Algorithmic Algebraic Number Theory
 0521330602, 9780521330602

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Citation preview

ENCYCLOPEDIA OF MATHEMATICS AND ITS APPLICATIONS

Algorithmic algebraic number theory M. POHST University of Dusseldorf

H. ZASSENHAUS Professor Emeritus Ohio State University

CAMBRIDGE UNIVERSITY PRESS

Published by the Press Syndicate of the University of Cambridge The Pitt Building, Trumpington Street, Cambridge CB2 IRP 40 West 20th Street, New York, NY 10011-4211, USA 10 Stamford Road, Oakleigh, Melbourne 3166, Australia

© Cambridge University Press 1989 First published 1989 Reprinted 1990, 1993 Printed in Great Britain by Antony Rowe Ltd, Chippenham, Wiltshire British Library cataloguing in publication data Pohst, M. Algorithmic algebraic number theory(Encyclopaedia of mathematics and its applications). I. Algebraic number theory I. Title II. Zassenhaus, H. III. Series 512'.74 Library of Congress cataloguing in publication data Pohst. M. Algorithmic algebraic number theory/M. Pohst and H. Zassenhaus. p. cm. Bibliography: p. Includes index. ISBN 0 521 33060 2 Algebraic number theory. 2. Algorithms. I. Zassenhaus. Hans. II. Title QA247.P581989 512'.74-dcl9 88-2960 CIP ISBN 0 521 330602 hardback

TM

CONTENTS

Preface List of symbols used in the text

1 Basics of constructive algebraic number theory 1.1 Introduction 1.2 The main task of constructive algebra 1.3 On the construction of overmodules and overrings 1.4 The ring of an equation 1.5 The Gaussian integer ring Z[i] 1.6 Factorial monoids and divisor cascades 2

2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12

The group of an equation Splitting rings The fixed subring of the permutation automorphisms Symmetric polynomials Indecomposable splitting rings Finite fields The main theorem of Galois theory Minimal splitting fields The Lagrange resolvent The group of an equation How to determine the group of a separable equation over a field The cyclotomic equation Normal bases

3 Methods from the geometry of numbers

3.1 3.2 3.3 3.4

Introduction Free modules over principal entire rings Lattices and basis reduction Minkowski's convex body theorem

vii XI

1 I

4 7 13 IS

23 29

29 37 48 63 69

87 91 97 108 135 157 163 177

177 177 186 212

Contents

4 Embedding of commutative orders into the maximal order 4.1 Introduction 4.2 The algebraic background 4.3 Valuation theory 4.4 Eisenstein polynomials 4.5 Dedekind rings and orders 4.6 Embedding algorithm 5 Units in algebraic number fields

5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8

219

219 222 230 255 264 313 327

Introduction The Dirichlet theorem On solving norm equations I Computation of roots of unity Computation of independent units Regulator bounds and index estimates Computation of fundamental units Remarks on computerization

327 329 336 343 350 359 367 372

6 The class group of algebraic number fields

377

6.1 6.2 6.3 6.4 6.5

Introduction The ring OF of algebraic integers as a Dedekind ring Ideal calculus On solving norm equations II Computation of the class group

377 381 396 408 413

Appendix: Numerical tables

427 455 456 459

Algorithms References Index

PREFACE

This book is a first step in a new direction: to modify existing theory from a constructive point of view and to stimulate the readers to make their own computational experiments. We are thoroughly convinced that their observations will help to build a new basis from which to venture into new theory on algebraic numbers. History shows that in the long run, number theory always followed the cyclic movement from theory to construction to experiment to conjecture to theory. Consequently, this book is addressed to all lovers of number theory. On the one hand, it gives a comprehensive introduction to (constructive) algebraic number theory and is therefore especially suited as a textbook for a course on that subject. On the other hand, many parts go far beyond an introduction and make the user familiar with recent research in the field. For experimental number theoreticians we developed new methods and obtained new results (e.g., in the tables at the end of the book) of great importance for them. Both computer scientists interested in higher arithmetic and in the basic makeup of digital computers, and amateurs and teachers liking algebraic number theory will find the book of value. Many parts of the book have been tested in courses independently by both authors. However, the outcome is not presented in the form of lectures, but, rather, in the form of developed methods and problems to be solved. Algorithms occur frequently throughout the presentation. Though we do not give a thorough definition of an algorithm (but just a rough explanation in 1.1), the underlying idea is that a definite output is obtained from prescribed input data by certain arithmetical rules in a finite number of computational steps. Clearly, an upper bound for the number of those computational steps depending on the input data should be desirable in each case. However, the bounds obtainable for many well-known, frequently used algorithms are completely unrealistic. Hence, we usually do without a complexity analysis.

viii

Preface

(The derivation of rough estimates is a good exercise for the reader interested in that topic, however.) This approach is justified by the fact that the algorithms under consideration yield good to excellent results for number fields of small degree and not too large discriminants. In those cases O-estimates are not very helpful in general. Rather, our intention is to make the readers conscious of weak performances of (parts of) algorithms and to strengthen their ability to improve them. From our experiences those weak links in the chain of operations can be detected often only by numerical computation. Hence, we highly recommend the interaction of developing algorithms, observing their performance in practical application, followed by improving them. Moreover, new algorithms are used to replace older proofs of theorems by means of using their output to show the existence of certain mathematical objects, such as the shortest vector in a lattice, or of a polynomial in the elementary symmetric functions representing an arbitrary symmetric function (principal theorem on symmetric functions). Any such algorithm respectively, its performance for specified data - yields new observations, giving rise to new conjectures and thus to an improvement of the theory. That is one of the major goals of this book since many of the available numerical invariants of algebraic number fields were already obtained without the use of modern electronic computers. So there is still very little known about algebraic number fields other than abelian extensions of the rational number field. The contents of the book are divided into six chapters. The first chapter serves as a kind of an introduction. Some basic material (e.g. the Euclidean algorithm, quadratic extensions, Gaussian integers) is to stimulate the readers and to make them curious for more systematic theory. The second chapter gives a self-contained account of Galois theory and elementary prerequisites (e.g. a good knowledge of finite field theory). The reader is introduced to E. Galois' idea of studying the algebraic relations between the roots of a given algebraic equation and thus to recognition of the algebraic background generated by the solutions. Eventually, a method of determining the Galois group of an equation is developed. The third chapter contains an independent introduction to those parts of the geometry of numbers which will be used in later chapters. Most of Minkowski's classical theorems are presented, as well as some recent reduction methods. The fourth chapter discusses the problem of embedding an equation order into its maximal order, thereby establishing the arithmetical background of a given equation. An algorithm for the computation of an integral basis of an algebraic number field is included. A local account (using valuation theory and the theory of algebraically ordered fields) of the Hilbert-Dedekind-Krull ideal theory is part of the exposition.

Preface

i)(

The last two chapters deal with the main difference between arithmetics of the rational numbers and of the higher algebraic number fields. Chapter 5 gives a logarithm free proof of Dirichlet's famous unit theorem. It is followed t{y developing several methods (some new ones) for the computation of the roots of unity and of a full system of fundamental units of an order. In chapter 6 the maximal order of an algebraic number field is studied as a Dedekind ring. We then present efficient methods for the computation of the class number and the class group of an algebraic number field. Primarily they are based on a normal presentation of an ideal by two elements and a fast method for solving norm equations, both of them developed only recently. As an Appendix we present several tables with numerical data concerning the calculation of Galois groups, integral bases, unit groups and class groups. Chapters 1-4 are essentially self-contained, using only formal results but no conceptual theory of other chapters. The last two chapters rely on the knowledge of parts of chapters 3 and 4; chapter 6 also on parts of chapter 5. Throughout this book, we only assume that the readers have a proper basic knowledge of algebra. Should they not be familiar with some topic supposed to be known they will certainly find it in the book on algebra by S. Lang to which we refer quite frequently in the early chapters. We have also provided a bibliography for each chapter at the end of the book. We hope to succeed in encouraging some of our readers to engage in enlightened experimentation with numbers and obtain deeper insights into their structure. M. Pohst H. Zassenhaus 1987

ACKNOWLEDGEMENTS

We are much indebted to many students and colleagues for valuable suggestions, criticisms and incentives to do better. In particular we wish to acknowledge the help of D. Shanks, 10hn McKay and 1. Buchmann. We wish to acknowledge the generous support of the production of the manuscript and the research which went into it which we received from the Department of the Ohio State University, the Mathematical Institute of the University of Dusseldorf, the National Science and Engineering Council of Canada and the Centre de Recherches Mathematiques, Universite de Montreal. Our thanks go out to the continued support and interest by the editors of Cambridge University Press, M. Gilchrist and D. Tranah, as well as to the production staff of the Encyclopedia of Mathematics and its Applications. We would also like to acknowledge the help in proof reading we received from U. Schroter, M. Slawik, 1. von Schmettow and essentially by U. Halbritter, and we thank the many secretaries who typed parts of the manuscript. We were constantly encouraged in completing the work by the support and understanding of our wives Christel and Lieselotte.

SYMBOLS USED IN THE TEXT

Symbols used throughout the book are listed in connection with the mathematical terms with which they are associated in the text. Arithmetic bij is Kronecker's symbol; it is one for i = j, zero otherwise; sign (x) is one for x> 0, minus one for x < 0, for x = 0, Ix I = sign (x)x; Lx J denotes the largest integer less than or equal to x; x 1 denotes the smallest integer greater than or equal to x; {x} denotes the integer closest to x, for x + !El': it is either x + t or x - t; alb means that there is an element e satisfying b = ae; alb means that there is no element c satisfying b = ae; pk II b means that pk Iband pk + , I b; gcd denotes the greatest common divisor; Icm denotes the least common multiple; glb denotes the greatest lower bound; a == b mod e means that el(a - b); a = Q(a, b)b + R(a, b) denotes division with remainder in a Euclidean ring; gcd (a, b) = X(a, b)a + Y(a, b)b denotes a presentation of the ged in a Euclidean ring; Re (a), 1m (a) real, respectively imaginary part of aEIC; max {a" ... ,ad denotes aEIR satisfying aE{a" ... , ak } and a ~ aj (1 ~ j ~ k).

°

r

Functions and mappings

r, cp, J1.

denote the Gamma function, Euler cp-function, Mobius J1.-function, res pecti vel y; id = 1 identity mapping, 1 also the identity permutation; ker denotes the kernel of a homomorphic mapping; Dr derivation with respect to the variable t;

xii

Symbols used in the text

N, Tr norm, respectively trace; ind index in finite fields. Groups

6. symmetric group on n letters; 21. subgroup of 6. consisting of all even permutations; m4 the Klein Four Group; HoI the holomorph of a group; )q denotes the semidirect product of two groups; I denotes the wreath product; D 2 • dihedral group on n letters; ord (x) order of the group element x. Matrices I. denotes the n x n unit matrix; with aii = a j (1 ~ i ~ n) and diag (a l , ••• , a.) denotes the n x n matrix (aij). a jj = 0 for i of: j; det (M) determinant of the matrix M; H(M) Hermite normal form of the matrix M; GL(r. £'), SL(r. £') general linear grouP. special linear group of degree r.

"I.i".

Orders !l(A/R) discriminant ideal of the R-order A; !lo(A/R) reduced discriminant ideal; AR(A) arithmetic radical; (fj(A/R) elementary ideals (iE£'''~; 91(A/R) exponent ideal; (A:RA) index ideal; (A:RO) order ideal; Tor (AIR) set of all x of A for which there exists a non-zero divisor AER such that AX = O.

Polynomials d(f) discriminant of the polynomial f; deg (f) degree of f; I (f) denotes the coefficient of the term of f of highest degree; Res (f, g) resultant of the polynomials f. g; p~/o principal polynomial of ~ over Q; M ~/o minimal polynomial of ~ over Q.

Symbols used in the text

xiii

Rings and fields C(R) center of the ring R; O(R) quotient ring of R; J(R) Jacobson radical; NR(R) nilradical; PID principal ideal domain; [A/B] = {xERlxBS A} for subsets A,B of the ring R; ~ R R-isomorphic; inner direct sum (see 1. (3.8)); EEl direct sum; ® R tensor product over R; F = F\{O} for fields F.

+ X

Algebraic number fields F OF

= Cl(l', F) ring of algebraic integers of F;

dF discriminant of F (respectively of OF); fJ{j) jth conjugate of fJ E F; U(R) unit group of the order R of F, U F:= U(OF); TU(R) torsion subgroup (elements of finite order) of U(R); Reg(U(R)) regulator of U(R), Regl' = Reg(U F); I R semigroup of R-fractional ideals of the order R of F; H R group of principal R-fractional ideals; hR class number of R, hF := ho F ; Cl F class group of F; fJ ¢> (1./ fJ E U(R); RA := {fJEoFlfJA S A} for subsets A of OF'

(1. '"

Special sets of numbers N, IP, l' natural numbers, prime numbers, rational integers, respectively; IR, IC rational numbers, real numbers, complex numbers, respectively; IF q finite field of q = pn elements (pE IP, nE N); fF p = l'/pl' = l'/p; l'",m all XEl' subject to x ~ m (analogously l'"m, l' 1

marks the end of a proof.

xiv

Symbols used in the text

We refer to a formula or theorem of the same chapter by its number (m.n), where m denotes the number of the corresponding section and n the number within that section. Formulae of different chapters are referred to by also listing the number of that chapter, for example 2 (11.12).

