     (c) Not an equivalence relation. Fails to be transitive.
                   √
 28. Let X = N ∪ { 2 } and define x ∼ y if x + y ∈ N.

Chapter 2. The Integers
  1. S(1) : [1(1 + 1)(2(1) + 1)]/6 = 1 = 12 is true. Assume S(k) : 12 + 22 + · · · +
     k 2 = [k(k + 1)(2k + 1)]/6 is true. Then 12 + 22 + · · · + k 2 + (k + 1)2 =
     [k(k + 1)(2k + 1)]/6 + (k + 1)2 = [(k + 1)((k + 1) + 1)(2(k + 1) + 1)]/6, so
     S(k + 1) is true. Thus S(n) is true for all positive integers n.
  3. S(4) : 4! = 24 > 16 = 24 is true. Assume S(k) : k! > 2k is true. Then
     (k + 1)! = k!(k + 1) > 2k · 2 = 2k+1 , so S(k + 1) is true. Thus S(n) is true for
     all positive integers n.
  8. Look at the proof in Example 3.
 11. S(0) : (1 + x)0 − 1 = 0 ≥ 0 = 0 · x is true. Assume S(k) : (1 + x)k − 1 ≥ kx is
     true. Then (1 + x)k+1 − 1 = (1 + x)(1 + x)k − 1 = (1 + x)k + x(1 + x)k − 1 ≥
     kx + x(1 + x)k ≥ kx + x = (k + 1)x, so S(k + 1) is true. Thus S(n) is true
     for all positive integers n.
 15. (a) (14)14 + (−5)39 = 1.
     (c) (3709)1739 + (−650)9923 = 1.
     (e) (881)23771 + (−1050)19945 = 1.
 17. (b) Use mathematical induction. (c) Show that f1 = 1, f2 = 1, and fn+2 =
     fn+1 + fn . (d) Use part (c). (e) Use part (b) and Problem 16.
 19. Use the Fundamental Theorem of Arithmetic.
 23. Let S = {s ∈ N : a | s, b | s}. S 6= ∅, since |ab| ∈ S. By the Principle of
     Well-Ordering, S contains a least element m. To show uniqueness, suppose
     that a | n and b | n for some n ∈ N. By the division algorithm, there exist
     unique integers q and r such that n = mq + r, where 0 ≤ r < m. a | m, b | m,
     a | n, b | n ⇒ a | r, b | r ⇒ r = 0 by the minimality of m. Therefore, m | n.
 27. Since gcd(a, b) = 1, there exist integers r and s such that ar + bs = 1 ⇒
     acr + bcs = c. Since a | a and a | bc, a | c.
HINTS AND SOLUTIONS                                                                                     403

 29. Every prime number greater than 3, must be of the form 6n ± 1 for some
     n ∈ N. Suppose that there are only a finite number of primes of the form
     6n + 1,
                   p1 = 6n1 + 1, p2 = 6n2 + 1, . . . , pk = 6nk + 1.
       Let p = p1 p2 · · · pk + 1. Then p must be of the form 6m + 1 for some m ∈ N.
       Since p is not divisible by any prime of the form 6n − 1 or p1 , p2 , . . . , pk , it
       must be prime which contradicts the fact that the only primes of the form
       6n + 1 are p1 , p2 , . . . , pk .

Chapter 3. Groups
  1. (a) {. . . , −4, 3, 10, . . .}. (c) {. . . , −8, 18, 44, . . .}. (e) {. . . , −1, 5, 11, . . .}.
  2. (a) Not a group. (c) A group.
  6.     ·     1      5     7     11
         1     1      5     7     11
         5     5      1     11     7
         7     7     11      1     5
        11    11     7      5     1
  8. Pick two matrices. Almost any pair will work.
 15. There is a group of order 6 that is nonabelian.
 16. Look at the symmetry group of an equilateral triangle or a square.
 17. There are actually five different groups of order 8.
 18. Let                                                               
                                                  1    2    ···    n
                                        σ=
                                                  a1   a2   ···    an
       be in Sn . All of the ai ’s must be distinct. There are n ways to choose a1 ,
       n − 1 ways to choose a2 , . . ., 2 ways to choose an−1 , and only one way to
       choose an . Therefore, we can form σ in n(n − 1) · · · 2 · 1 = n! ways.
 25. (aba−1 )n = (aba−1 )(aba−1 ) · · · (aba−1 ) = ab(aa−1 )b(aa−1 )b · · · (aa−1 )ba−1 =
     abn a−1 .
 31. abab = (ab)2 = e = a2 b2 = aabb ⇒ ba = ab.
 35. H1 = {id}, H2 = {id, ρ1 , ρ2 }, H3 = {id, µ1 }, H4 = {id, µ2 }, H5 = {id, µ3 },
     S3 .
                    √           √         √                              √
 41. id = 1√ = −1
               1 + 0 2, (a + b 2 )(c √ + d 2 ) = (ac + 2bd) + (ad + bc) 2, and
     (a + b 2 ) = a/(a2 − 2b2 ) − b 2/(a2 − 2b2 ).
 46. Not a subgroup. Look at S3 .
 49. a4 b = ba ⇒ b = a6 b = a2 ba ⇒ ab = a3 ba = ba.
404                                                             HINTS AND SOLUTIONS

Chapter 4. Cyclic Groups
  1. (a) False. (c) False. (e) True.
  2. (a) 12. (c) Infinite. (e) 10.
  3. (a) 7Z = {. . . , −7, 0, 7, 14, . . .}. (b) {0, 3, 6, 9, 12, 15, 18, 21}.
     (c) {0}, {0, 6}, {0, 4, 8}, {0, 3, 6, 9}, {0, 2, 4, 6, 8, 10}.
     (g) {1, 3, 7, 9}. (j) {1, −1, i, −i}.
                                                                    
  4. (a)                 1 0        −1 0             0 −1           0 1
                                 ,               ,              ,            .
                         0 1          0 −1           1 0           −1 0
                                                             
      (c)                               1   0    1   −1    −1    1
                                              ,          ,          ,
                                        0   1    1    0    −1    0
                                                               
                                     0      1    0   −1    −1     0
                                              ,          ,            .
                                    −1      1    1   −1     0    −1

 10. (a) 0, 1, −1. (b) 1, −1.
 11. 1, 2, 3, 4, 6, 8, 12, 24.
 15. (a) 3i − 3. (c) 43 − 18i. (e) i.
         √
 16. (a) 3 + i. (c) −3.
         √                   √
 17. (a) 2 cis(7π/4). (c) 2 2 cis(π/4). (e) 3 cis(3π/2).
                               √
 18. (a) (1 − i)/2. (c) 16(i − 3 ). (e) −1/4.
 22. (a) 292. (c) 1523.
 27. |hgi ∩ hhi| = 1.
 31. The identity element in any group has finite order. Let g, h ∈ G have orders
     m and n, respectively. Since (g −1 )m = e and (gh)mn = e, the elements of
     finite order in G form a subgroup of G.
 37. If g is an element distinct from the identity in G, g must generate G; otherwise,
     hgi is a nontrivial proper subgroup of G.

Chapter 5. Permutation Groups
  1. (a) (12453). (c) (13)(25).
  2. (a) (135)(24). (c) (14)(23). (e) (1324). (g) (134)(25). (n) (17352).
  3. (a) (16)(15)(13)(14). (c) (16)(14)(12).
  4. (a1 , an , an−1 , . . . , a2 ).
  5. (a) {(13), (13)(24), (132), (134), (1324), (1342)}. Not a subgroup.
HINTS AND SOLUTIONS                                                                           405

  8. (12345)(678).
 11. Permutations of the form (1), (a1 , a2 )(a3 , a4 ), (a1 , a2 , a3 ), (a1 , a2 , a3 , a4 , a5 )
     are possible for A5 .
 17. (123)(12) = (13) 6= (23) = (12)(123).
 25. Use the fact that (ab)(bc) = (abc) and (ab)(cd) = (abc)(bcd).
 30. (a) Show that στ σ −1 (i) = (σ(a1 ), σ(a2 ), . . . , σ(ak ))(i) for 1 ≤ i ≤ n.

Chapter 6. Cosets and Lagrange’s Theorem
  1. The order of g and the order h must both divide the order of G. The smallest
     number that 5 and 7 both divide is lcm(5, 7) = 35.
  2. 1, 2, 3, 4, 5, 6, 10, 12, 15, 20, 30, 60.
  3. False.
  4. False.
  5. (a)                H       = {0, 8, 16}          4+H        = {4, 12, 20}
                      1+H       = {1, 9, 17}          5+H        = {5, 13, 21}
                      2+H       = {2, 10, 18}         6+H        = {6, 14, 22}
                      3+H       = {3, 11, 19}         7+H        = {7, 15, 23}.


     (c)                             3Z = {. . . , −3, 0, 3, 6, . . .}
                                1 + 3Z = {. . . , −2, 1, 4, 7, . . .}
                                2 + 3Z = {. . . , −1, 2, 5, 8, . . .}.

  7. 4φ(15) ≡ 48 ≡ 1 (mod 15).
 12. Let g1 ∈ gH. Then there exists an h ∈ H such that g1 = gh = ghg −1 g ⇒
     g1 ∈ Hg ⇒ gH ⊂ Hg. Similarly, Hg ⊂ gH. Therefore, gH = Hg.
          / H, then a−1 ∈
 17. If a ∈             / H ⇒ a−1 ∈ aH = a−1 H = bH ⇒ there exist h1 , h2 ∈ H
     such that a h1 = bh2 ⇒ ab = h1 h−1
                 −1
                                     2 ∈ H.


Chapter 7. Introduction to Cryptography
  1. LAORYHAPDWK.
  3. Hint: Q = E, F = X, A = R.
  4. 26! − 1.
  7. (a) 2791. (c) 112135 25032 442.
  9. (a) 31. (c) 14.
 10. (a) n = 11 · 41. (c) n = 8779 · 4327.
406                                                     HINTS AND SOLUTIONS

Chapter 8. Algebraic Coding Theory
  2. (0000) ∈
            / C.
  3. (a) 2. (c) 2.
  4. (a) 3. (c) 4.
  6. (a) dmin = 2. (c) dmin = 1.
  7. (a) (00000), (00101), (10011), (10110)
                                                  
                                         0        1
                                       0         0
                                                  
                                       1
                                     G=          0
                                                   .
                                       0         1
                                         1        1

      (b) (00000), (010111), (101101), (111010)
                                                  
                                             1    0
                                           0     1
                                                  
                                           1     0
                                      G=  1
                                                   .
                                                 1
                                                   
                                           0     1
                                             1    1

  9. Multiple errors occur in one of the received words.
 11. (a) A canonical parity-check matrix with standard generator matrix
                                           
                                            1
                                          1
                                           
                                    G=   0 .
                                             
                                          0
                                            1

      (c) A canonical parity-check matrix with standard generator matrix
                                               
                                           1 0
                                         0 1
                                    G=  1 1 .
                                                

                                           1 0

 12. (a) All possible syndromes occur.
 15. (a) The cosets of C are
HINTS AND SOLUTIONS                                                             407

                                                        Cosets
                           C              (00000)   (00101) (10011)   (10110)
                      (10000)   +   C     (10000)   (10101) (00011)   (00110)
                      (01000)   +   C     (01000)   (01101) (11011)   (11110)
                      (00100)   +   C     (00100)   (00001) (10111)   (10010)
                      (00010)   +   C     (00010)   (00111) (10001)   (10100)
                      (11000)   +   C     (11000)   (11101) (01011)   (01110)
                      (01100)   +   C     (01100)   (01001) (11111)   (11010)
                      (01010)   +   C     (01010)   (01111) (11001)   (11100)

     A decoding table does not exist for C since it is only single error-detecting.
 19. Let x ∈ C have odd weight and define a map from the set of odd codewords
     to the set of even codewords by y 7→ x + y. Show that this map is a bijection.
 23. For 20 information positions, at least six check bits are needed to ensure an
     error-correcting code.

Chapter 9. Isomorphisms
  1. The group nZ is an infinite cyclic group generated by n. Every infinite cyclic
     group is isomorphic to Z.
  2. Define φ : C∗ → GL2 (R) by
                                                            
                                                      a    b
                                        φ(a + bi) =            .
                                                      −b   a

  3. False.
  6. Define a map from Zn into the nth roots of unity by k 7→ cis(2kπ/n).
  8. Assume that Q is cyclic and try to find a generator.
 11. D4 , Q8 , Z8 , Z2 × Z4 , Z2 × Z2 × Z2 .
 16. (a) 12. (c) 5.
 20. True.
 25. Z2 × Z2 × Z13 is not cyclic.
 27. Let a be a generator for G. If φ : G → H is an isomorphism, show that φ(a)
     is a generator for H.
 38. Any automorphism of Z6 must send 1 to another generator of Z6 .
 45. To show that φ is one-to-one, let g1 = h1 k1 and g2 = h2 k2 . Then φ(g1 ) =
     φ(g2 ) ⇒ φ(h1 k1 ) = φ(h2 k2 ) ⇒ (h1 , k1 ) = (h2 , k2 ) ⇒ h1 = h2 , k1 = k2 ⇒
     g1 = g2 .
408                                                        HINTS AND SOLUTIONS

Chapter 10. Normal Subgroups and Factor Groups
  1. (a)                A4      (12)A4
               A4       A4      (12)A4
            (12) A4 (12)A4          A4
       (c) D4 is not normal in S4 .
  8. If a ∈ G is a generator for G, then aH is a generator for G/H.
 12. Since eg = ge for all g ∈ G, the identity is in C(g). If x, y ∈ C(g), then xyg =
     xgy = gxy ⇒ xy ∈ C(g). If xg = gx, then x−1 g = gx−1 ⇒ x−1 ∈ C(g) ⇒
     C(g) is a subgroup of G. If hgi is normal in G, then g1 xg1−1 g = gg1 xg1−1 for
     all g1 ∈ G.
 14. (a) Let g ∈ G and h ∈ G0 . If h = aba−1 b−1 , then ghg −1 = gaba−1 b−1 g −1 =
     (gag −1 )(gbg −1 )(ga−1 g −1 )(gb−1 g −1 ) = (gag −1 )(gbg −1 )(gag −1 )−1 (gbg −1 )−1 .
     We also need to show that if h = h1 · · · hn with hi = ai bi a−1     −1
                                                                       i bi , then ghg
                                                                                         −1
                                                                    −1                −1
     is a product of elements of the same type. However, ghg = gh1 · · · hn g =
     (gh1 g −1 )(gh2 g −1 ) · · · (ghn g −1 ).

Chapter 11. Homomorphisms
  2. (a) A homomorphism. (c) Not a homomorphism.
  4. φ(m + n) = 7(m + n) = 7m + 7n = φ(m) + φ(n). The kernel of φ is {0} and
     the image of φ is 7Z.
  5. For any homomorphism φ : Z24 → Z18 , the kernel of φ must be a subgroup of
     Z24 and the image of φ must be a subgroup of Z18 .
  9. Let a, b ∈ G. Then φ(a)φ(b) = φ(ab) = φ(ba) = φ(b)φ(a).

Chapter 12. Matrix Groups and Symmetry

         1                       1
           kx + yk2 + kxk2 − kyk2 =    hx + y, x + yi − kxk2 − kyk2
                                                                    
  1.
         2                          2
                                    1
                                       kxk2 + 2hx, yi + kyk2 − kxk2 − kyk2
                                                                           
                                  =
                                    2
                                  = hx, yi.

  3. (a) An element of SO(2). (c) Not in O(3).
  5. (a) hx, yi = x1 y1 + · · · + xn yn = y1 x1 + · · · + yn xn = hy, xi.
  7. Use the unimodular matrix                      
                                                5   2
                                                       .
                                                2   1

 10. Show that the kernel of the map det : O(n) → R∗ is SO(n).
HINTS AND SOLUTIONS                                                            409

 13. True.
 17. p6m.

Chapter 13. The Structure of Groups
  1. Since 40 = 23 · 5, the possible abelian groups of order 40 are Z40 ∼
                                                                        = Z8 × Z5 ,
     Z5 × Z4 × Z2 , and Z5 × Z2 × Z2 × Z2 .
  4. (a) {0} ⊂ h6i ⊂ h3i ⊂ Z12 .
     (e) {((1), 0)} ⊂ {(1), (123), (132)} × {0} ⊂ S3 × {0} ⊂ S3 × h2i ⊂ S3 × Z4 .
  7. Use the Fundamental Theorem of Finitely Generated Abelian Groups.
 12. If N and G/N are solvable, then they have solvable series

                       N = Nn ⊃ Nn−1 ⊃ · · · ⊃ N1 ⊃ N0 = {e}
                  G/N = Gn /N ⊃ Gn−1 /N ⊃ · · · G1 /N ⊃ G0 /N = {N }.