1

Basics of constructive algebraic number theory

1.1. Introduction Algebraic numbers are defined as complex numbers x satisfying an algebraic equation of the form aox· + alx·- I + ... + a. = 0 (nEN;aiE£: (0 ~ i ~ n), ao i= 0).

(l.l)

We are not satisfied merely with the existence of algebraic numbers such as, for instance, the natural numbers 1,2,3, ... (N),

± I, ± 2, ... (£:), numbers 0, ± I, ± 1, ± 2, ± t, ± ~, ± 3, ... (10),

rational integers 0,

rational surds r lt• (rEIO, nE N, n ~ 2);

we also inspect the means of constructing them. For this purpose we employ

algorithms. We shall not endeavour to give a definition of algorithms in terms of mathematical logics. Our algorithms consist of a stated input, a stated output and a finite number of well-defined steps. The input and output will usually be rational integers and quantities (such as fractions, algebraic integers, integral matrices) derived from rational integers by stated rules. The steps are numbered from I to n (nEN). They consist of statements which use the known data (from the input, or already calculated) to obtain new data by unique mathematical rules. The steps are usually carried out one after the other. But there can also be a jump from step i to step k (k i= i + I) depending on the value of some data. The mathematical rules for the computation of new data and for the decision, whether a jump occurs, are fixed throughout the whole algorithm. During the execution of the algorithm a certain step i (1 ~ i ~ n) may be carried out several times, say N(i) times, depending on the input data. However, all numbers N(i) (1 ~ i ~ n) must be finite.

2

Basics

The rational integers occming in the algorithm usually signify what they stand for. Sometimes they denote algebraic numbers, sometimes they signify a decision of questions such as: is this real algebraic number,. positive, zero, or negative? sign (r) = {

I if r > 0 (i.e. r is positive) 0 if r = 0 - I if r < 0 (i.e. r is negative).

(1.2)

As an introductory but very instructive example for an algorithm, we present Euclid's algorithm for rational integers. For a better understanding of algorithms it is useful to present the underlying ideas in advance. The theory of Euclid's algorithm in 1L is easily explained. For two natural numbers a, b with a ~ b there exists a third natural number e subject to be~a,

b(e+ l»a.

(1.3)

Hence, there exists a non-negative integer d such that

a = be + d and

0 ~ d < b.

(1.4)

The process (1.4) is called division with remainder or, simply, long division. The numbers e, d are uniquely determined by a, b. The same procedure for a, bEll instead of a, bE N is a little more complicated. One possibility of generalizing (1.3), (1.4) for arbitrary integers a, b, b"# 0, is to stipulate

a=be+d with

O~dR(A, B) = o.

(3.11 b)

This division with remainder is essentially taught in high-school algebra (see exercise 2). If B "# 0 but B is not monic, then (3.11a) need not be valid since the leading coefficient of B does not necessarily divide the leading coefficient of A or of intermediary remainders. In that case we have a modified division with remainder, called pseudo-division for short: L(A, B)A

where

= Q(A, B)B + R(A, B),

)= {I

L(A, B

for deg(A) < deg(B) I(B)deg(A) -deg(B) + 1 otherwise

(3.12a)

(3.12b)

and deg(R(A, B» < deg(B)

(or R(A, B) = 0).

(3.12c)

Moreover, the quotient Q(A, B) satisfies the following conditions: if deg(L(A, B)A) ~ deg(B), then deg(Q(A, B» = deg(L(A, B)A) - deg(B), but if deg(L(A, B)A) < deg(B), then Q(A, B) = O. For a detailed discussion of pseudodivision we refer to Knuth's book [I]. We just note that the reason for adopting the (deg(A) - deg(B) + l)th power of I(B) lies in the number of degree reductions by 1 which can be necessary to obtain deg (R(A, B» < deg (B). We observe that pseudo-division assumes the previous form (3.11 a) in case B is monic (see exercise 2). Long division or division with remainder of polynomials is used similarly as long division of rational integers in order to bring about a pseudoEuclidean division algorithm which similarly as in section 1 leads to an equation F(A, B) = X(A, B)A

+ Y(A, B)B,

(3.13)

where F(A, B) is a well-determined polynomial which always divides the product of A and some other leading coefficients as well as the product of B and some other leading coefficients, but F(A, B) does not necessarily divide A or B themselves. Only in case R is a field, we can be sure that F(A, B) is a common divisor of A, B and then (3.13) tells us that F(A, B) is even a greatest common divisor. 5. Specializations Let R be a unital commutative ring. The R-homomorphisms m,

~1'1=>~I'1(,

~1'1 and 1:1(=>~I:I'1" ~1'1 and ~1(=>~I('1+()(~,"'1,F-E1:[i]).

5. Prove proposition (5.23). Which properties of 1:[i] are essential for the proof? 6. (a) Let n be a prime element of1:[i). Show that there exists a rational prime number P which is divisible by n. Any prime number PEP is divisible by at most two prime elements of 1:[i). (b) Let PEP be an odd prime number. Show by group theoretical arguments that - I is a square in 1:/p1: if and only if P == I mod 4. (c) For prime numbers PEP show that the following decomposition law holds:

P- {

n2

for P = 2

n nn'

for p == 3 mod 4, for p == I mod 4

where n is a prime element of 1:[i] depending on p and n' = a(n). (d) Determine the decomposition ofthe first ten prime numbers into prime elements of l[i).

1.6. Factorial monoids and divisor cascades The rational integer ring, the Gaussian integer ring, and polynomial rings in one variable over a field are examples of principal entire rings. We observe that the property of unique factorization into irreducible elements of a principal entire ring R essentially depends on the monoid M = R x formed by the non-zero elements of R under multiplication. Clearly, the notions of units, equivalence of two elements (notation: a'" b, see (5.19)), irreducible elements, divisibility (a Ib), and unique factorization into

24

Basics

irreducible elements can be transfered to arbitrary commutative monoids M; exercises I and 2 show that the usual properties of divisibility hold there, too. A commutative monoid M is said to be factorial if every non-zero element of M has a unique factorization into irreducible elements. Two elements a, b of a factorial monoid M are called associate if alb and bla (i.e. a'" b). (We note that we have to assume that the set of irreducible elements of M does not contain associate elements, otherwise all factorizations into irreducible elements are unique up to equivalence only.) Using the same arguments as S. Lang in his book, chapter II, section 4, we conclude that a (commutative) monoid M is factorial if and only if

every properly ascending chain aiM c a2M c ···(aiEM, iEN) isfinite, (6.1a) and

for every irreducible element pEM which divides ab (a,bEM) either pia or plb. (6.1b) In the sequel let M be a factorial monoid. Arithmetic in M can be done via the unique presentation of non-zero elements aEM in the form

n Pi r

a= u

(UE V (M), rEll. ~ 0, PiE M irreducible (l ~ i ~ r».

(6.2)

i= I

(See also exercises 1,2.) However, it is usually difficult to obtain such a factorization, even in the case M = N. We shall therefore develop a kind of substitute for (6.2). Let S be a finite subset of M. A (finite!) subset B(S) of M is called a basis of S if any aES has a unique presentation

a=u

nb

mb

(mbEll."o,UEU(M».

(6.3)

bEB(S)

For example, all irreducible elements of M dividing at least one aES form a basis B(S). But in general we can obtain a basis which consists of less elements and is easier to determine than by factorizing all aES into irreducible elements. As an example let M = Nand S = {14 700, 5040}, then B(S) = {l2, 35} will do as we shall see below. The instrument for computing 'nice' bases are divisor cascades, by which we derive from S a set c5(S) which is closed under division and gcd-formation.

Definition (6.4) Let S be a non-empty finite subset of a factorial monoid M and O¢S. Then a divisor cascade c5(S) of S is a smallest subset of M with the properties: (i) S ~ c5(S), 1Ec5(S); (ii) If a, bEc5(S), then c5(S) also contains an element c, c '" gcd(a, b).

(iii) If a, bEc5(S) and alb, then c5(S) contains an element c '" b/a.

Factorial monoids and divisor cascades

25

It is clear that a basis B(S) of S is obtained from those elements of b(S) which are not in U(M) and are not divisible by any other YEb(S), Y ~ b, yE U(M). Any xEb(S) then has a presentation (6.3).

Example (6.5) Let M = Nand S = {l4 700, 5040}. In accordance with (6.4) we compute gcd(14700, 5040) = 420, 14700/420 = 35, 5040/420 = 12, 14700/12 = 1225, 5040/35 = 144 yielding b(S) = {l4 700, 5040, 420, 35, 12, 1225, 144, l}. The following diagram needs no further explanation: 14700

5040

/~/~ 420 144 ~/~/ 35 12

1225

~I/

Indeed, we have B(S) = {12, 35} = B(b(S)). Hence, a basis for a finite subset of M can be computed just by forming quotients and gcds but without any factorization into irreducible elements. In the sequel we assume that we can calculate gcds. In praxis M would have to be a subset of a Euclidean ring for this purpose. We note that for computing b(S) associate elements of S should be eliminated.

Algorithm for computation of a divisor cascade

(6.6)

Input. Let S={Sl"",Sr} (rEN) a subset of a factorial monoid not containing O. Output: b(S). Step l. (Eliminate associate elements and units.) Set k..-- 1, t k ..-- I, b(S)..-- {t d. For i = I , ... ,r: check whether Sj is associated to one of the elements of b(S); if this is not the case set k..-- k + 1, t k ..-- Sj, b(S)..-- b(S) u {td. If b(S) ~ 2, go to 8. Step 2. (Initialization). Set A..-- {(i,j)12 ~ j f:= til + 4>(a 1W- 1 + '" + 4>(a ll )

II

= n (t-x)

(X 1,X2,· .. ,X"EA)

(1.6d)

j= 1

over R' there is an extension $: S(fI R) -+ A

( 1.6e)

of 4> such that ( 1.6f)

Proof If n = 1 thenf(t) = t + a 1 and R = S(fI R) with ~ 1 = - a 1 is a universal splitting ring off with the desired property. Now let n> 1 and assume the construction works for monic polynomials of degree n - lover unital commutative rings. Let ~II:=

tlf

R[t]lfR[t].

in

Note that the n elements

form an R-basis of R[t]lfR[t]. Set ~1I)j(R[t]1 fREt]»~.

S(f IR) = S(Q(f, t -

(1.7)

By assumption there are (n - I)! basis elements ~jt'".~:~=11

(O~ij and A as in the theorem. It follows that 4> extends to a homomorphism

4>1 :R[t]1 fREt]

-+ A,

4>l1R = 4>, 4>1(~1I) = x ..

as was shown at the end of chapter I, section 4. For the polynomial 4> f there are two factorizations

=(t -

11-1 XII)

n (t -

j=l

Xj)'

32

The group of an equation

But the polynomial t - x. with leading coefficient 1 is not a zero divisor of A[t]. Hence .-1

Q(2(~))

i = 1,2),

(~ES(f/Q)).

Thus essentially the solvable separable case provides a universal splitting ring that is algebraically 'decomposed' into the direct sum of two isomorphic copies of iQ. We note that there are two factorizations of fin S(f/iQ)

f(t)

= (t -

x1e 1 - X2e2)(t - X2el - x 1e 2) (1.13s)

= (t - xd(t - X2).

Which of the two is the standard one (1.6b)? In case f is inseparable we can even find infinitely many distinct factorizations. What are they? Correspondingly we find infinitely many distinct automorphisms of S(f110) over Q. Finally we turn to the case that d(f) is non-square. In this case there is no factorization

f=gh into non-constant factors g, h ofQ[t] possible, the polynomial f is irreducible over Q. The universal splitting ring S(f /10) contains no divisor of zero. It is a field, called the splitting field of f. In this splitting field, however, there holds the factorization

f(t) = (t -

~ I)(t

-

~2).

Also just as above (1.12d) holds so that we obtain a

dt

a

dt

~I = -i+T' ~2 = -i-T'

( 1.14)

when the square root of the discriminant is defined as one of the two solutions of the pure quadratic equation (1.12e) for z in S(f /10). We observe that in

The fixed subring

37

this case any iQ-homomorphism of S(f1(0) into a splitting ring of f over 10 is a monomorphism. On the other hand, in case f is reducible (= non-irreducible) over 10 then 10 itself is a splitting ring of f, of a iQ-dimension less than the iQ-dimension of S(f/iQ)·

Exercises 1. Let f be an arbitrary non-constant polynomial in t over the unital commutative ring R, say f(t)=aotn+altn-I

+ ... +an

(nEZ>o; ajER, 0 ~ i ~ n; a o ¥- 0).