     The series

       G = Gn ⊃ Gn−1 ⊃ · · · ⊃ G0 = N = Nn ⊃ Nn−1 ⊃ · · · ⊃ N1 ⊃ N0 = {e}

    is a subnormal series. The factors of this series are abelian since Gi+1 /Gi ∼
                                                                                 =
    (Gi+1 /N )/(Gi /N ).
 16. Use the fact that Dn has a cyclic subgroup of index 2.
 21. G/G0 is abelian.

Chapter 14. Group Actions
  1. Example 1. 0, R2 \ {0}.
     Example 2. X = {1, 2, 3, 4}.
  2. (a) X(1) = {1, 2, 3}, X(12) = {3}, X(13) = {2}, X(23) = {1}, X(123) = X(132) =
     ∅. G1 = {(1), (23)}, G2 = {(1), (13)}, G3 = {(1), (12)}.
  3. (a) O1 = O2 = O3 = {1, 2, 3}.
  6. (a) O(1) = {(1)}, O(12) = {(12), (13), (14), (23), (24), (34)},
     O(12)(34) = {(12)(34), (13)(24), (14)(23)},
     O(123) = {(123), (132), (124), (142), (134), (143), (234), (243)},
     O(1234) = {(1234), (1243), (1324), (1342), (1423), (1432)}.
     The class equation is 1 + 3 + 6 + 6 + 8 = 24.
  8. (34 + 31 + 32 + 31 + 32 + 32 + 33 + 33 )/8 = 21.
410                                                      HINTS AND SOLUTIONS

 11. The group of rigid motions of the cube can be described by the allowable
     permutations of the six faces and is isomorphic to S4 . There are the identity
     cycle, 6 permutations with the structure (abcd) that correspond to the quarter
     turns, 3 permutations with the structure (ab)(cd) that correspond to the half
     turns, 6 permutations with the structure (ab)(cd)(ef ) that correspond to
     rotating the cube about the centers of opposite edges, and 8 permutations
     with the structure (abc)(def ) that correspond to rotating the cube about
     opposite vertices. Thus, there are
                    1
                       (1 · 36 + 6 · 33 + 3 · 34 + 6 · 33 + 8 · 32 )/24 = 57.
                    24
      possible colorings.
 15. (1 · 26 + 3 · 24 + 4 · 23 + 2 · 22 + 2 · 21 )/12 = 13.
 17. (1 · 28 + 3 · 26 + 2 · 24 )/6 = 80.
 22. x ∈ gC(a)g −1 ⇐⇒ g −1 xg ∈ C(a) ⇐⇒ ag −1 xg = g −1 xga ⇐⇒ gag −1 x =
     xgag −1 ⇐⇒ x ∈ C(gag −1 ).

Chapter 15. The Sylow Theorems
  1. If |G| = 18 = 2 · 32 , then   the order of a Sylow 2-subgroup is 2, and the order
     of a Sylow 3-subgroup is      9.
     If |G| = 54 = 2 · 33 , then   the order of a Sylow 2-subgroup is 2, and the order
     of a Sylow 3-subgroup is      27.
  2. The four Sylow 3-subgroups of S4 are
     P1 = {(1), (123), (132)},
     P2 = {(1), (124), (142)},
     P3 = {(1), (134), (143)},
     P4 = {(1), (234), (243)}.
  5. Since |G| = 96 = 25 · 3, G has either one or three Sylow 2-subgroups by the
     Third Sylow Theorem. If there is only one subgroup, we are done. If there
     are three Sylow 2-subgroups, let H and K be two of them. |H ∩ K| ≥ 16;
     otherwise, HK would have (32 · 32)/8 = 128 elements, which is impossible.
     H ∩ K is normal in both H and K since it has index 2 in both groups. Hence,
     N (H ∩ K) contains both H and K. Therefore, |N (H ∩ K)| must be a multiple
     of 32 greater than 1 and still divide 96, so N (H ∩ K) = G.
  8. G has a Sylow q-subgroup of order q 2 . Since the number of such subgroups is
     congruent to 1 modulo q and divides p2 q 2 , there must be either 1, p, or p2
     Sylow q-subgroups. Since q6 |p2 − 1 = (p − 1)(p + 1), there can be only one
     Sylow q-subgroup, say Q. Similarly, we can show that there is a single Sylow
     p-subgroup P . Every element in Q other than the identity has order q or q 2 ,
     so P ∩ Q = {e}. Now show that hk = kh for h ∈ P and k ∈ Q. Deduce that
     G = P × Q is abelian.
HINTS AND SOLUTIONS                                                                        411

 10. False.
 17. If G is abelian, then G is cyclic, since |G| = 3 · 5 · 17. Now look at Example 5.
 23. Define a mapping between the right cosets of N (H) in G and the conjugates
     of H in G by N (H)g 7→ g −1 Hg. Prove that this map is a bijection.
 26. Let aG0 , bG0 ∈ G/G0 . Then (aG0 )(bG0 ) = abG0 = ab(b−1 a−1 ba)G0 =
     (abb−1 a−1 )baG0 = baG0 .

Chapter 16. Rings
                                             √
  1. (a) 7Z is a ring but not a field. (c) Q( 2 ) is a field. (f) R is not a ring.
  3. (a) {1, 3, 7, 9}.   (c) {1, 2, 3, 4, 5, 6}.
     (e)                                                           
                    1    0    1     1    1         0   0   1    1   1     0   1
                           ,          ,              ,        ,        ,          .
                    0    1    0     1    1         1   1   0    1   0     1   1

  4. (a) {0}, {0, 9}, {0, 6, 12}, {0, 3, 6, 9, 12, 15}, {0, 2, 4, 6, 8, 10, 12, 14, 16}.
     (c) There are no nontrivial ideals.
  7. Assume there is an isomorphism φ : C → R with φ(i) = a.
                                                   √         √
       √ Assume there is an isomorphism φ : Q( 2 ) → Q( 3 ) such that
  8. False.
     φ( 2 ) = a.
 13. (a) x ≡ 17 (mod 55). (c) x ≡ 214 (mod 2772).
 16. If I 6= {0}, show that 1 ∈ I.
 19. (a) φ(a)φ(b) = φ(ab) = φ(ba) = φ(b)φ(a).
 27. Let a ∈ R with a 6= 0. The principal ideal generated by a is R ⇒ there exists
     a b ∈ R such that ab = 1.
 29. Compute (a + b)2 and (−ab)2 .
 35. Let a/b, c/d ∈ Z(p) . Then a/b + c/d = (ad + bc)/bd and (a/b) · (c/d) =
     (ac)/(bd) are both in Z(p) , since gcd(bd, p) = 1.
 39. Suppose that x2 = x and x 6= 0. Since R is an integral domain, x = 1. To
     find a nontrivial idempotent, look in M2 (R).

Chapter 17. Polynomials
  2. (a) 9x2 + 2x + 5. (b) 8x4 + 7x3 + 2x2 + 7x.
  3. (a) 5x3 + 6x2 − 3x + 4 = (5x2 2x + 1)(x − 2) + 6.
     (c) 4x5 − x3 + x2 + 4 = (4x2 + 4)(x3 + 3) + 4x2 + 2.
  5. (a) No zeros in Z12 . (c) 3, 4.
412                                                    HINTS AND SOLUTIONS

  7. (2x + 1)2 = 1.
  8. (a) Reducible. (c) Irreducible.
 10. x2 + x + 8 = (x + 2)(x + 9) = (x + 7)(x + 4).
 13. Z is not a field.
 14. False. x2 + 1 = (x + 1)(x + 1).
 16. Let φ : R → S be an isomorphism. Define φ : R[x] → S[x] by φ(a0 + a1 x +
     · · · + an xn ) = φ(a0 ) + φ(a1 )x + · · · + φ(an )xn .
 20. Define g(x) by g(x) = Φp (x + 1) and show that g(x) is irreducible over Q.
 26. Find a nontrivial proper ideal in F [x].

Chapter 18. Integral Domains
                    √               √                        √
  1. z −1 = 1/(a + b 3 i) = (a − b 3 i)/(a2 + 3b2 ) is in Z[ 3 i] if and only if
     a2 + 3b2 = 1. The only integer solutions to the equation are a = ±1, b = 0.
  2. (a) 5 = 1 + 2i)(1 − 2i). (c) 6 + 8i = (−1 + 7i)(1 − i).
  4. True.
  9. Let z = a + bi and w = c + di 6= 0 be in Z[i]. Prove that z/w ∈ Q(i).
 15. Let a = ub with u a unit. Then ν(b) ≤ ν(ub) ≤ ν(a). Similarly, ν(a) ≤ ν(b).
 16. Show that 21 can be factored in two different ways.