Then show that the natural homomorphism of R into

(t, t I ' " ' ' tn are n + I polynomial variables) which maps..:t on ..:t/(f - O?=.(t - tJ) for ..:t of R is a monomorphism if and only if the coefficients ao, a l , ... , an satisfy the same condition as in exercise I of chapter I, section 4: If aoz = 0 (zER) then ajz = 0 (0 < i ~ n). 2. Let a monic polynomial f of degree n > 0 over Z and a polynomial P of Z[t I, t 2,···, tn] be given. Write an algorithm in order to represent P(~ I' ~2"'" ~n) as a linear combination of the standard basis of S(fjZ). 3. (a) Compute the universal splitting ring of f(t) = t 3 - 7t - 7 over Z. (b) Show that Z[p] is a splitting ring for f, if p denotes a zero of f (in ~). (Hint: 3p2 - Sp - 14 is another zero.) (c) Determine an epimorphism of S(fjZ) onto Z[p]. (Compare proposition (4.6).) 4. Find all factorizations of the monic quadratic polynomial f(t)

=

t 2 + alt + a 2dl[t]

in S(fjQ).

2.2. The fixed subring of the permutation automorphisms Firstly, we remark that the R-dimension n! grows stronger than exponentially with n since by Stirling's formula

(2.1) so that direct computations in S(flR) become impractical for large values of n. The value of the concept of splitting rings derives from its constructive nature and its use as scaffolding for more efficient constructions.

38

The group of an equation

1. Tschirnhausen transformations Secondly, our discussion of quadratic equations (l.lOa) over 0 amounts to the statement that S(f10) is isomorphic to S(gIO) where g(t)

= t2 -

d(f)

is a pure quadratic polynomial. More generally speaking a Tschirnhausen transformation [6] of (1.1) with ao = 1 is defined as the transition from the generator ~

= tlf

of the equation ring R [t]1f R [t] to another generator I]=h(~)

(2.2a)

hER[t],

(2.2b)

R[t]IfR[t] = R[~J = R[I]J.

(2.2c)

of R[t]lfR[t] with

As will be shown soon the minimal polynomial m of polynomial of degree n over R and thus

R[tJIfR[tJ where the R-isomorphism maps It follows readily that

I]

~RR[tJlmR[tJ

I]

is again a monic

(2.2d)

on tim.

S(fI R) ~ R S(ml R),

(2.2e)

so that, in essence, we deal with the same problem as before, but the use of m rather than f may confer both conceptual and computational advantages. Note that there is a polynomial j of R [tJ such that ~ = j(I]) so that the transition from '1 to ~ also is a Tschirnhausen transformation. Prior to E. Galois' revolutionary treatment of algebraic equation theory, for several centuries the algebraists tried to apply a Tschirnhausen transformation to (1.1) over an extension E of Q obtained by the adjunction of some radicals such that m factors into a product of pure monic polynomials of the form til -

f3

(2.2f)

with f3 in E. This is possible for n = 1,2,3,4. Ruffini and Abel showed that it cannot be done in general if n > 4. A few years later E. Galois revealed the group-theoretic reason for that impossibility and gave a satisfactory criterion as to when it can be done. The simplest Tschirnhausen transformations are obtained by translations: (2.3) If n has an inverse in R then a translation by a,/n is used to produce a

The fixed subring

39

polynomial m = tn + b 2 tn -

2

+ ... ,

with second highest coefficient O. This technique is well known from highschool algebra. Thus our treatment of quadratic equations works over any field in which 1 + 1 i= O. But if R is a field in which

1+1=0 (i.e. a field of characteristic 2) then pure equations are inseparable so that there can be no Tschirnhausen transformation of (J.lOa) into a pure equation in case

However, the dilatation

'1=ai 1 e

(2.4)

leads to the simplified form (Artin-Schreier normal form)

'12

+ '1 + b2 = 0,

(2.Sa)

with (2.Sb) Just like the pure monic polynomial it depends only on one parameter, viz. b 2 • If we apply a translation now, say, (2.5c) then the second coefficient stays I, but the last coefficient is modified by the summand a 2 + a:

,2 + , + b

For example over R

= 71/271

2

+ a 2 + a = o.

(2.Sd)

we have the pure normal form

x 2 =0,

(2.6a)

and the following Artin-Schreier normal forms

x 2 +x + I =0,

(2.6b)

x 2 + X = 0,

(2.6c)

which is irreducible, and

which is reducible. For equations of Sth degree defined over a field R of zero characteristic there is the Bring--}errard normal form [7] XS -

x

+a=

°

(2.7)

which can be obtained upon adjunction of specified radicals of degree < S for any 5th degree equation even if it cannot be solved by radicals. D. Hilbert

The group or an equation

40

analyzed the question how many coefficients at, a 2 , ••• can be transformed into 0 for given degree n [6]. But in general the question which normal forms can be devised for equations of degree n> 6 after 'trivial' adjunctions (any adjunction of degree < n) and a suitable Tschirnhausen transformation and how to construct them, is still unsolved. E. Galois's approach to the task of solving an algebraic equation is radically different, as we shall see. 2. Normal forms of monic quadratic equations over 7L Thirdly, we remark that our treatment of monic quadratic equations yields the following normal forms for R = 7L after suitable translations:

I. Inseparable equations: (2.8a)

I I. Separable equations: (a) x 2 (b)

4= 0

-

d

if d == 0 mod 4,

I-d x + -4-

x2 -

}

(2.8b)

if d == 1 mod 4.

We observe that d = dU) is invariant under translation and that the corresponding factorizations are

f

I. II.

= t2

(a)

f =

(t - ~t)(

(b)

f

(t - (I

=

t

(2.9a)

1

+~;)

+ dt )/2)(t -

(1 - dt )/2).

(2.9b)

J

Reducibility occurs if and only if d is a square integer. It turns out that the discriminant is the perfect invariant in the case of quadratic equations over 7L. 3. Idempotents Fourthly, in discussing quadratic equation rings we discovered the important role played by elements e of a (commutative) ring R satisfying the conditions

(2.10) They are said to be the idempotents of R. The Peirce right-decomposition holds:

= ex + (x - ex),

(2.1Ia)

= ex = (ee)x = e(ex),

(2.11 b)

x

with first component XI

41

The fixed subring

characterized by the property (2.llc) and second component (2.11d)

x 2 = X - ex, characterized by

eX2

(2.1 Ie)

= 0,

since indeed

e(x - ex) = ex - eex = ex - ex = 0. Namely, if with summands

X I ,X 2

satisfying (2.11c), (2.1 Ie), then we have

ex = ex,

+ eX2 = ex, = x,.

Now all the first components form the right-ideal (2.1 H)

RI=eR and the second components form the right-ideal

R2

=

{x - exlxER}

(2.l1g)

so that

R,nR 2 =0,

R,+R 2 =R.

Similarly R is represented as the direct sum of the two left-ideals R'I = Re,

R~ = {x -

xelxER},

(2.11h)

derived from the Peirce left-decomposition x = xe + (x - xe).

(2.11 i)

In case the idempotent e is a central idempotent, i.e. an idempotent commuting with all elements of R we obtain the Peirce decomposition (2.11 a), (2.11 i) where xe = ex and the presentation (2.11j) of R as the direct sum of the two ideals

R, = eR

=

Re,

R2 = {x - xelxER} = {x - exlxER}.

Which conclusions can we draw regarding the structure of R? Because of the directness of (2.llj) it follows that (2.11k) Thus, for every element x of R there is a unique presentation in the form X=Xj +X2

(xjERj,i= 1,2).

(2.1l!)

42

The group of an equation

Writing

x = (Xl' X 2 ),

(2.1 1m)

we have component wise addition: (Xl' X2)

+ (Yl' Y2) = (XI + Yl, X2 + Yz)·

(2.11 n)

Moreover, we have also componentwise multiplication: (Xl' XZ)(YI, Yz)

= (XIYI' XZY2)'

(2.110)

Conversely, if R l , R2 are two rings and we deal with the elements (Xl' X2) of R = R I EB R2 according to the multiplication rule (2.110), then we obtain again a ring R into which R R2 are canonically embedded as ideals yielding " R as their direct sum. This ring is said to be the algebraic sum of the rings R l , R 2 • This type of sum formations of rings is commutative and associative in the same sense as it is in module theory. If R is unital then we have

where of course

IR,IR2 = IR21R, = 0, I~, = I R, (i = I, 2). Two idempotents e l , ez of a ring are said to be orthogonal if ele2

= 0 = e2e l ·

The sum of two orthogonal idempotents is an idempotent:

+ e2)2 = ei + e l e2 + e2el + e~ = e l + ez, implying e + e 2 #- O. (e l

0 #- el = ej(e j

+ e2)

j

Conversely, if for two idem po tents e, e j one has

then e - e l =:e 2

also is an idempotent, the two idempotents e j , e z are orthogonal and their sum is e. An idempotent is said to be primitive, if it is not the sum of two orthogonal idem po tents. Commuting distinct primitive idempotents e j , e2 are orthogonal. This is because of e j e2

= e2ej,

ej

= (e j

- e j e2)

+ e je2,

e2

= (e2 -

e l e2)

+ e l e2'

(2.12a)

If e l e2 #- 0 then the primitivity of e j,e2 requires that e l - e1e2 = 0 = e2 - e1e2, hence el = e2 contrary to assumption. Therefore e1e2 = e2el = O. If el, e2,"" es is a maximal set of commuting pairwise distinct primitive idem po tents then any finite sum of some of them, but without repetition, is

43

The fixed subring

also an idempotent and the 2' - 1 idem po tents e thus obtained are the only ones commuting with each ej (I ~ i ~ s). If the ring R is unital and if 1 is the sum of primitive idempotents of the center C(R) of R (primitive central idempotents)

+ e2 + ... + e"

1 ~ el

then the 2' - 1 non-repetitive sums over the e j are the only central idempotents of the ring R. Otherwise there are infinitely many idempotents; as a matter of fact there is a sequence of central idem po tents e l , e2,'" for which (2.l2b) and hence there are infinitely many (pairwise) orthogonal idempotents, viz.: (2.12c) Thus the behavior of central idempotents under multiplication, complementation and addition of orthogonal idempotents reflects the behaviour of the ideals which they generate under intersection (multiplication), complementation and direct addition in as much as for any two central idempotents e, e' of R we have one of the following five alternatives: e = e'e = e': eR = e'R = eReR, ee' = e of- e': e'R = eR ee' = e' of- e:eR = e'R

+(e' -

+(e -

e)R

(2.13a) eR,

(2.l3b)

e')R::J e'R,

(2.l3c)

ee' of- e,ee' of- e',ee' of- 0: 0 c ee'R

::J

= eRne'R = eRe'R,

+(e - ee')R, ee'R c e'R = ee'R +(e' - ee')R, eR + e'R = (e - ee')R +ee'R +(e' ee'R

c

eR = ee'R

0:

}

(2.lJd)

ee')R,

O,}

ee' = eRne'~ = (e + e')R = eR + e'R.

(2.13e)

Note, if the ideal [0/2]:= {XE R 12x = O} is 0, then e + e' is idempotent if and only if e, e' are orthogonal. More generally speaking, any finite set X of distinct commuting idempotents {el' e2, ... , e,} generates under the operations: join ee' to the set if 0 of- ee', e of- ee', e' of- ee' and if ee' does not yet belong to the set; join e - e' to the set if ee' = e' of- e alld if it did 1I0t yet belollg to it; joill e + e' to the set if ee' = 0 alld if e + e' did 1I0t yet belollg to it;

(2.l4a) (2.l4b) (2.l4c)

another finite set X of at most 7,-1 idempotents containing X as a subset and closed under (2.14a-c) (proof by induction over s). Thus we see the importance of idempotents for structural investigations. Let us give two examples.

44

The group of an equation

4. Idempotents and factorization of polynomials Suppose we find an idempotent e ¥- II f of the equation ring A = R[t]1 f R[t] of a monic non-constant polynomial f over the unital commutative ring R. Which advantage can we get for the factorization of f? By assumption we have the decomposition

lA=el+e 2

(2.15a)

of 1A into the sum of the orthogonal idempotents

el=e,

e2=IA-e.