Chapter 19. Lattices and Boolean Algebras
  2.

                                           30


                                           10      15


                                   2       5       3


                                           1

  5. False.
  6. (a) (a ∨ b ∨ a0 ) ∧ a.
HINTS AND SOLUTIONS                                                                   413

                                                a

                                                b            a

                                                a0

     (c) a ∨ (a ∧ b).

                                                a        b



                                                     a

  8. Not equivalent.
 10. a0 ∧ [(a ∧ b0 ) ∨ b] = a ∧ (a ∨ b).
 15. Let I, J be ideals in R. We need to show that I +J = {r+s : r ∈ I and s ∈ J}
     is the smallest ideal in R containing both I and J. If r1 , r2 ∈ I and s1 , s2 ∈ J,
     then (r1 + s1 ) + (r2 + s2 ) = (r1 + r2 ) + (s1 + s2 ) is in I + J. For a ∈ R,
     a(r1 + s1 ) = ar1 + as1 ∈ I + J; hence, I + J is an ideal in R.
 19. (a) No.
 21. (⇒). a = b ⇒ (a ∧ b0 ) ∨ (a0 ∧ b) = (a ∧ a0 ) ∨ (a0 ∧ a) = O ∨ O = O.
     (⇐). (a∧b0 )∨(a0 ∧b) = O ⇒ a∨b = (a∨a)∨b = a∨(a∨b) = a∨[I ∧(a∨b)] =
     a∨[(a∨a0 )∧(a∨b)] = [a∨(a∧b0 )]∨[a∨(a0 ∧b)] = a∨[(a∧b0 )∨(a0 ∧b)] = a∨0 = a.
     A symmetric argument shows that a ∨ b = b.

Chapter 20. Vector Spaces
       √ √                  √ √ √
  3. Q( 2, 3 ) has basis {1, 2, 3, 6 } over Q.
  5. Pn has basis {1, x, x2 , . . . , xn−1 }.
  7. (a) Subspace of dimension 2 with basis {(1, 0, −3), (0, 1, 2)}.
     (d) Not a subspace.
 10. 0 = α0 = α(−v + v) = α(−v) + αv ⇒ −αv = α(−v).
 12. Let v0 = 0, v1 , . . . , vn ∈ V and α0 =
                                            6 0, α1 , . . . , αn ∈ F . Then α0 v0 + · · · +
     αn vn = 0.
 15. (a) Let u, v ∈ ker(T ) and α ∈ F . Then

                                  T (u + v) = T (u) + T (v) = 0
                                   T (αv) = αT (v) = α0 = 0.

     Hence, u + v, αv ∈ ker(T ) ⇒ ker(T ) is a subspace of V .
     (c) T (u) = T (v) ⇔ T (u − v) = T (u) − T (v) = 0 ⇔ u − v = 0 ⇔ u = v.
414                                                        HINTS AND SOLUTIONS

 17. (a) Let u, u0 ∈ U and v, v 0 ∈ V . Then

                     (u + v) + (u0 + v 0 ) = (u + u0 ) + (v + v 0 ) ∈ U + V
                               α(u + v) = αu + αv ∈ U + V.

Chapter 21. Fields
  1. (a) x4 − 23 x2 − 62        4    2
                       9 . (c) x − 2x + 25.
            √ √ √                    √ √
  2. (a) {1, 2, 3, 6 }. (c) {1, i, 2, 2 i}. (e) {1, 21/6 , 21/3 , 21/2 , 22/3 , 25/6 }.
            √ √
  3. (a) Q( 3, 7 ).
  5. Use the fact that the elements of Z2 [x]/hx3 + x + 1i are 0, 1, α, 1 + α, α2 ,
     1 + α2 , α + α2 , 1 + α + α2 and the fact that α3 + α + 1 = 0.
  8. False.
 14. Suppose that E is algebraic over F and K is algebraic over E. Let α ∈
     K. It suffices to show that α is algebraic over some finite extension of
     F . Since α is algebraic over E, it must be the zero of some polynomial
     p(x) = β0 + β1 x + · · · + βn xn in E[x]. Hence α is algebraic over F (β0 , . . . , βn ).
        √ √            √       √               √ √ √                            √ √
 22. Q( 3, 7 ) ⊃ Q( √    3 +√ 7 ) since {1, 3,√ 7, √    21 } is a basis for Q( 3, 7 )
     over Q. Since [Q( 3, 7 ) : Q] = 4,√[Q( √3 + 7 ) :√Q] =       √ 2 or 4. √Since√the
     degree of the minimal polynomial of 3 + 7 is 4, Q( 3, 7 ) = Q( 3 + 7 ).
 27. Let β ∈ F (α) not in F . Then β = p(α)/q(α), where p and q are polynomials in
     α with q(α) 6= 0 and coefficients in F . If β is algebraic over F , then there exists
     a polynomial f (x) ∈ F [x] such that f (β) = 0. Let f (x) = a0 +a1 x+· · ·+an xn .
     Then
                                                                          n
                             p(α)                  p(α)                   p(α)
            0 = f (β) = f           = a0 + a1              + · · · + an           .
                             q(α)                  q(α)                   q(α)

      Now multiply both sides by q(α)n to show that there is a polynomial in F [x]
      that has α as a zero.

Chapter 22. Finite Fields
  1. (a) 2. (c) 2.
  4. There are eight elements in Z2 (α). Exhibit two more zeros of x3 + x2 + 1
     other than α in these eight elements.
  5. Find an irreducible polynomial p(x) in Z3 [x] of degree 3 and show that
     Z3 [x]/hp(x)i has 27 elements.
  7. (a) x5 − 1 = (x + 1)(x4 + x3 + x2 + x + 1).
     (c) x9 − 1 = (x + 1)(x2 + x + 1)(x6 + x3 + 1).
HINTS AND SOLUTIONS                                                                           415

  8. True.
 11. (a) Use the fact that x7 − 1 = (x + 1)(x3 + x + 1)(x3 + x2 + 1).
 12. False.
 17. If p(x) ∈ F [x], then p(x) ∈ E[x].
 18. Since α is algebraic over F of degree n, we can write any element β ∈ F (α)
     uniquely as β = a0 + a1 α + · · · + an−1 αn−1 with ai ∈ F . There are q n possible
     n-tuples (a0 , a1 , . . . , an−1 ).
 24. Factor xp−1 − 1 over Zp .

Chapter 23. Galois Theory
  1. (a) Z2 . (c) Z2 × Z2 × Z2 .
  2. (a) Separable. (c) Not separable.
  3. [GF(729) : GF(9)] = [GF(729) : GF(3)]/[GF(9) : GF(3)] = 6/2 = 3 ⇒
     G(GF(729)/GF(9)) ∼ = Z3 . A generator for G(GF(729)/GF(9)) is σ, where
                 6
     σ36 (α) = α3 = α729 for α ∈ GF(729).
  4. (a) S5 . (c) S3 .
  5. (a) Q(i).
  7. Let E be the splitting field of a cubic polynomial in F [x]. Show that [E : F ]
     is less than or equal to 6 and is divisible by 3. Since G(E/F ) is a subgroup of
     S3 whose order is divisible by 3, conclude that this group must be isomorphic
     to Z3 or S3 .
  9. G is a subgroup of Sn .
 16. True.
 20. (a) Clearly ω, ω 2 , . . . , ω p−1 are distinct since ω 6= 1 or 0. To show that ω i is
     a zero of Φp , calculate Φp (ω i ).
     (b) The conjugates of ω are ω, ω 2 , . . . , ω p−1 . Define a map φi : Q(ω) → Q(ω i )
     by

              φi (a0 + a1 ω + · · · + ap−2 ω p−2 ) = a0 + a1 ω i + · · · + cp−2 (ω i )p−2 ,

     where ai ∈ Q. Prove that φi is an isomorphism of fields. Show that φ2
     generates G(Q(ω)/Q).
     (c) Show that {ω, ω 2 , . . . , ω p−1 } is a basis for Q(ω) over Q, and consider
     which linear combinations of ω, ω 2 , . . . , ω p−1 are left fixed by all elements of
     G(Q(ω)/Q).
 GNU Free Documentation License



                          Version 1.2, November 2002
             Copyright 2000,2001,2002 Free Software Foundation, Inc.