(2.l5b)

Hence, e l =g.lf,

e z =9zlf (gl,gzER[t],deg(gj) 1. Suppose we discover an idempotent residue class e of R = 7l.IN which is not liN. What does it mean in terms of a factorization of N? As above we have (2.l5a), (2.l5b). Hence e l = glIN,

e2 = g21N, 1 = gl + g2 (gjE71.; i = 1,2), Nlglg2' Nigi (l - g.),

(2.l6a) (2.l6b) (2.l6c)

Njgl;

and conversely. However, now we can form

fl =gcd(N,g.), f2=gcd(N,g2)'

(2.16d)

45

The fixed subring

and find that (2.16e)

NI!d2 91 = XI!I'

92 =

X2!2,

(2.I6f) (2.I6g)

I=xdl+xd2, gcd (fIJ2) = 1,

I 0, R a unital commutative entire ring (or R = Ro[a o, ... , all' bo, ... , bm ]). Output. Res (A, B)ER and polynomials X I> Y, ER[t] satisfying (3.3ge), respectively (3.38b). Step 1. (Initialization). Set Res(A,B)O, I";;

distinct prime numbers; i,,;; s),

(5.17)

The group of an equation

78

m:= gcd (m, q -

1).

(5.18)

Then the first step is the construction of an extension E over IF q of degree m. It is based on the knowledge of a primitive root w of IFq. (5.19)

Proposition.

Let w be a primitive root of IFq' Then E:= IF q[t]/(t m- w) IFq[t] is an extension of IFq of degree m. Proof We note that IFq contains a primitive mth root of unity, say (m' Hence, any extension of IFq containing one root of tm- w does contain all roots of that polynomial. We conclude that every irreducible factor of tm- w in IFq[t] has the same degree, say k. Let g(t)EIF q[t] be such an irreducible factor. Its constant term is of the form w k/",(;, for a suitable integer v. On the other hand it must be in IF q and therefore be representable in the form w lt (;, for an appropriate exponent 11. Hence, w = W/,m/k and because of klml(q - 1) we obtain m= k. 0 In the second step an extension E of degree p of the finite field IF of characteristic p is constructed. For this purpose we study the Weierstrass mapping for rings R of characteristic p, denoted by p because of the surprising connection between elliptic function fields of characteristic 0 and of characteristic p which was discovered in this century. It is defined by p

p

= p : R -> R: x f-+ x P - x,

(5.20a)

and is an R + -endomorphism because of

p(x + y) = (x + y)P - (x + y) = x P- x + yP - Y = p(x) + P (y) (5.20b) for all x, yE R. If R is unital, the prime ring of R ( = {m· 1R ImE;E}) belongs to the kernel of p . If R is also an entire ring, then the elements of the prime ring are the only elements of R which lie in ker (p). Hence, in case of R being a finite field IF of q = p. elements we find that p (IF) is a submodule of index p in IF+:

(5.20c) At least one of the n elements w, w 2 , ••• , w· (w a primitive root of IF) is not in p(IF). For eEIF with e¢p(lF) the extension

E:= IF [t]/W - t - e)

(5.20d)

is of degree p over IF. To prove this we make use of the theorem of ArtinSchreier:

Finite lields

79

Theorem (5.21) Let F be a field of prime characteristic p and let E be a normal extension of F of degree p. Then there exists an element '1EE such that

E = F('1)

(5.21a)

e:= '1 P- '1 EF,

(5.21b)

erl p (F).

(5.21c)

Conversely, given eEF, the polynomial f(t) = t P- t - eEIF[t] either splits over F or is irreducible. In the latter case a root '1 of f generates a cyclic extension E = 1"('1) over I" of degree p. Proof The proof is done in several steps. (i) We show that TrE/F({J) = Tr ({J) = 0 for {JEE, if and only if there is an element rxEE such that {J = rx - (1(rx), where (1 generates the cyclic group Aut (E/ F) of order p. (This ~ a special case of the additive version of Hilbert's Theorem 90.) For each {J of the form {J = rx - (1(rx) the trace vanishes:

Tr({J)

=

P

P

i= 1

i=1

L (1i({J) = L «(1I(rx) -

(1i+ 1(rx)) = (1(rx) - (1P+ 1(rx) = o.

Conversely, we assume Tr ({J) = 0 for some {J E E. Since the trace bilinear form is non degenerate «3.21a-c), (3.22a, b)), there exists YEE with Tr (y) #- O. Define rx by

to obtain Tr(y)(rx - O"(rx» = {JTr(y). (ii) We show the existence of '1EE subject to (5.21a-c). Since Tr( - 1) = 0 because of characteristic p, there exists '1E E such that (1('1) - '1 = 1 by (i). This implies (1i('1) = '1 + i (1 ~ i ~ p), i.e. '1 has p distinct conjugates. Therefore, we obtain [F('1):F] ;::: p, hence E = 1"('1). Furthermore,

(1('1 P- '1) = (1('1)P - (1('1) = ('1 + l)P - ('1 + 1) = '1 P- '1, i.e. the element e:= '1 P - '1 is fixed under (1 (and therefore under Aut (ElF» and must be in F. Finally, to prove (S.2Ic) we note that in case of eep(F), say = p('), we would have that '1 and, would differ only by an element of ker(p) c I" which is of course impossible. (iii) Let f(t) = t P- t - eEF[t] and '1 be a root of f. Then also '1 + i

e

80

The group of an equation

(l ~ i ~ p) is a root of f. Hence, the roots of I are all distinct and if one of them belongs to F they all do. For the rest of the proof we assume that I has no root in F. We show that I is irreducible in that case. For any gEF[t], gil, deg(g) ~ I we consider the coefficient of g of the power tdeg(g)-I. It is a sum of terms - (1'/ + i) for precisely deg (g) different integers i (I ~ i ~ p), hence it is of the form - deg (g)I'/ + k for some integer k (I ~ k ~ p) and does not belong to F, proving t~e irreducibility of I. All roots of I lie in E:= F(I'/), and they are all distinct. Therefore ElF is a normal extension of degree p. Its (cyclic) Galois group is generated by the automorphism a: 1'/1-+ 1'/ + 1.

o

In the third and last step we construct an extension E of IF = IF q of degree

p, where p i= p is a prime number not dividing

q - I (especially

p is not 2).

Let d be the order of q mod p so that pnd

== I mod p,

pni

¥= I mod p for I ~ j < d.

(5.22a)

Then there is an exponent v ~ I such that pnd

== I mod pV,

pnd

¥= I mod pV+ I.

(5.22b)

Using induction and the methods of the first two steps we construct an extension E 1 of IF of degree d over IF. It contains a primitive pVth root of unity, say (I' By construction (5.22c)

is an extension of degree p of E 1• We know from elementary number theory the existence of an integer j of order ¢(p'') modulo p"+ 1 (¢ is Euler's function, see section 12 and chapter 5 (4.5». Now it follows from cyclotomic theory (section 12) that the polynomial

Ip.• (t):= is irreducible of degree

bl (t - :~: (i'i+ hj being the product of all irreducible monic polynomials of degree ; dividing f. The hj are computed in the following algorithm.

(5.26)

Equal-degree factorization off

*

Input. f Elf q[t] monic, separable, non-constant with f(O) O. Output. hjElFq[t] (l ~; ~ deg(f» such that hj is the product of all irreducible monic polynomials of degree; over IFq dividingf. Step 1. (Initialization). Set hj 0) such that ord (xl R X) =.pl' (i.e. x p" E R, x p" - I ~ R). Conversely, if R is of prime characteristic p > 0 and A is a non-trivial extension of R with the property that ord(xIRX) is a power of p for every non-zero element x of A then A is a non-trivial purely inseparable extension ofR.

Proof Let A be a purely inseparable extension of R then every element x of A not in R has inseparable minimal polynomial mx over R. Since mx is irreducible it follows that gcd (D,(m x), mx) = I in case D,(mx) #- O. Thus from the inseparability of mx we conclude that

96

The group of an equation

hence the characteristic of R is a prime number p > 0 and A

L ajtP(A-j)

mAt) = t PA +

j=

1

(AEZ> 0, ajE R, 1 ,,; i ,,; A).

Hence,

But since every element of A which does not belong to R is inseparable over R it follows by repeated substitution of x P for x that

mx(t) = tp"

+ a"

and

pI' = ord (xl R X).

Since there is at least one element x of A not belonging to R it can be assumed without loss of generality that

mx=tP-a,

aER\

ord(xIRX)=p,

x¢R\

hence

R is imperfect. Conversely, if X(R) = p > 0 and A is a non-trivial extension of R with the property that ord (xiR X) = pI'

(It

= It(X)EZ>o, 0", xEA),

then we have

a = x p" ER x , for all x of A

X •

mx = t p" - a,

D,(mx) = 0

Hence, Sep (AIR) = R, A is purely inseparable over R.

Corollary

0 (7.27)

The degree of a finite purely inseparable extension of an imperfect field is a power of the characteristic. Corollary

(7.28)

In any extension A of a field R of characteristic p > 0 the elements of A x with p-power order modulo R x and 0 form a purely inseparable extension RP -", n A of R, the maximal purely inseparable extension of R in A.

Exercises I. Let AjR be a field extension of the field R of characteristic p. Show that

R:= Sep (Aj R)(R P - '" n A) is the maximal algebraic extension of R in A and that there holds the R-module isomorphism

97

The Lagrange resolvent

2. Prove: If a minimal splitting field A of the monic non-constant polynomial f over the field F is not a normal extension, then 1. X(F) = p > O. 2. F is imperfect. 3. f is divisible by an inseparable irreducible polynomial over F. 4. A is normal over FP - 00 n A = AAUI(A/F).

5. Sep(A/F) is separable over F such that Aut (i\j F) Sep (i\j F) = Aut(Sep (i\j F)/ F)

~

Aut (i\j F).

Conversely, if A is a finite extension of the field F with the property that the fixed subfield of Aut (i\j F) is a proper extension of F then A is a minimal splitting field of some monic non-constant polynomial f over F, and f has property 3.

2.8. The Lagrange resolvent E. Artin's interpretation of Galois theory as study of the action of a finite group G (viz. the automorphism group of E over F) on a normal extension E of a field F, was anticipated in the cyclic case by about 200 years by J. Lagrange. He considered 'operators' x=

L A(h)h :f: 0

(..1.: G -+ F),

(8.1)

hEG

which is to say he used elements of the group algebra FG of Gover F with the property that FGx~

(8.2)

Fx

For such operators we have gx

= I/I(g)x

(gEG)

(8.3)

when the mapping I/I:G-+F

has the properties of a proper representation of degree lover F: I/I(g) :f: 0,

I/I(gh)

= I/I(g)I/I(h)

(g, hEG).

It follows that the I/I-image elements form the finite subgroup I/I(G) of we saw in section 5 any such group is cyclic: I/I(G)

= 0

implies that F(IJ) is purely inseparable over F, hence

F(IJ) ~ F

(8,13)

(compare (7.25) and (7.26». (8.12) is trivial. (b) An element '1 of E of prime order m modulo F X satisfies the separable equation

IJm - a = 0,

(8.14)

with some non-zero element a of F x. Hence the minimal splitting field of m~/F is a normal extension E2 of F containing at least one element'l' i:-IJ satisfying 'l'm - a = 0, and'l' = ''1, where, is a primitive mth root of unity of E 2. Now E2 also is a normal extension of the subfield EI = F(O. For any F-automorphism a i:- id E2 of E2 we have a(lJ)m = a(lJm) = a(a) = a, a(a(IJ)IJ-I)m = I, a(lJ) = ,klJ (0 ~ k < m), hence E 1 ('1) already contains all E2/E I-conjugates of '1, hence

E2 = EI ('1),

am(lJ) = '1,

am = id E2 ,

a is of order m (because of mEiP», hence the polynomial t m - a is irreducible over E I' A fortiori, it is irreducible over F. If t m - a is reducible over F, then ijEE I. We observe that EI is a minimal splitting field of the separable polynomial t m - I, hence E I is normal over F. The automorphism group of E lover F is Abelian because for any two automorphisms ai' a 2 of EI over F we have ~j(,m)

= aj(om = 1, aj(') = 'Vi (VjE£:, i = 1,2), a 1a 2(') = a 1W2) = WI)"2 = a 2a l (O.

(8.15)

The Lagrange resolvent

101

The subfield F(q) of the abelian extension F(O is normal. It contains at least one element 1]' =1= q satisfying lJ,m - a = 0, hence (I]'q -I)m = 1, '1' = ('q for some vE.l', mlv, hence (EF@, F(q) = F(O. The group of the equation (8.14) is a regular permutation group of its roots (those are easy to understand terms of applied Galois theory explained in section 9), hence 1 < [F(q):F] 1m, [F(q):F] = m,

because m is a prime number. But on the other hand F(q) = Fm, [F«(): F] < m because ( satisfies the equation (m -

1

+ (m - 2 + ... + 1 = 0

(8.16)

of degree m - 1. Since this is a contradiction we conclude that the polynomial t m - a is irreducible so that 1, q, ... , qm- 1 form an F-basis of F(I]). Set q = '1. For any radical element 1]' of F(IJ) of prime order m' modulo F we show as above that F(IJ') is an intermediate extension of F of degree m'. Because of the degree theorem it follows that m = m', F(I]) = F(I]'), X

m-\

'1':=

L

. 1. i lJ i

(jE.l'>0,jE/F,n is a normal extension of F and that E contains a primitive eth root of unity C. (b) Moreover, if Cbelongs to F then the F-automorphisms (J of cf>E/F,n are uniquely determined by their action on the generators of SE,F,n and we have

The Lagrange resolvent

\03


-0

(aER,j1E£'.~)

over R. h~~~

~~

All purely inseparable elements of A over R form a unital subring R P- n A of A containing R. 00

Proof If x is in R then we have

°=

x po - x

=x

- x

so that x is purely inseparable over R. For any two purely inseparable elements x, y over R we have equations x p" -a=O,

yP' -b=O,

pll'a=O,

pV'b=O

(a,bER;j1,v,j1',V'E£'."'o).

The identity

is used for sufficiently large exponents A. to produce only terms

. A . ( pA) i XlyP - I (0 ~ i ~ pA) on the right which are already in R. This is always true if i is divisible by pmaX(Il,V). If i is not divisible by pmax(I',v)

118

The group of an equation

then we use the fact that p), divides {

~),) (see exercise 5). Assuming already

that A> max(Jl, v) we know that either require even

Xi

or yP'-; has a factor in R. Now we

A> max (Jl, v) + max (Jl', v') and conclude that

(Pi),)X i/ ' ; = O. Hence x

+ y is purely inseparable over R. The same is true for xy because of

Thus proposition (9.20) is demonstrated.

D

Corollary

(9.21)

(W- nA)P- nA = RP- nA. oo

OO

oo

The overring A is purely inseparable over R if every element of A is purely inseparable over R. Proposition

(9.22) If R is algebraically indecomposable thim also any purely inseparable overring A of R is algebraically indecomposable.

Proof This is because any idempotent e of A satisfies an equation

eP" -a=O with a in R so that

e=e P" =aER.

o

If R is a field then R is a field of prime characteristic p. Definition

(9.23)

The equation (9.2) is said to be purely inseparable over the ring R if the universal splitting ring S(f I R) is purely inseparable over R. From Proposition (9.22) it follows that the group of a purely inseparable equation of degree n over an algebraically indecomposable unital com-' mutative ring R of characteristic p. (VEZ>o or v = (0) is 6 •. For example, any polynomial of the form

f(t)

= TI W s

i= 1

",

ai)

The group of an equation

119

leads to a purely inseparable equation (9.2) over R. If R is a field of prime characteristic p then this is the only possibility. A field R of characteristic p was defined to be perfect if every element of R is a pth power. For such fields R itself is the only purely inseparable extension of R. In general we form the purely inseparable extension RP- oo of R consisting of all symbols -, aP (aER, AEl';'o), with operational rules given by - A

-11

A

Jl

aP = bP ~aP = bP aP· ' + bP-· = (aP" + bP't-' -., aP-'bP-· = (aP"bP'Y-'-·, with identification rule for the new symbols

,

-,

aP = b~bP = a and pth root operations given by -1

(a P t

-1

-A-I

= aP

(a,bER; A,Il El';'o)

as the smallest perfect extension of R which is embedded (up to isomorphy) as subfield into any perfect extension of R. For any finite extension E of R we have the maximal purely inseparable subfield

EnRP- oo

= {xEElxP'ER}

where pV is the greatest p-power dividing [E:R]. We also form the subfield p":= {XP'yIXEE,YER}

as the smallest subfield X of E with the property that E is purely inseparable over X and X contains R. We observe that E is separable over En W and that p' is separable over R, moreover EnRP- oo nEP' = R, 00

5. Transition to overrings We generalize a remark of C. Jordan to

(9.24) Upon transitionfrom any algebraically indecomposable unital commutative ring R to an algebraically indecomposable unital commutative overring A the group of the equation (9.1) changes to a subgroup. Proposition

Proof The decomposition (9.5) of the universal splitting ring S(f /R) of f over R into the algebraic sum of indecomposable subrings gives rise to the decom-

The group of an equation

120

position s

S(f/A) = S(flR)®R A = ffiejS(flA) j=

(9.25)

1

of the universal splitting ring S(f / A) of f over A into the algebraic sum of subrings ejS(f /A) that are conjugate under the permutation automorphism group

6 •. A = 6 •. R ®R 1A' and that can be refined into the algebraic sum of algebraically indecomposable subrings:

ejS(f/ A) =

m

ffi eijS(f/ A), j= I

where the eij are the primitive idempotents of S(f / A). It follows that 6 •. A restricts faithfully to 6".R on S(f / A):

6".A IS(flR) = 6".R' Hence e I ' ... ,es form an 6".A -orbit. The equations ejje j = ejj, eijek = 0 (\

~j ~

m, i"# k)

imply that the 6".A -stabilizer of ejj fixes ej so that Stab (eu/6 •. A)ls(fIR) s Stab (eJ6".R)'

o

6. The principal equation of the universal splitting ring In order to apply the criterion (9.24) we first study the principal equation

of an arbitrary element e of the universal splitting ring S(f /R) of the monic polynomial (9.3) over R. The polynomial P~/R of R[t] is defined as the characteristic polynomial of the regular representation

.!

eb j =

L (XjkWb k k=1

(I ~ i ~ n!),

where b l , •.. , b,,! is an R-basis of S(f/R), for example we may take the standard basis defined in section 1.

Proposition

(9.26) P~/R(t) =

fl nEGn'

(t - n(m

(eES(f/R)).

121

The group of an equation

Proof By the 'generic argument'! Let d' [ X\ , ... , x"' y" Iv = (v \ , ... , 1',,), 0 ,,;;

A=

I' j

< i, 1 ,,;; i ,,;; II] (y,,:=

y~ I

...

y;;")

be a polynomial ring in n + n! variables over d'. Form

n

J(t)= " (t-xJ=t"+a\t n -\ + ... +an (ajEd'[x\, ... ,x,,],l ";;i";;n). j= \

Let R=d'[a\, ... ,ii",y,,1

O";;vjO) such that d(f)vYER.

Clearly p ~ p*. If XEP* (') R, then there is a positive number /J for which

The group of an equation

128

d(f)" XEp. Since by assumption d(f)¢p it follows that XEP from the prime ideal property of p. Hence p*nR = p.

(9.38)

If YER*, zER*,

y¢p*, YZEP*,

then there is a natural number v for which

d(f)"YER, d(f)VZE R,

d(f)vYZEP,

d(f)"yd(f)"ZEp. By assumption

d(f)"y¢p, hence

d(f)VZEp because of the prime ideal property of p, hence ZEP*. It follows that p* is a prime ideal of R*. We form

N = (d(f)/p)-l in .Q(R/p). Now the elements

et

= N"!/2 I

(d(f)"!/21J.;y/p)y

YEX

of S(f /.Q(R/p)) are orthogonal central idempotents conjugate under G". They are also contained in S((f/p*)/(R*/p*)). Hence the group of the equation

flp.Q(R/p)(x)

=

0

is contained in an G,,-conjugate of the group of the equation

f/p*(x)

= 0,

(9.39)

and the group of the equation (9.39) is contained in an Gil-conjugate of the group of the equation (9.1) over R*. 0 The van der Waerden criterion is chiefly applied in case the residue class ring R/p is finite. In that case it is a finite field.

Proposition (9.40) The group of a monic separable equation (9.1) of degree n > 0 over a finite field R of q elements is a cyclic subgroup of G" generated by a permutation of type s·

n=

L n; ;= 1

when n 1 , n2 , ... , ns· are the degrees of the irreducible factors off over R.

129

The group of an equation

Proof Let e 1 , ... , es be the primitive idempotents of S(f /R). Because of the separability of f it follows that e 1S(f / R) is a finite extension of e 1 R and that the group of the equation (9.1) is isomorphic to the automorphism group of e1S(f/R) over elR which is cyclic. In fact, it is generated by the Frobenius automorphism raising every element of e 1 S(f/ R) to its qth power. Hence there is an element 1£ of 6" such that it(ed = e 1, (9.41 a) Let s'

f= nfj 1

(9.41 b)

j=

be the factorization of f into a product of distinct monic irreducible polynomials of R[t]. Since in e1S(f/R) there holds the factorization

n (t - e1xk) /I

etf(t) =

(9.41 c)

k=l

it follows after suitable renumbering of e1x1, ... ,e1x/I that /I,

etfl(t) =

n (t -

e1x k),

k=l

etf2(t) =

n k=/I' "I

+n2

(t - elxd,

+1

n /I

et!s,(t)=

(t-elxk),

k=n-Jls '+ I

iiie 1 Xk

= e 1 xl = e 1 Xk + i

(0 ~ j < nj, k = C~j n + 1} g)

hence it permutes the root projections as a product of cycles of length nl, n2"'" ns ,·

The permutation automorphism ii permutes

Xl"",X/I

since we have

o 9. Application of the van der Waerden criterion. A theorem of Cebotarev The van der Waerden criterion is a powerful tool for determining the group of a monic separable equation (9.1) over R = 71. In order to apply the test we choose prime numbers p and factorize f modulo p into a product of irreducible factors in accordance with the methods of section 5. If multiple factors occur then pld(f) and we cannot apply the

The group of an equation

130

r

criterion. Otherwise p d(f) and we obtain a congruence factorization s'

f ==

n fi

i~

mod plf[t],

1

where fl"" ,fs' are monic polynomials over If that are distinct and irreducible mod plf[t]. In each case we find that the group ofthe equation (9.1) interpreted as subgroup of 6" contains a permutation with cycle decomposition of type n = degfl

+ degf2 + ... + degfs"

This knowledge is cumulative in the sense that the number of possibilities for the group of the equation decreases as one finds new patterns of cycle decompositions. The great number theorist and mathematician N. Cebotarev showed in 1927 that the knowledge we gain by repeated congruence factorizations of f also is cumulative in a deeper way [3]: Denoting by A(n" ... , ns " x) the number of times that the congruence factorization modulo a prime number p :::; x yields the partition

(n(x) the total number of prime numbers :::; x) then A(n l , ... , ns" x)/n(x) determines a frequency that converges for x -+ 00 to the frequency of permutations of the cycle decomposition type (9.42) in the group of the equation (9.1). A proof of this theorem which is capable of even sharper formulation shall not be attempted here. Error estimates exist, but are not yet sharp enough to compare with actual number theoretic testing.

(9.43)

Example We consider a cubic equation f(x) = 0

for f(t) = t 3 + a l t 2 + a 2 l + a 3

over If with d(f) # O. We have four possibilities for the group of the equation which were listed already at the end of the first subsection. The group specific frequency distribution is as follows:

no.

group G

order

III 3

2 3

C2 = 0

with the exception of the partition

n=I+I+···+1 which is indicated as 1; also we write the frequency in front so that t x 2 means that half of the group consists of 2-cyc\es. For example for f(t) = t 3 - t - 1 we obtain the factorization:

p

congruence factorization mod p

partition type

2 3 5 7 11

irreducible irreducible (t - 2)(t 2 + 2t - 2) (t + 2)(t 2 - 2t + 3) (t + 5)(t 2 - 5t + 2) irreducible (t - 5)(t 2 + 5t + 7) (t - 6)(t 2 + 6t - 3) (t - 3)(t - 10)2 irreducible irreducible (t - 1O)(t 2 + 13t - 17) irreducible (t - 1O)(t 2 + lOt + 13) irreducible (t + 16)(t 2 - 16t - 10) (t - 4)(t - 13)(t + 17)

3 3 2 2 2 3 2 2 - (23 = - d(f)) 3 3 2 3 2 3 2

13 17 19 23 29 31 37 41 43 47 53 59

If we know d(f) (i.e. that d(f) is a non-square) then already the first test shows G = 6 3 , Not knowing d(f) we see already after three steps that G = 6 3 , The frequency up to 59 is distributed 7:8: 1 in favor of 3,2, I,excluding d(f) = - 23. For n = 4, 5 the simple criteria mentioned above suffice to guess the unknown group G after a few trials, in accordance with the following table:

132

The group of an equation

I. d(f} square, f has no linear factor

degree

II

4

5

(9.44)

cycle isomorphic comments to orderlGI distribution ------------------.------------------------2+ 2 I x I + I X 22 2 «12)(34» C2 3-impr. I x I + 3 X 22 4 C2 X C2 1B4 I x I + 3 X 22 + 8 x 3 '2(4 2-trans. 12 I x I +4x5 prim. 4 B is said to be the holomorph of A. Show that HoI (Cn) is isomorphic to the permutation group formed by the permutations (

Z

az+b

)

(ae U(lL/n), belLfn)

of the elements of lL/n. 2. The wreath product G l H of a subgroup G of 6 n and the group H is the group (OIH x 02H x ". x 8n H)

)O; 1 ~ i1 < i2 < ... < ir ~ n) be the orbits of length 1 of G then precisely the elements eXj" eXj2"'" ex j• are the roots of ef(t) in eF. Thus we know already that there must hold equations of the form eXj} = rxje (1 ~ j ~ r) where rx 1, rx2"'" ar are the roots of f in F. Only we don't know yet which particular elements of F they are. The principal polynomial of eXj j over eF is obtained in the form no

P

(t) = tn' l'Xi}

(mEZ>O;

+ I 1 b.tn!-i ;::::

I

OO) are the primitive idempotents of F[x I]' then

hj=f/gcd(f,gi)

(l~i~lT)

are mutually prime monic polynomials in t over F for which

f =

n" hi>

i= I

and we know that there exist equations

hi = Ii'

(ViEl'>o, I ~ i ~ IT)

withfi an irreducible monic polynomial in t over F. If IT > 1 then we obtain the full factorization of f over F by application of the induction assumption to hi (I ~i~lT). Now let IT= l. If D,hl i= 0 then we find that

fl =hl/gcd(hl,D,(hl))' Now let D,(hd = O. Hence the characteristic of F is a prime number p which divides n. It is determined by prime factorization of n and testing the equation qlF = 0 for each prime divisor q of n. Applying the root finder to the coefficients of hi we test the equation hi = jP

(jEF[t]).