            51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA

   Everyone is permitted to copy and distribute verbatim copies of this license
                   document, but changing it is not allowed.

                                    Preamble
    The purpose of this License is to make a manual, textbook, or other functional
and useful document “free” in the sense of freedom: to assure everyone the effective
freedom to copy and redistribute it, with or without modifying it, either commercially
or noncommercially. Secondarily, this License preserves for the author and publisher
a way to get credit for their work, while not being considered responsible for
modifications made by others.
    This License is a kind of “copyleft”, which means that derivative works of the
document must themselves be free in the same sense. It complements the GNU
General Public License, which is a copyleft license designed for free software.
    We have designed this License in order to use it for manuals for free software,
because free software needs free documentation: a free program should come with
manuals providing the same freedoms that the software does. But this License is
not limited to software manuals; it can be used for any textual work, regardless of
subject matter or whether it is published as a printed book. We recommend this
License principally for works whose purpose is instruction or reference.


1. Applicability And Definitions
This License applies to any manual or other work, in any medium, that contains a
notice placed by the copyright holder saying it can be distributed under the terms
of this License. Such a notice grants a world-wide, royalty-free license, unlimited in
duration, to use that work under the conditions stated herein. The “Document”,

                                        416
GFDL LICENSE                                                                      417

below, refers to any such manual or work. Any member of the public is a licensee,
and is addressed as “you”. You accept the license if you copy, modify or distribute
the work in a way requiring permission under copyright law.
     A “Modified Version” of the Document means any work containing the
Document or a portion of it, either copied verbatim, or with modifications and/or
translated into another language.
     A “Secondary Section” is a named appendix or a front-matter section of the
Document that deals exclusively with the relationship of the publishers or authors of
the Document to the Document’s overall subject (or to related matters) and contains
nothing that could fall directly within that overall subject. (Thus, if the Document
is in part a textbook of mathematics, a Secondary Section may not explain any
mathematics.) The relationship could be a matter of historical connection with the
subject or with related matters, or of legal, commercial, philosophical, ethical or
political position regarding them.
     The “Invariant Sections” are certain Secondary Sections whose titles are
designated, as being those of Invariant Sections, in the notice that says that the
Document is released under this License. If a section does not fit the above definition
of Secondary then it is not allowed to be designated as Invariant. The Document
may contain zero Invariant Sections. If the Document does not identify any Invariant
Sections then there are none.
     The “Cover Texts” are certain short passages of text that are listed, as Front-
Cover Texts or Back-Cover Texts, in the notice that says that the Document is
released under this License. A Front-Cover Text may be at most 5 words, and a
Back-Cover Text may be at most 25 words.
     A “Transparent” copy of the Document means a machine-readable copy,
represented in a format whose specification is available to the general public, that is
suitable for revising the document straightforwardly with generic text editors or (for
images composed of pixels) generic paint programs or (for drawings) some widely
available drawing editor, and that is suitable for input to text formatters or for
automatic translation to a variety of formats suitable for input to text formatters.
A copy made in an otherwise Transparent file format whose markup, or absence
of markup, has been arranged to thwart or discourage subsequent modification by
readers is not Transparent. An image format is not Transparent if used for any
substantial amount of text. A copy that is not “Transparent” is called “Opaque”.
     Examples of suitable formats for Transparent copies include plain ASCII without
markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly
available DTD, and standard-conforming simple HTML, PostScript or PDF designed
for human modification. Examples of transparent image formats include PNG, XCF
and JPG. Opaque formats include proprietary formats that can be read and edited
only by proprietary word processors, SGML or XML for which the DTD and/or
processing tools are not generally available, and the machine-generated HTML,
PostScript or PDF produced by some word processors for output purposes only.
     The “Title Page” means, for a printed book, the title page itself, plus such
following pages as are needed to hold, legibly, the material this License requires to
appear in the title page. For works in formats which do not have any title page
418                                                                 GFDL LICENSE

as such, “Title Page” means the text near the most prominent appearance of the
work’s title, preceding the beginning of the body of the text.
    A section “Entitled XYZ” means a named subunit of the Document whose title
either is precisely XYZ or contains XYZ in parentheses following text that translates
XYZ in another language. (Here XYZ stands for a specific section name mentioned
below, such as “Acknowledgements”, “Dedications”, “Endorsements”, or
“History”.) To “Preserve the Title” of such a section when you modify the
Document means that it remains a section “Entitled XYZ” according to this
definition.
    The Document may include Warranty Disclaimers next to the notice which
states that this License applies to the Document. These Warranty Disclaimers
are considered to be included by reference in this License, but only as regards
disclaiming warranties: any other implication that these Warranty Disclaimers may
have is void and has no effect on the meaning of this License.


2. Verbatim Copying
You may copy and distribute the Document in any medium, either commercially or
noncommercially, provided that this License, the copyright notices, and the license
notice saying this License applies to the Document are reproduced in all copies, and
that you add no other conditions whatsoever to those of this License. You may not
use technical measures to obstruct or control the reading or further copying of the
copies you make or distribute. However, you may accept compensation in exchange
for copies. If you distribute a large enough number of copies you must also follow
the conditions in section 3.
    You may also lend copies, under the same conditions stated above, and you may
publicly display copies.


3. Copying In Quantity
If you publish printed copies (or copies in media that commonly have printed covers)
of the Document, numbering more than 100, and the Document’s license notice
requires Cover Texts, you must enclose the copies in covers that carry, clearly and
legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover
Texts on the back cover. Both covers must also clearly and legibly identify you as
the publisher of these copies. The front cover must present the full title with all
words of the title equally prominent and visible. You may add other material on
the covers in addition. Copying with changes limited to the covers, as long as they
preserve the title of the Document and satisfy these conditions, can be treated as
verbatim copying in other respects.
     If the required texts for either cover are too voluminous to fit legibly, you should
put the first ones listed (as many as fit reasonably) on the actual cover, and continue
the rest onto adjacent pages.
GFDL LICENSE                                                                      419

    If you publish or distribute Opaque copies of the Document numbering more
than 100, you must either include a machine-readable Transparent copy along
with each Opaque copy, or state in or with each Opaque copy a computer-network
location from which the general network-using public has access to download using
public-standard network protocols a complete Transparent copy of the Document,
free of added material. If you use the latter option, you must take reasonably
prudent steps, when you begin distribution of Opaque copies in quantity, to ensure
that this Transparent copy will remain thus accessible at the stated location until
at least one year after the last time you distribute an Opaque copy (directly or
through your agents or retailers) of that edition to the public.
    It is requested, but not required, that you contact the authors of the Document
well before redistributing any large number of copies, to give them a chance to
provide you with an updated version of the Document.


4. Modifications
You may copy and distribute a Modified Version of the Document under the
conditions of sections 2 and 3 above, provided that you release the Modified Version
under precisely this License, with the Modified Version filling the role of the
Document, thus licensing distribution and modification of the Modified Version
to whoever possesses a copy of it. In addition, you must do these things in the
Modified Version:

  A. Use in the Title Page (and on the covers, if any) a title distinct from that of
     the Document, and from those of previous versions (which should, if there
     were any, be listed in the History section of the Document). You may use the
     same title as a previous version if the original publisher of that version gives
     permission.
  B. List on the Title Page, as authors, one or more persons or entities responsible
     for authorship of the modifications in the Modified Version, together with at
     least five of the principal authors of the Document (all of its principal authors,
     if it has fewer than five), unless they release you from this requirement.
  C. State on the Title page the name of the publisher of the Modified Version, as
     the publisher.
  D. Preserve all the copyright notices of the Document.
  E. Add an appropriate copyright notice for your modifications adjacent to the
     other copyright notices.
   F. Include, immediately after the copyright notices, a license notice giving the
      public permission to use the Modified Version under the terms of this License,
      in the form shown in the Addendum below.
  G. Preserve in that license notice the full lists of Invariant Sections and required
     Cover Texts given in the Document’s license notice.
420                                                                  GFDL LICENSE

  H. Include an unaltered copy of this License.
   I. Preserve the section Entitled “History”, Preserve its Title, and add to it an
      item stating at least the title, year, new authors, and publisher of the Modified
      Version as given on the Title Page. If there is no section Entitled “History”
      in the Document, create one stating the title, year, authors, and publisher of
      the Document as given on its Title Page, then add an item describing the
      Modified Version as stated in the previous sentence.
   J. Preserve the network location, if any, given in the Document for public access
      to a Transparent copy of the Document, and likewise the network locations
      given in the Document for previous versions it was based on. These may be
      placed in the “History” section. You may omit a network location for a work
      that was published at least four years before the Document itself, or if the
      original publisher of the version it refers to gives permission.
  K. For any section Entitled “Acknowledgements” or “Dedications”, Preserve the
     Title of the section, and preserve in the section all the substance and tone of
     each of the contributor acknowledgements and/or dedications given therein.
   L. Preserve all the Invariant Sections of the Document, unaltered in their text
      and in their titles. Section numbers or the equivalent are not considered part
      of the section titles.
  M. Delete any section Entitled “Endorsements”. Such a section may not be
     included in the Modified Version.
  N. Do not retitle any existing section to be Entitled “Endorsements” or to conflict
     in title with any Invariant Section.
  O. Preserve any Warranty Disclaimers.