If there is a solution then we obtain fl by application of the induction hypothesis to j. Otherwise we have plv l ,

= j I (tP), hl(t) = kl(tP), kl(t) = jl(ty', fl (t)

where jl is a monic irreducible polynomial in t over F. Applying the induction hypothesis to k I we construct it- Thus fl (t) = j I (t P) also is constructed. 0 3. Separable extensions of a constructive field with root finder

Proposition (10.4) If F is a constructive field with a root finder, then for every monic irreducible separable polynomial f in t over F also the finite extension E = F[t]1 f is a constructive field with a root finder.

139

A separable equation over a field

Proof It is clear that E is a constructive extension of F. If deg(f) = I then E = F has a root finder. Apply induction over deg (f). Let deg (f) > 1. Now let 9 be a monic non-constant polynomial in t over E. We want to decide whether 9 has a root in E, and if it has one we want to construct it. This is trivial if 9 is linear. Apply induction over deg(g). Assume that deg (g) > 1. The norm of 9 from E to F is a monic polynomial h of degree deg(f) deg(g) in t over F and 9 divides h in E[t]. Let h=TIi=lh; be a factorization of h into a product of irreducible monic polynomials in t over F. If d = gcd (h;, g) is a monic proper non-constant divisor of 9 then we test d and g/d according to the induction hypothesis. If one of them has a root in E then also y has one and we can construct it. If neither d nor g/d have a root in E then also 9 has no root in E. In either case we are done. It remains to discuss the case that for each h; either gcd (h;, g) = I or 9 divides hi' Hence, after suitable numbering, hi = h2 = ... = hj' hi =I h; (I < i::;; s), yl hi' I < deg(hl)' If y has a root IX in E then (t - 1X)lg, N E/F(t - 1X)lh, deg(Nli/f'(t -IX)) = deg(f), deg(hl)::;; deg(f) and hi must be separable. Assume that h I is separable of degree::;; deg (f). Now if deg (h I) < deg (f) then we have a root finder for the finite extension E I = F[t]/h; in accordance with the first induction hypothesis. Now E I is isomorphic over F to a proper subficld of E. Hence we can find a proper monic irreducible divisor fl of fin EI[t] such that E2=EI[t]IfI=EI[~]'

~=t/ft,

fl(~)=O,

fW = 0, deg(hddeg(fd = deg(f). Suppose this test is confirmed. Then E2 must be isomorphic to E and by the second induction hypothesis we decide whether the polynomial 9 in t over E2 has a root in E 2; and if it has one then we construct it. It remains to discuss the case that deg(hd = deg(f). We know that fh l is separable. We construct a primitive idempotent e of S(hl/F). Let Xl>'" ,X m be the standard root generators of S(fhdF) over F (m = deg(f) + deg(hd). If 9 has a root in E then there must be roots Xj, Xj such that f(exj) = 0 and Fisomorphisms

¢:F-+eF[ex;], ¢(A)=Ae (AEF), ¢(t/f) = ex;, g(ex j ) = 0, eX j = ¢(IX) for some IX of E. Hence g(lX) = O. Otherwise the decision is negative.

0

4. Primitivity test Definition (10.5) The extension E of the field F is said to be primitive if there is no field between

140

The group of an equation

E and F, i.e. for for every intermediate extension 'I' of F in E either 'I' = E or = F; F is the trivial primitive extension of F. If E is a non-trivial primitive extension of F then the extension E of F is generated over F by any element of E that does not belong to F:

'I'

e

(lO.Sa)

Definition (10.6) We say that the element of the extension E of the field F is a primitive element of E over F if (lO.Sa) applies.

e

Not every extension E with a primitive element over F also is a primitive extension of F. For example for F = Q, E = Q[t]/(t 4 + 1) we have E = F(e) (e = t/(t 4 + 1)), but there are 3 intermediate subfie1ds. Or, if E = F(~) is the rational function field in one variable over F then F(~2) is a proper intermediate extension i= F so that E is imprimitive. It follows that a primitive extension E of F must be finite. If it is not separable then F is of prime characteristic p and E = F(~), ~PEF, ~¢F.

e

Proposition (10.7) Let F be a constructive field with a root finder and let f be a monic separable irreducible polynomial of F[t]. Then the extension

E = F[t]1f = of F is primitive

F(~),

~

= tlf

if and only if the factorization s

f(t) =

f1 f;(t)

(/1 (t) = t - ~)

i= 1

of f into the product of distinct monic irreducible polynomials of E[t] has the property that the coefficients of any divisor of f d(t) = fl (t)fi2(t)··· fdt),

(1O.7a)

subject to the conditions

,

1 = il < i2 < ... < i, ~ s,

1 ~ r < s,

L ijldeg(/)

(1O.7b)

j= 1

generate E over F. Proof If there is a proper intermediate extension 'I' such that

Fc'l'cE then we have E = 'I'(~) so that the minimal polynomial d of ~ over 'I' is of the form (lO.7a) subject to (1O.7b), and conversely. 0 We remark that the primitivity of the separable extension E = F[t]/ f is

A separable equation over a field

141

equivalent to the statement that the group G of the equation f(x) = 0 over F considered as permutation group of the roots of the irreducible separable polynomial f is transitive and that there is no proper subgroup of G properly containing the G-stabilizer of anyone of the deg (f) roots of f. This remark made already by E. Galois became the motive for defining the concept of primitive permutation groups as outlined above. In case of feasible polynomial factorization algorithms we have seen how to reduce the solution of a separable equation to a sequence of separable irreducible equations each with primitive group. The properties of primitive permutation groups of finitely many letters have been researched extensively, but we are still far away from a full classification. Only for solvable primitive permutation groups a classification along the lines of C. Jordan's Traite des Substitutions and B. Huppert's thesis is feasible. For the convenience of the reader we present a table of the primitive permutation groups of six and seven letters: (10.8)

no.

number of permuted letters

notation of group

order

comments

360 60 2520 168 21 7

4-trans. 2-trans. 5-trans. 2-trans.

720 120 5040 42 14

6-trans. 3-trans. 7-trans. 2-trans.

-----

Even permutation groups 1 2 3 4 5 6

6 6 7 7 7 7

2(6

PSL(2,5)

21 7 PSL(3,2) Hol(G 7 )n2l 7 C7

~ 2(5

Odd permutation groups 7 8

9 10 II

6 6 7 7 7

66 PGL(2,5)

67 Hol(C 7 ) D14

~

65

Note: Hoi (G), the holomorph of the group G, is the semidirect product of G (as normal subgroup) with its automorphism group.

5. Permutation representations Before we go on with the analysis of the group verification task let us survey briefly the basic concepts on permutation representations in this subsection. Reference is made to H. Zassenhaus [18] and H. Wielandt [17].

142

The group of an equation

Definition (10.9) For any non-empty set S the bijections of S form the symmetric permutation group 6 s. We use as composition law ofn, n'E6 s the left-right application nn'(s) = n(n'(s)) (SES). A homomorphism (1O.9a)

of a group G into 6 s is said to be a permutation represeatation ofG over S (or of degree lSI given by the cardinality oj S). Thus there are just the conditions

to be met by

r. Two

r(gh) = r(g)r(h) (g, hEG),

(1O.9b)

r(lG) = ids

(1O.9c)

permutation representations, say (l0.9a) and (10.9d)

r':G-46 s ' are said to be equivalent:

(10.ge) if there is a I-I-correspondence (1O.9f) such that (l0.9g)

In other words equivalence of permutation representations amounts to a mere 'change of tag' of the permuted objects. It is reflexive, symmetric and transitive. The sum oJtwo permutation representations, say (1O.9a) and (10.9d), is defined as the permutation representation r

+ r':G -4 6 S0S':

(r

+ r')(g) = ng) + r'(g),

(10.1 Oa)

where the sums of two permutations nE6 s,

n'E6 s '

(10. lOb)

is defined as the permutation

(n + n')(a) =

{:~~~)

ifaES ifaES'

(1O.lOc)

of the disjoint union S 0 S' of the two sets S, S'. This addition of permutation representation satisfies the substitutional law: (l0.10d) It is also commutative and associative:

r + r' '" r' + r,

(r + r')

+ r" '" r + (r' + r").

(IO.lOe)

143

A separable equation over a field

Moreover, it satisfies the cancellation law

r + d ~ r' + d => r

~

r',

(1O.1Of)

so that the equivalence classes of permutation representations of G form a half-module. Each permutation representation (1O.9a) establishes the equivalence relation x~y G

(l 0.1 Og)

(X,YES)

on S that is defined by (1O.10h) i.e. 3gEG: g(x)

= y.

Note that for simplicity's sake we have used g(x) instead of r(g)(x) with operational rules: gg'(x)

We show that

~

= g(g'(x»

(g,g'EG; XES).

is indeed an equivalence relation.

G

Reflexivity:

X =

1GX => x G' x,

Symmetry: x G' y=>3gEG:y Transitivity: x G' y, y

= g(X)¢>3gEG:X = g-1(y)=> YG' x,

GZ => 3g, g' EG:y = g(x) =>3g, g' EG:Z

and

z = g'(y)

= g'(g(x» = (g'g)(x)=>x ~ Z. G

The equivalence classes of ~ on S are said to be the orbits of G acting on S via r or, simply, the G-orbits. G They provide a partition of S. If there is just one orbit then r is said to be transitive otherwise r is said to be intransitive. Each intransitive permutation representation (lO.9a) with finitely many orbits, say S l' S2'"'' S" is equivalent to the sum of the' transitive representations

r j: G -+ 6 s,: rj(g)(x) = g(x) (gEG; XES, 1 ~ i ~ r), r ~ r 1 + r 2 + ... + rr.

(lO.10i) (10.1 OJ)

Any transitive permutation representation is indecomposable in the sense that it is not equivalent to the sum of two permutation representations. The equivalence classes of permutation representations with a finite number of orbits form a half-module with the equivalence classes of transitive permutation representations as basis. For a given permutation representation (1O.9a) and an element x of S the elements 9 of G fixing x according to g(x)

=x

(10. 11 a)

144

The group or an equation

form the G-stabilizer of x, a subgroup of G variously denoted as

Gx = Stab (x/G) = {gEGlg(x) = x}.

(to.llb)

The G-stabilizers of G-equivalent elements, say x and y = g(x) (g some element of G) are G-conjugate:

Gy = gGxg- l . An example of a transitive permutation representation of a group G is provided by the left-action of G on the set (G/U)R of the right-cosets xU (XEG) of G modulo a given subgroup U: (to.llc) The G-stabilizer of the right-coset U is U. The G-stabilizer of the right coset

gU is the G-conjugate subgroup gUg- 1 (gEG). If (10.9a) is transitive then there is the I-I correspondence n: S 4(G/G x )R: yf--t {gEGlg(x) = y} for any fixed element x of S establishing equivalence with

r

~

r G,G,

r G,G x :

(XEG).

In other words, we obtain a full set of representations of the indecomposable equivalence classes of permutation representations of G by forming a representative set of the G-conjugacy classes of subgroups U of G and forming the associated transitive permutations r G,U' If U = I then we speak of the regular permutation representation r G.I which was derived earlier directly from the multiplication table of G. It is faithful, i.e. its kernel is I G so that G is isomorphic to the image r G,I (G). If U = G then we speak of the trivial permutation representation which maps every element of G on the identity permutation of a set formed by only one object. Its kernel is G and it is faithful only if G = I. The permutation representation (t O.9a) is said to be pl'imitive if it is transitive and if for every subset X of S consisting of more than one, but less than all elements of S there is an element 9 of G for which

o c g(X)nX c

X.