    If the Modified Version includes new front-matter sections or appendices that
qualify as Secondary Sections and contain no material copied from the Document,
you may at your option designate some or all of these sections as invariant. To do
this, add their titles to the list of Invariant Sections in the Modified Version’s license
notice. These titles must be distinct from any other section titles.
    You may add a section Entitled “Endorsements”, provided it contains nothing but
endorsements of your Modified Version by various parties–for example, statements of
peer review or that the text has been approved by an organization as the authoritative
definition of a standard.
    You may add a passage of up to five words as a Front-Cover Text, and a passage
of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the
Modified Version. Only one passage of Front-Cover Text and one of Back-Cover
Text may be added by (or through arrangements made by) any one entity. If the
Document already includes a cover text for the same cover, previously added by
you or by arrangement made by the same entity you are acting on behalf of, you
may not add another; but you may replace the old one, on explicit permission from
the previous publisher that added the old one.
GFDL LICENSE                                                                     421

   The author(s) and publisher(s) of the Document do not by this License give
permission to use their names for publicity for or to assert or imply endorsement of
any Modified Version.


5. Combining Documents
You may combine the Document with other documents released under this License,
under the terms defined in section 4 above for modified versions, provided that
you include in the combination all of the Invariant Sections of all of the original
documents, unmodified, and list them all as Invariant Sections of your combined
work in its license notice, and that you preserve all their Warranty Disclaimers.
    The combined work need only contain one copy of this License, and multiple
identical Invariant Sections may be replaced with a single copy. If there are multiple
Invariant Sections with the same name but different contents, make the title of
each such section unique by adding at the end of it, in parentheses, the name of
the original author or publisher of that section if known, or else a unique number.
Make the same adjustment to the section titles in the list of Invariant Sections in
the license notice of the combined work.
    In the combination, you must combine any sections Entitled “History” in the
various original documents, forming one section Entitled “History”; likewise combine
any sections Entitled “Acknowledgements”, and any sections Entitled “Dedications”.
You must delete all sections Entitled “Endorsements”.


6. Collections Of Documents
You may make a collection consisting of the Document and other documents released
under this License, and replace the individual copies of this License in the various
documents with a single copy that is included in the collection, provided that you
follow the rules of this License for verbatim copying of each of the documents in all
other respects.
     You may extract a single document from such a collection, and distribute it
individually under this License, provided you insert a copy of this License into the
extracted document, and follow this License in all other respects regarding verbatim
copying of that document.


7. Aggregation With Independent Works
A compilation of the Document or its derivatives with other separate and independent
documents or works, in or on a volume of a storage or distribution medium, is called
an “aggregate” if the copyright resulting from the compilation is not used to limit
the legal rights of the compilation’s users beyond what the individual works permit.
When the Document is included in an aggregate, this License does not apply to
422                                                               GFDL LICENSE

the other works in the aggregate which are not themselves derivative works of the
Document.
    If the Cover Text requirement of section 3 is applicable to these copies of the
Document, then if the Document is less than one half of the entire aggregate,
the Document’s Cover Texts may be placed on covers that bracket the Document
within the aggregate, or the electronic equivalent of covers if the Document is in
electronic form. Otherwise they must appear on printed covers that bracket the
whole aggregate.


8. Translation
Translation is considered a kind of modification, so you may distribute translations
 of the Document under the terms of section 4. Replacing Invariant Sections with
 translations requires special permission from their copyright holders, but you may
 include translations of some or all Invariant Sections in addition to the original
versions of these Invariant Sections. You may include a translation of this License,
 and all the license notices in the Document, and any Warranty Disclaimers, provided
 that you also include the original English version of this License and the original
versions of those notices and disclaimers. In case of a disagreement between the
 translation and the original version of this License or a notice or disclaimer, the
 original version will prevail.
     If a section in the Document is Entitled “Acknowledgements”, “Dedications”, or
“History”, the requirement (section 4) to Preserve its Title (section 1) will typically
 require changing the actual title.


9. Termination
You may not copy, modify, sublicense, or distribute the Document except as expressly
provided for under this License. Any other attempt to copy, modify, sublicense or
distribute the Document is void, and will automatically terminate your rights under
this License. However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such parties remain in
full compliance.


10. Future Revisions Of This License
The Free Software Foundation may publish new, revised versions of the GNU Free
Documentation License from time to time. Such new versions will be similar in
spirit to the present version, but may differ in detail to address new problems or
concerns. See http://www.gnu.org/copyleft/.
    Each version of the License is given a distinguishing version number. If the
Document specifies that a particular numbered version of this License “or any later
version” applies to it, you have the option of following the terms and conditions
GFDL LICENSE                                                                     423

either of that specified version or of any later version that has been published (not
as a draft) by the Free Software Foundation. If the Document does not specify a
version number of this License, you may choose any version ever published (not as
a draft) by the Free Software Foundation.


Addendum: How to use this License for your docu-
ments
To use this License in a document you have written, include a copy of the License
in the document and put the following copyright and license notices just after the
title page:


      Copyright YEAR YOUR NAME. Permission is granted to copy, dis-
      tribute and/or modify this document under the terms of the GNU Free
      Documentation License, Version 1.2 or any later version published by
      the Free Software Foundation; with no Invariant Sections, no Front-
      Cover Texts, and no Back-Cover Texts. A copy of the license is included
      in the section entitled “GNU Free Documentation License”.


    If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace
the “with . . . Texts.” line with this:


      with the Invariant Sections being LIST THEIR TITLES, with the
      Front-Cover Texts being LIST, and with the Back-Cover Texts being
      LIST.


    If you have Invariant Sections without Cover Texts, or some other combination
of the three, merge those two alternatives to suit the situation.
    If your document contains nontrivial examples of program code, we recommend
releasing these examples in parallel under your choice of free software license, such
as the GNU General Public License, to permit their use in free software.
                          Notation



The following table defines the notation used in this book. Page numbers
refer to the first appearance of each symbol.

          Symbol                                      Description   Page

 a∈A               a is in the set A                                  4
 N                 the natural numbers                                5
 Z                 the integers                                       5
 Q                 the rational numbers                               5
 R                 the real numbers                                   5
 C                 the complex numbers                                5
 A⊂B               A is a subset of B                                 5
 ∅                 the empty set                                      5
 A∪B               union of sets A and B                              5
 A∩B               intersection of sets A and B                       5
 A0                complement of the set A                            6
 A\B               difference between sets A and B                    6
 A×B               Cartesian product of sets A and B                  8
 An                A × · · · × A (n times)                            8
 id                identity mapping                                  12
 f −1              inverse of the function f                         13
 a ≡ b (mod n)     a is congruent to b modulo n                      17
 n! 
                  n factorial                                       25
    n
                   binomial coefficient n!/(k!(n − k)!)              25
    k
 m|n               m divides n                                       27
 gcd(m, n)         greatest common divisor of m and n                28
 P(X)              power set of X                                    33

                                  424
NOTATION                                                                    425

               Symbol                                       Description   Page

 Zn                        the integers modulo n                           37
 lcm(m, n)                 least common multiple of m and n                34
 U (n)                     group of units in Zn                            44
 Mn (R)                    the n × n matrices with entries in R            45
 det A                     determinant of A                                45
 GLn (R)                   general linear group                            45
 Q8                        the group of quaternions                        46
 C∗                        the multiplicative group of complex numbers     46
 |G|                       order of a group G                              46
 R∗                        the multiplicative group of real numbers        49
 Q∗                        the multiplicative group of rational numbers    49
 SLn (R)                   special linear group                            49
 Z(G)                      center of a group G                             55
 hai                       cyclic subgroup generated by a                  60
 |a|                       order of an element a                           60
 cis θ                     cos θ + i sin θ                                 65
 T                         the circle group                                67
 Sn                        symmetric group on n letters                    77
 (a1 , a2 , . . . , ak )   cycle of length k                               79
 An                        alternating group on n letters                  83
 Dn                        dihedral group                                  85
 [G : H]                   index of a subgroup H in a group G              96
 LH                        set of left cosets of H in a group G            96
 RH                        set of right cosets of H in a group G           96
 d(x, y)                   Hamming distance between x and y               121
 dmin                      minimum distance of a code                     121
 w(x)                      weight of x                                    121
 Mm×n (Z2 )                set of m by n matrices with entries in Z2      127
 Null(H)                   null space of a matrix H                       127
 δij                       Kronecker delta                                131
 G∼  =H                    G is isomorphic to H                           144
 Aut(G)                    automorphism group of G                        156
 ig                        ig (x) = gxg −1                                156
 Inn(G)                    inner automorphism group of G                  156
 ρg                        right regular representation                   157
 G/N                       factor group of G mod N                        160
 ker φ                     kernel of φ                                    171
 G0                        commutator subgroup of G                       167
426                                                                     NOTATION

              Symbol                                            Description   Page

 (aij )                     matrix                                            180
 O(n)                       orthogonal group                                  183
 kxk                        length of a vector x                              184
 SO(n)                      special orthogonal group                          187
 E(n)                       Euclidean group                                   187
 Ox                         orbit of x                                        215
 Xg                         fixed point set of g                              215
 Gx                         isotropy subgroup of x                            215
 XG                         set of fixed points in a G-set X                  217
 N (H)                      normalizer of a subgroup H                        233
 H                          the ring of quaternions                           245
 char R                     characteristic of a ring R                        249
 Z[i]                       the Gaussian integers                             248
 Z(p)                       ring of integers localized at p                   265
 R[x]                       ring of polynomials over R                        269
 deg p(x)                   degree of p(x)                                    269
 R[x1 , x2 , . . . , xn ]   ring of polynomials in n variables                272
 φα                         evaluation homomorphism at α                      272
 Q(x)                       field of rational functions over Q                292
 ν(a)                       Euclidean valuation of a                          297
 F (x)                      field of rational functions in x                  303
 F (x1 , . . . , xn )       field of rational functions in x1 , . . . , xn    303
 ab                        a is less than b                                  307
 a∧b                        meet of a and b                                   309
 a∨b                        join of a and b                                   309
 I                          largest element in a lattice                      311
 O                          smallest element in a lattice                     311
 a0                         complement of a in a lattice                      311
 dim V                      dimension of a vector space V                     329
 U ⊕V                       direct sum of vector spaces U and V               332
 Hom(V, W )                 set of all linear transformations from U to V     332
 V∗                         dual of a vector space V                          332
 F (α1 , . . . , αn )       smallest field containing F and α1 , . . . , αn   337
 [E : F ]                   dimension of a field extension of E over F        340
 GF(pn )                    Galois field of order pn                          361
 F∗                         multiplicative group of a field F                 361
 G(E/F )                    Galois group of E over F                          377
 F{σi }                     field fixed by automorphisms σi                   382
NOTATION                                                        427

       Symbol                                   Description   Page

 FG             field fixed by automorphism group G           383
 ∆2             discriminant of a polynomial                  398
                                 Index



G-equivalence classes, 227          Boolean function, 224, 323
G-equivalent, 215                   Boolean ring, 265
G-set, 213                          Burnside’s Counting Theorem, 220
nth root of unity, 67, 391          Burnside, William, 48, 166, 227

Abel, Niels Henrik, 389             Cancellation law
Abelian group, 43                       for groups, 47
Ackermann’s function, 35                for integral domains, 248
Adleman, L., 107                    Cardano, Gerolamo, 282
Algebraic closure, 344              Carmichael numbers, 113
Algebraic extension, 337            Cauchy’s Theorem, 231
Algebraic number, 337               Cauchy, Augustin-Louis, 85
Algorithm                           Cayley table, 44
    division, 273                   Cayley’s Theorem, 148
    Euclidean, 30                   Cayley, Arthur, 149
Artin, Emil, 304                    Center
Ascending chain condition, 295          of a group, 55
Associate elements, 293                 of a ring, 265
Atom, 315                           Centralizer, 55
Automorphism                            of a subgroup, 217
    inner, 156, 177                     of an element, 167
    of a group, 156                 Characteristic of a ring, 249
                                    Chinese Remainder Theorem
Basis of a lattice, 192                 for integers, 259
Bieberbach, L., 196                     for rings, 266
Binary operation, 42                Cipher, 103
Binary symmetric channel, 119       Ciphertext, 103
Boole, George, 320                  Circuit
Boolean algebra                         parallel, 318
    atom in a, 315                      series, 317
    definition of, 312                  series-parallel, 318
    finite, 314                     Class equation, 217
    isomorphism, 314                Code

                                  428
INDEX                                                                429

    BCH, 371                       disjoint, 79
    cyclic, 363
    dual, 142                  De Morgan’s laws
    group, 124                      for Boolean algebras, 314
    Hamming                         for sets, 7
       definition of, 142      De Morgan, Augustus, 320
       perfect, 143            Decoding table, 137
       shortened, 143          Deligne, Pierre, 354
    linear, 127                DeMoivre’s Theorem, 66
    minimum distance of, 121   Derivative, 285, 360
    polynomial, 364            Derived series, 210
Commutative diagrams, 173      Descending chain condition, 304
Commutative rings, 244         Determinant, Vandermonde, 368
Composite integer, 30          Dickson, L. E., 166
Composition series, 206        Diffie, W., 107
Congruence modulo n, 17        Direct product of groups
Conjugacy classes, 217              external, 150
Conjugate elements, 378             internal, 153
Conjugate fields, 397          Direct sum of vector spaces, 332
Conjugate permutations, 101    Discriminant
Conjugate, complex, 64              of a separable polynomial, 398
Conjugation, 214                    of the cubic equation, 286
Constructible number, 349           of the quadratic equation, 285
Correspondence Theorem         Division algorithm
    for groups, 174                 for integers, 27
    for rings, 254                  for polynomials, 273
Coset                          Division ring, 244
    double, 101                Domain
    leader, 137                     Euclidean, 297
    left, 94                        principal ideal, 294
    representative, 94              unique factorization, 293
    right, 94                  Doubling the cube, 353
Coset decoding, 136
Cryptanalysis, 104             Eisenstein’s Criterion, 280
Cryptosystem                   Element
    affine, 105                    associate, 293
    definition of, 103             centralizer of, 167
    monoalphabetic, 105            idempotent, 266
    polyalphabetic, 106            identity, 43
    private key, 104               inverse, 43
    public key, 103                irreducible, 293
    RSA, 107                       nilpotent, 265
    single key, 104                order of, 60
Cycle                              prime, 293
    definition of, 78              primitive, 381
430                                                                    INDEX

    transcendental, 337                 Frobenius map, 373
Equivalence class, 16                   Function
Equivalence relation, 15                    bijective, 10
Euclidean algorithm, 30                     Boolean, 224, 323
Euclidean domain, 297                       composition of, 10
Euclidean group, 187                        definition of, 8
Euclidean inner product, 184                domain of, 9
Euclidean valuation, 297                    identity, 12
Euler φ-function, 99                        injective, 10
Euler, Leonhard, 100, 354                   invertible, 13
Extension                                   one-to-one, 10
    algebraic, 337                          onto, 10
    field, 334                              order-preserving, 322
    finite, 340                             range of, 9
    normal, 384                             surjective, 10
    radical, 390                            switching, 224, 323
    separable, 360, 381                 Fundamental Theorem
    simple, 337                             of Algebra, 345, 395
External direct product, 150                of Arithmetic, 30
                                            of Finite Abelian Groups, 203
Faltings, Gerd, 354                         of Galois Theory, 386
Feit, W., 166, 227
Fermat’s factorization algorithm, 112   Gödel, Kurt, 320
Fermat’s Little Theorem, 99             Galois field, 361
Fermat, Pierre de, 99, 354              Galois group, 377
Ferrari, Ludovico, 282                  Galois, Évariste, 48, 389
Ferro, Scipione del, 282                Gauss’s Lemma, 299
Field, 244                              Gauss, Karl Friedrich, 301
     algebraically closed, 344          Gaussian integers, 248
     base, 334                          Generator of a cyclic subgroup, 60
     conjugate, 397                     Generators for a group, 201
     extension, 334                     Glide reflection, 188
     fixed, 383                         Gorenstein, Daniel, 166
     Galois, 361                        Greatest common divisor
     of fractions, 291                      of elements in a UFD, 304
     of quotients, 291                      of two integers, 27
     prime, 303                             of two polynomials, 275
     splitting, 345                     Greatest lower bound, 308
Finitely generated group, 201           Greiss, R., 166
Fior, Antonio, 282                      Grothendieck, A., 354
First Isomorphism Theorem               Group
     for groups, 172                        p-group, 202, 231
     for rings, 254                         abelian, 43
Fixed point set, 215                        action, 213
Freshman’s Dream, 359                       alternating, 83
INDEX                                                                      431