If it is not primitive then it is said to be imprimitive. In that case either r is intransitive or r is transitive and there is a partition of S into blocks of imprimitivity consisting of more than one but less than all elements of S such that the application of any element of G merely permutes the blocks. Such a partition is said to be a system of imprimitivity of r. The transitive permutation representation r G,U is primitive precisely if either U = G or U is a maximal subgroup of G. It is imprimitive precisely if there is a subgroup V of G intermediate to U and G: UC VcG.

A separable equation over a field

145

In this case the right-cosets of G modulo U belonging to the same right-coset of G modulo V form subsets of (G/U)R establishing a system of imprimitivity of r G,V' In fact, every system of imprimitivity of r G,V is obtained in this way,

6. Indicator method Let us develop another method of determining the group of an equation which is more efficient than the direct approach, The group of an equation is uniquely determined as an abstract group, But if the group of an equation is viewed as a permutation group of the n root generators of the universal splitting ring then it is only unique up to conjugacy under 6" so that it is more correct to speak of 'a group of the equation', Keeping this remark in mind let f be a monic separable polynomial of degree n > 0 over iQ, The application of the van der Waerden criterion yields a list of cycle decomposition patterns which must occur in any group G of the equation (10,1 a), Then we can establish a finite list L of non 6"-conjugate subgroups of 6" such that G is 6,,-conjugate to precisely one of the members of L. Among the members of L there is surely 6", But if d(f) is a square number then 6" ceases to be a candidate, actually 21" becomes the top candidate which must contain every other member of L. Assume now we have found already that G is contained, up to 6"-conjugacy in the member H of L. Without loss of generality we may assume that G£H,

Let L(H) be the subset of L formed by all those members of L which are 6"-conjugate to a maximal subgroup of H, but not 6"-conjugate to a nonmaximal subgroup of H, If L(H) is empty then we have G = H. Now let L(H) not be empty and replace every member of L(H) by an 6"-conjugate contained in H so as to yield a new list I.:(H) with the following properties: (a) Every member of I.;(H) is a maximal subgroup of H. (b) No member of L'(H) is conjugate to a non-maximal subgroup of H. (c) Every maximal subgroup of His 6"-conjugate to precisely one member of I.;(H).

If G c H then G is 6"-conjugate to a subgroup of some member J of I.;(H). Without loss of generality we may assume that G £ JEL'(H).

(lO.l2a)

Now we must test whether (lO.12a) applies or whether G=H.

(l 0.1 2b)

If (1O.12a) applies then we must be able to tell which member J of I.;(H) contains G and proceed with the same method replacing H by J until we

146

The group of an equation

reach the stage where (lO.12b) holds. This will always happen after a finite number of applications of the verification test. In order to carry out the test we need a generator system of the invariants of the permutation group H relative to a given subgroup J of H. Let

f(t) = t n + alt n- I

+ ... + an

(lO.13a)

be the 'generic' monic polynomial of degree n in t over the ring R

= ;E[a"

... ,anJ

of polynomials in the n variables a l , ... , an over ;E. Then the universal splitting ring of f over R is· the polynomial ring

A = S(f/R) = ;E[x" ... ,xnJ in the standard root generators of S(f /R) over R as polynomial variables over ;E. It gives rise to the factorization

n (t - xJ n

f(t) =

i~

(lO.l3b)

I

There holds the decomposition (1O.13c) over A into the direct sum of the modules Mi formed by the homogeneous polynomials of degree i in x 1>"" Xn over ;E. Thus Mi has the ;E-basis formed by the monomials (1O.13d) The group 6" of the permutation automorphisms of £

= Q(x I'"

.,

x,,) = O(A)

= S(f /Q(a l , .. ·, a,,)) has the fixed subfield

F=Q(a" ... ,a,,) with F-basis

n n

(lO.l3e)

"j

Xj

j~1

of £. The subgroup H formed by the permutation automorphisms if with n in H has the fixed subfield £H. Hence F = £Gn c £H c £ = £1.

According to the theorem on symmetric functions the monomials

a'l' .. ·a~"

(lljE;E~O, I ";;j";; n; .f J

~

1

Iljj =

i)

(I0.13f)

A separable equation over a field

147

in a l , ... , a" form a 1:-basis of Mi over R. A 1:-basis of A is obtained by mUltiplication of (10.13e) and (10.13f). What happens upon transition from 6", I, to H, J? The answer is given by

Theorem

(10.14)

(a) For any subgroup J of 6" the ring S(f/R)J of the fixed elements of A under the permutation automorphisms n of J splits into its homogeneous components

(10.ISa)

for MiJ

= S(f/R)J nM i.

(b) For any subgroup H of 6" containing J we construct afinite J-H-indicator set X J,II of homogeneous polynomials in Xl"'" X" over 1: with the following properties:

I.

(lO.ISb)

II. There is a natural number vJ,II such that for any element P of S(f / R)J there is a denominator vE.l>o with the properties that each prime divisor ofv divides VJ,II and that vP belongs to the ring generated by X J,II and S(f/R)II.

Proof (a) For any non-zero element y of S(f/R)J there is a unique representation of the form m

y=

2: Yi

(mE1:>o;YiEMi,O~i~m;y",#O).

(10.16)

i=O

For any element n of J we have m

y = ii(y) =

2: ii(Yi),

ii(yJEM i (0 ~ i ~ m).

i=Q

Due to the uniqueness of (1O.ISa)

ii(Yi) = Yi

(nEJ),

YiES(f/R)J

(0 ~ i ~ m).

(b) Any element Y of S(f/R)J is of the form Y --

'\'

~

A1'lll2"",'" Xl"1 xl"2'" xl' ..

O~::dlj(y) of S(f/C) over Care of the form "nl"

nll2

L., ""(1)·,,,(2)

... nil"

neJ

',,,(n)'

and the same is true up to the factor e for the roots of the principal polynomial of ecJ>(y) of eS(f/C) over ec' It follows that the absolute value is bounded by

IJI ( max l'1kl)I7= "". l~k~n

On the other hand, we have cJ>(Y)E IF p because of the assumption (1O.24d). We represent the elements of IF p by the least remainder R(a,p) of the rational integer a mod p. Suppose now that ecJ>y is a rational integer. Then we have the rough estimate

IrcJ>(y)1 ~ 111 (

is an H-module isomorphism that no ii-conjugate of cJ>(y) is a

A separable equation over a field

155

rational integer. Setting (II:J)

U nJ

H=

j~

1

it follows that for any rational integer b the elements e1t j(y) - b (I ~ i ~ (H: J» are the algebraic conjugates of e(y) - b and that their product is a rational integer which is non-zero in case J does not contain the group of the equation nor any H-conjugate of it. Similar to (1O.25a) we also have the estimate (1O.25b) Hence, if (1O.25c) then we have le1t j(y) -

I}J

(II:J)

bl ~ 2M 1,

I

(e1t j(y) - b) ~ (2M 1

r:

J ).

Suppose now that r(y) == b mod p,

then we find that r

(:ft)

Ibl ~ M 1>

b = R(b,p),

(e1tj(y) - b) ) == 0 mod

p, pi

:ft)

(e1tj(y) -

(1O.2Sd)

b).

Hence, if J does not contain the group of the equation nor any H-conjugate of it and if (1O.25c), (1O.25d) hold then we have the inequality

p ~ (2M

lr:

(1O.25e)

J ).

As an example let us study W. Trinks' equation [14]

x 7 -7x + 3 = O. The monic polynomial 7

fI (t -

f(t) = t 7 - 7t + 3 =

i~

1'/j)

1

is irreducible over IF 2 since f is not divisible by the irreducible polynomials t, t + 1, (2 + ( + 1, (3 + t + I, t 3 + t 2 + 1 of 1F 2 [t] of degree ~ 3. Hence f is irreducible over IF 2' The discriminant of the trinomial f is

d(f) = 6 6 '7 7 _773 6 = 38 '7 8 = (3 4 '74)2, hence the group off is even and contains a 7-cycle. The derivative

D,(f) = 7t 6

-

7

has two real zeros viz. 1 and - I. Sincef(l) = - 3,/( - 1) = 9,/( + 00) = + 00, f( - 00) = - 00 it follows that f has precisely three real roots by Sturm's rule, hence f splits over the real number field into the product of three linear factors say t - 1'/1> t - 1'/3' t - 117, and 2 quadratic factors, say (t - 1'/2)(t - 1'/4)'

The group of an equation

156

(t - '1s)(t - '16) with '12' '1s complex non-real and '14 complex conjugate to '12, '16 complex conjugate to '1s· The group of f over IR is generated by the double transposition (24) (56). Hence the group G of f over (]) contains a double transposition. Consulting the table of primitive groups of 7 letters we discover that either G = m: 7 or G = PSL(3, 2). And in the latter case G is generated by the double transposition (24) (56) and the 7-cycie p = (1234 567). In order to test the latter possibility we set

J=PSL(3,2),

H="l17'

X J ,II={Y}'

y=J(X I X2 X4 )·

We must test whether one of the six complex numbers 7

C=

L: '1,,(i)'1,,(i+ 1)'1,,(i+3) 1=1

('18 = '11' '19 = '12, '110 = '13; n permutes 1,3,7)

is a rational integer. In our case we don't have to seek for larger prime numbers. We simply take good approximations· of the complex numbers '11'" ., '17 and test whether one of the six Cs approximates a rational integer a well enough such that the product of the 15 H-conjugates:

is < 1 so that C- a = 0 is obtained. We use the estimate

lew + al ~ lal + 7bcd. where b, c, d are the maximum, the next highest and the second highest among the 1'1d. In our case we find that indeed

n I(C(j) - a)1 < 1, IS

j= I

so that PSL(3,2) is the group of Trinks' equation.

Exercises 1. (a) Find approximate values for 11 1 , ••• ,117 and determine natural numbers b, c, d serving as upper estimates for the maximum, the next highest and the second highest among the Illil of Trinks' equation. (b) Compute the six to the required amount of accuracy and determine which of them is a rational integer. (c) Choose a prime number suitable to test the group of Trinks' equation and determine the possible outcomes ofLl= Illilli+ l'1i+ 3 modulo p depending on the 6 possible arrangements of 111112114' assuming already that (\ 234 567)EG = G I6S ' Verify in this way that G is the group of Trinks' equation. (d) Which method (a) + (b) or (c) is raster?

"S

The cyclotomic equation

157

2.11. The cyclotomic equation Any finite group G defines the group ring RG over a given unital commutative ring R with the elements of G as R-basis and the multiplication table of G as basic multiplication rule. The trace of the regular representation (relative to the basis G = {g 1 , ... , gIGI}' see (3.25c) and (12.2))

(1Ll ) is given by

(11.2) so that the discriminant is

d(RG/R) = det (Tr (gjgk)) (11.3)

=IGI IGI . In particular for finite cyclic groups G = = CIGI ,

(11.4a)

RG ~ R[t]/(t IGI - 1), R

(11.4b)

d(RG/R) = d(t IGI - I) = IGIIGI ,

(11.4c)

we find that

hence the cyclotomic polynomial t lGI -

is separable over R if and only if The cyclotomic equation

1

(11.5)

IGI is not a zero divisor of R.

x" - 1 = 0

(nE£:>O)

(11.6)

has been the subject of inquiry since the earliest beginnings of algebra, but has still not revealed all its secrets. Its group over the rational integer ring is abelian. Its importance is demonstrated by L. Kronecker's theorem that any finite abelian extension of the rational number field can be embedded into a suitable cyclotomic extension.

(11. 7) If the natural number n is not divisible by the characteristic of the field F then the group of the separable equation (11.6) is abelian.

Proposition

Proof Let S((t" - I)/F) be the universal splitting ring of the monic separable polynomial t" - 1 and let Xl"'" x" be the standard root generators of S((t" - I)/F) so that

t" - 1 =

n" (t -

j;1

Xj)'

The group of an equation

158

Then for any primitive idempotent e we obtain the n distinct projections ~ i ~ n) such that

eX i (I

II

t"- e =

Il (t -

ex i)

i= \

and the elements of

G = Stab (e/6 n ) permute the root projections eX i (1 ~ i ~ n) generating the minimal splitting field E = eS«tn - l)/F) of t n - e over eF. We observe that ex \ , ... , eX II are the only roots of til - e in E. Since the equations

(eXi)" = (exj)"

=e

imply upon multiplication that

(exiexj)n = ee = e, it follows that the roots of til - e in E form a group X of order n. Since any finite subgroup of the multiplicative group of a field is cyclic it follows that we have after suitable numbering of x \ , ... , Xn

eX i = (ex\)i

(1 ~ i ~ n),

so that there holds the multiplicative to additive isomorphism

r: X -+Z/n: exit--+i + nZ (I

~

i ~ n).