    automorphism of, 156                 kernel of a group, 171
    center of, 92, 167, 217              kernel of a ring, 250
    circle, 67                           lattice, 322
    commutative, 43                      natural, 172, 253
    cyclic, 60                           of groups, 169
    definition of, 42                    ring, 250
    dihedral, 85
    Euclidean, 187                   Ideal
    factor, 160                           definition of, 251
    finite, 46                            maximal, 255
    finitely generated, 201               one-sided, 253
    Galois, 377                           prime, 255
    general linear, 45, 182               principal, 252
    generators of, 201                    trivial, 251
    Heisenberg, 53                        two-sided, 253
    homomorphism of, 169             Idempotent, 266
    infinite, 46                     Indeterminate, 269
    isomorphic, 144                  Index of a subgroup, 96
    isomorphism of, 144              Induction
    nonabelian, 43                        first principle of, 24
    noncommutative, 43                    second principle of, 25
    of units, 44                     Infimum, 308
    order of, 46                     Inner product, 126
    orthogonal, 183                  Integral domain, 244
    permutation, 77                  Internal direct product, 153
    point, 193                       International standard book number, 57
    quaternion, 46                   Irreducible element, 293
    quotient, 160                    Irreducible polynomial, 277
    simple, 162, 166                 Isometry, 188
    solvable, 209                    Isomorphism
    space, 193                            of Boolean algebras, 314
    special linear, 50, 182               of groups, 144
    special orthogonal, 187               ring, 250
    symmetric, 77
    symmetry, 190                    Join, 309
    torsion, 209                     Jordan, C., 166
                                     Jordan-Hölder Theorem, 207
Hamming distance, 121
Hamming, R., 124                     Kernel
Hellman, M., 107                         of a group homomorphism, 171
Hilbert, David, 196, 256, 320, 354       of a linear transformation, 331
Homomorphic image, 169                   of a ring homomorphism, 250
Homomorphism                         Key
    canonical, 172, 253                  definition of, 103
    evaluation, 251, 272                 private, 104
432                                                                      INDEX

    public, 103                           Matrix, Vandermonde, 368
    single, 104                           Maximal ideal, 255
Klein, Felix, 48, 179, 256                Maximum-likelihood decoding, 119
Kronecker delta, 131, 185                 Meet, 309
Kronecker, Leopold, 354                   Metric, 141
Kummer, Ernst, 354                        Minimal generator polynomial, 366
                                          Minimal polynomial, 338
Lagrange’s Theorem, 97                    Minkowski, Hermann, 354
Lagrange, Joseph-Louis, 48, 85, 100       Monic polynomial, 269
Laplace, Pierre-Simon, 85                 Mordell-Weil conjecture, 354
Lattice                                   Multiplicative subset, 304
     completed, 311                       Multiplicity of a root, 381
     definition of, 309
     distributive, 311                    Nilpotent element, 265
     homomorphism, 322                    Noether, A. Emmy, 256
Lattice of points, 192                    Noether, Max, 256
Lattices, Principle of Duality for, 309   Normal extension, 384
Least upper bound, 308                    Normal series of a group, 205
Left regular representation, 149          Normal subgroup, 159
Lie, Sophus, 48, 235                      Normalizer, 233
Linear combination, 327                   Null space
Linear dependence, 327                        of a linear transformation, 331
Linear functionals, 332                       of a matrix, 127
Linear independence, 327
Linear map, 179                           Odd Order Theorem, 239
Linear transformation                     Orbit, 92, 215
     definition of, 11, 179, 331          Orthogonal group, 183
     kernel of, 331                       Orthogonal matrix, 183
     null space of, 331                   Orthonormal set, 185
     range of, 331
Lower bound, 308                          Partial order, 306
                                          Partially ordered set, 307
Mapping, see Function                     Partitions, 16
Matrix                                    Permutation
   distance-preserving, 185                   conjugate, 101
   generator, 128                             definition of, 12, 76
   inner product-preserving, 185              even, 83
   invertible, 181                            odd, 83
   length-preserving, 185                 Permutation group, 77
   nonsingular, 181                       Plaintext, 103
   null space of, 127                     Polynomial
   orthogonal, 183                            code, 364
   parity-check, 128                          content of, 299
   similar, 16                                cyclotomic, 284
   unimodular, 193                            definition of, 269
INDEX                                                                         433

    degree of, 269                          commutative, 244
    error, 374                              definition of, 243
    error-locator, 375                      division, 244
    greatest common divisor of, 275         factor, 253
    in n indeterminates, 272                finitely generated, 304
    irreducible, 277                        homomorphism, 250
    leading coefficient of, 269             isomorphism, 250
    minimal, 338                            local, 305
    minimal generator, 366                  Noetherian, 295
    monic, 269                              of integers localized at p, 265
    primitive, 299                          of quotients, 305
    root of, 274                            quotient, 253
    separable, 381                          with identity, 244
    zero of, 274                            with unity, 244
Polynomial separable, 359              Rivest, R., 107
Poset                                  RSA cryptosystem, 107
    definition of, 307                 Ruffini, P., 389
    largest element in, 311            Russell, Bertrand, 320
    smallest element in, 311
Power set, 33, 307                     Scalar product, 324
Prime element, 293                     Schreier’s Theorem, 211
Prime field, 303                       Second Isomorphism Theorem
Prime ideal, 255                            for groups, 174
Prime integer, 30                           for rings, 254
Prime subfield, 303                    Semidirect product, 198
Primitive nth root of unity, 68, 391   Shamir, A., 107
Primitive element, 381                 Shannon, C., 123
Primitive Element Theorem, 381         Sieve of Eratosthenes, 35
Primitive polynomial, 299              Simple extension, 337
Principal ideal, 252                   Simple group, 162
Principal ideal domain (PID), 294      Simple root, 381
Principal series, 206                  Solvability by radicals, 390
Pseudoprime, 113                       Spanning set, 327
                                       Splitting field, 345
Quaternions, 46, 246                   Squaring the circle, 353
                                       Standard decoding, 136
Repeated squares, 68                   Subfield
Resolvent cubic equation, 287               prime, 303
Right regular representation, 157      Subgroup
Rigid motion, 40, 188                       p-subgroup, 231
Ring                                        centralizer, 217
    Artinian, 304                           commutator, 167, 210, 237
    Boolean, 265                            cyclic, 60
    center of, 265                          definition of, 49
    characteristic of, 249                  index of, 96
434                                                                     INDEX

    isotropy, 215                            dual of, 332
    normal, 159                              subspace of, 326
    normalizer of, 233
    proper, 49                           Weight of a codeword, 121
    stabilizer, 215                      Weil, André, 354
    Sylow p-subgroup, 233                Well-defined map, 10
    torsion, 73                          Well-ordered set, 26
    transitive, 92                       Whitehead, Alfred North, 320
    translation, 193                     Wilson’s Theorem, 373
    trivial, 49
Subnormal series of a group, 205         Zassenhaus Lemma, 211
Subring, 247                             Zero
Supremum, 308                                 multiplicity of, 381
Switch                                        of a polynomial, 274
    closed, 317                          Zero divisor, 245
    definition of, 317
    open, 317
Switching function, 224, 323
Sylow p-subgroup, 233
Sylow, Ludvig, 235
Syndrome of a code, 135, 374

Tartaglia, 282
Third Isomorphism Theorem
     for groups, 175
     for rings, 254
Thompson, J., 166, 227
Totally ordered set, 322
Transcendental element, 337
Transcendental number, 337
Transposition, 81
Trisection of an angle, 353

Unique factorization domain (UFD), 293
Unit, 244, 293
Universal Product Code, 56
Upper bound, 308

Vandermonde determinant, 368
Vandermonde matrix, 368
Vector space
    basis of, 329
    definition of, 324
    dimension of, 329
    direct sum of, 332