Each permutation automorphism nEG restricts on X to an automorphism of X. Since X generates E over eF it follows that G restricts on X faithfully to a subgroup of Aut (X)

~

Aut (Z/n)

~

U(Z/n).

The units of Z/n form an Abelian group of order qJ(n) where

qJ: Z>o-+Z>o: nf--->#{iEZ>oll

~i~n,gcd(i,n)=

I}

is the Euler qJ-function, G is isomorphic to the subgroup represented by the integers i" defined by

o Theorem (11.8) The group of the cyclotomic equation (11.6) over the rational number field is isomorphic to U(Z/n). Proof Using the same terms as in the proof of proposition (11.7), but for F = 0, we note that the universal splitting ring S«tn - 1)/R\) with R\ = contains the same idempotents as S«t" - 1)/0) and that we have an

159

The cyclotomic equation

epimorphism

E: S((t" - I)/Rd--->S((t" - 1)/(l'/p)), mapping the standard root generators x \ , ... , x" of S( (t" - 1)/R tl on the standard root generators y\ , ... , Yn of S( (t" - 1)/(l'/p)) for any prime number p not dividing n. It maps the primitive idempotent e of S((tn - I)/Rd on some idempotent E(e) of S((t" - 1)/(l'/p)) such that eX i = (ex\)i, c(exJ

= c(e)Yi = (c(e)yd i (l ~ i ~ n),

Stab (E(e)/6,,) = Stab (e/6,,) =

G,

where G is the group of the equation (1.6) over Q. There is a primitive idempotent e' of S((t" - 1)/(l'/p)) for which e'E(e) = e', and the projections e'Yi = e'eYi = e'e/\

= e'yi\ (l

~; ~ n)

are distinct, generating a minimal splitting field IFp. of the equation xn - e' = 0 over e'lF p' The group of the equation x" - e = 0 is generated by a permutation automorphism n which leaves e' fixed and raises every element e'Yi to its pth power: n(e'Yi) = (e'Yi)P = e'Ypi

(I ~;~n,Yj=)lk forj==kmodn).

Hence G contains the permutation automorphisms np mapping Xi on Xpi (p any prime number not dividing n) subject to Xj

= Xk

for j

== k mod

n.

Using prime factorization of any natural number m that is prime to n it follows that G contains the permutation mapping Xi on Xmi (l ~ i ~ n). Hence G ~ U(l'/II). 0 It follows from theorem (11.8) that the minimal splitting field En of t" - 1 over Q is an Abelian extension of degree cp(n) over Q with automorphism group isomorphic to U(l'/II). It is generated by the n roots (II' (; , ... , (~ of ttl - 1 where (" is a primitive nth root of unity. Anyone of the cp(n) powers (~ (l ~ i ~ II, gcd(i, n)

= I)

is also a primitive 11th root of unity. They form a conjugacy class under the automorphism group Aut (E,,/Q). Since the complex numbers (", (/~ , ... , (~ = 1 form the vertices of a regular II-gon with the origin as center in the complex plane we speak of En as the 11th cyclotomic jield and of the polynomial n(t)

=

n

(t - (~)

1 ~i:S;n gcd (i,n); 1

as the 11th cyclotomic polynomial. Its coefficients are fixed by the automorphisms of En over Q, hence they are rational. On the other hand, the

160

The group of an equation

monic polynomial cPn(t) divides t n - 1, hence the coefficients of cPn(t) are rational integers. According to theorem (11.8) the polynomial cPlI(t) is irreducible of degree cp(n). We have En = E 2n if n is odd, since in that case the roots of cP2n(t) differ at most by sign from the roots of cPn(t), But there are no other equalities between cyclotomic fields. Indeed, if En = Em where n, m are two natural numbers satisfying n < m then En contains the products of the nth roots of unity and the mth roots of unity which are simply the lcm(n, m)-th roots of unity so that En = E)cm(n.m)'

cp(n) = cp(m) = cp(lcm(n, m)),

m = 2n, n == 1 mod 2.

There hold the factorizations n

tn-

fl (t -

1=

,~)

i; 1

= fl cPd(t).

(ll.9a)

dill

Using the Moebius inversion formula (5.14b) we find that

cPn(t)

= fl (t d -

l)"(n/d).

(l1.9b)

dill

In order to find the discriminant of the nth cyclotomic polynomial we make use of the following lemma. (11.10)

Lemma Let n > 1 be a natural number. Let

be the equation ring of the nth cyclotomic polynomial. Then the following elements are units of A: 1 - ,~ 1_

,~n/p.

1_

,~n/p.

(l ~ i < n, njgcd (i, n) is not a prime power),

(11.11a)

(VEZ>O, p a prime number, p'ln, 1 < i < p', pJi, 1 o)

(I2.6d)

= f' and if there is an element

X E U (Rfxf), for which il'(x) = X-I il(x)X

(xEA)

(I2.6e)

or, briefly, (I2.6f) The unit group U (R I x I) of R I xl is said to be the genera/linear group of degree

f

over R:

U (R I XI) = GL(j, R). From the multiplicative property of determinants it follows that the matrix equation

XY=I f

(X,YERfxf)

(12.6)

implies the determinantal relation det X . det Y

= I,

so that the determinant of X is a unit of R, hence

YX=I f ,

Y=X- 1 ,

XEU(RIX f ).

(12.6h)

Conversely, if the determinant of a matrix X of degree f over R is a unit of R then (12.6g) is solvable in Rfxf by a matrix Y of degree f over R, X is in U(RfXf), (I2.6h) holds with Y uniquely determined. For this reason the clements of GL(j, R) are said to be the unimodular matrices of degree f over R. They are said to be proper if their determinant is I. The proper unimodular matrices form a normal subgroup SL(j, R) of GL(j, R) with representative subgroup R(j, R) formed by the special diagonal matrices

di.g(" 1" .. , I)

~

(: 1 " , ] (3XEGL(f,R):

[' = X-I[X

¢>3X EGL(f, R): d' = X -I dX ¢>d

~

d'. (12.13)

Definition The sum of two matrix representations d j : A~R!;xf;

(i

= 1,2)

(l2.l4a)

o/the R-ring A a/finite degree over R is defined by block diagonal composition

d l EEl d 2 : A ~ R(f, + h} x(f, + h): X1---+ (

dl~X) d2~X)).

(12.l4b)

The representation conditions for d I EEl d 2 are consequences of the following rules for block diagonal matrix composition AlEElA2=(0 Al h x9,

0!,4X92) (AjERf;Xg;,fj,YjEZ>o; i= 1,2),

(12.14c)

2

Al EElA2 + BI EElB2 = (AI + B 1 )EEl(A 2 + B2), } A(AI EElA 2 ) = AAI EElAA2 (A j, BjER!;xg;,fj,gjEZ>o, AER; i = 1,2), (A 1 EEl A 2)(B I EEl B 2 )

(12.14d)

= A I B I EEl A 2B2 (A j, BjE Rf; xf;,fjEZ > 0; i = 1,2). (l2.14e)

If M j is a matrix representation module for the matrix representation (12.14a) of A over R, then MlEElM2 is a matrix representation module for d l EEl d 2. This remark sets in evidence that the addition of matrix representations satisfies the substitutional law, the commutative law, and the associative law up to equivalence: dj~d;

(i=

1,2)=>dlEEld2~d'IEEld~,

d 1 EEl l'l2

~

l'l2 EEl l'll'

l'll EEl (l'l2 EEl l'l3) = (d 1 EEl d 2) EEl l'l3'

(12.15a) (12.ISb) (l2.l5c)

For any unital R-ring A we distinguish proper, improper, and null matrix representations d depending on whether d(l,,) = I"

d(l")#I,,

l'l(l,,)=O,.

169

Normal bases

In the latter case we will have ~(x) = ~(xl ,,) = ~(x)~(l ,,) = Of. If R is a field then any improper matrix representation ~ which is not null is equivalent to the sum of a proper and a null representation. This is because of the Peirce decomposition of any representation space M of ~:

M = 1M

+{x -

lxlxEM}.

4. Permutation representations and matrix representations The permutation representations ~:G

--. 6 n

(12.16a)

of a group G by permutations of n letters give rise to matrix representations ~ of degree n over any given unital commutative ring R upon representing 6 n faithfully by permutation matrices of degree n (l2.l6b) defining the action of the permutation n on the standard basis of R n x I by means of permuting the indices j of the basis vectors ej (l ~ j ~ n). We note that r ~ is proper. The sum of two permutation representations corresponds to the sum of the permutation matrix representations. If the two permutation representations ~I' ~2 of G of degree n are equivalent, then the corresponding permutation matrix representations r~I' r~2 are also equivalent. The converse need not happen (see exercise 1). For any matrix representation (l2.6a) of the R-ring A of finite degree f over the unital commutative ring R and for any unital overring R' of R we obtain the matrix representation 1R' ® R~ of R' ® RA of degree f over R':

lR'

®R~(JI x j® Yj) = JI Xj~(y;)

(SEZ>o; xjER', YjEA; 1

~ i ~ s). (12.l7a)

If M is a matrix representation module of A, then R' ® R M is a matrix representation module of 1R'®RA. On the other hand, if (12.l7b) is a matrix representation of R' ® RA of degree f over R', then, of course, its restriction to 1R' ® RA defines the R-homomorphism (12.l7c) of A into R'!x!, and any such R-homomorphism ~ determines uniquely a matrix representation (l2.l7d) of R' ® R A of degree f over R' in accordance with (12.l7a). By abuse of language we frequently speak of ~ as a matrix representation of A of degree

170

The group of an equation

lover R', even though it may be impossible to make II equivalent to a matrix representation of degree lover R (see exercise 2). The equivalence of two matrix representations llj:A-+Rfxf (i= 1,2)

(12.1Sa)

of the R-ring A of degree lover A is tantamount to the existence of a unimodular matrix X of Rf x f satisfying the equation

ll2(X) = X - IIII (x)X

(xEA),

which is equivalent to (l2.1Sb) Dropping the unimodularity condition we realize that (12.1Sb) amounts to a system of linear homogeneous equations for the entries of the matrix X. For any two matrix representations llj:A-+R!;X fi (i= 1,2) (12.1Sc) of A of degree Ij over R the rectangular matrices X ERft x h satisfying (12.ISb) form an R-module C(lll,ll2) of Rftxh which is said to be the connecting R-module of lll' ll2' The two matrix representations (l2.IBc) are equivalent precisely if 11=12 and the connecting R-module C(lll, ll2) contains a unimodular matrix. The connecting R-module C(ll, ll) of the matrix representation (12.5) is an R-ring which is said to be the centralizer of ll. It contains If as unit element. For any two matrix representations (12.1Bc) we have C(lll, lll)C(lll, ll2) = C(lll, ll2) = C(lll, ll2)C(ll2, ll2),

(12.lSd)

and we note that

C(X II lllX I' X 21 ll2X 2) = X IIC(lll' ll2)X 2 (XjEGL(fj, R); i = 1,2). (12.IBe)

If R is a field then we have C(lR'®RllI' lR'®Rll2) = R'C(lll, ll2) ~ R'®RC(llh ll2)

(12.1Sf)

for any extension R' of R. In that case C(lll' ll2) has an R-basis X h " " X k (k = k(C([\I, [\2))) of at most Id2 elements. Let us now suppose II = 12' Then we form the polynomial

P(tl' t2'"'' t k ) = det(tl tjX j)ER[t l, ... , td·

(l 2.1 Sg)

If it is zero, then the two representations

(12.1Sh) are not equivalent for any extension R' of R because of (12.1Sf). On the other

Normal bases

171

hand, for P#O the representations (12.18h) can be equivalent in some extension of R, for example in R(t I ' t 2 , . .• , tk)' As a matter of fact we have Theorem (Deuring-Noether). If lR' ® RAI AI ~ 1'\2'

~

(12.19) lR' ® RA2 for some extension R' of R, then

A proof will be given later on for arbitrary fields R and extensions R'. In the case of R being an infinite field (12.19) is a consequence of Lemma

(12.20)

For any non-zero polynomial P(t I " " , tk) in k variables t I"'" tk over an infinite field R there is a non-zero specialization. Proof By induction on k. For k = I we choose I + deg(P) distinct elements ~o, ~ I' •.• , ~deg(p) of R. Then clearly P(~;) # 0 for some index i (0 ::.;; i ::.;; deg (P)) since P has at most deg(P) zeros. For k> 1 we thus obtain a specialization tk~ AkER such that P(t l , •.. , t k- I , Ak) is not zero. Then we apply the induction 0 hypothesis. If R is finite and we take theorem (12.19) for granted, then we know that (12.18g) is not zero and that there is at least one non-zero specialization in R, hence we can simply operate by trial and error to actually find a nonsingular matrix transforming 1'\ I into A2 over R. 5. Construction of normal bases Given a normal extension E with automorphism group G over the field of reference F we have seen already in section 6 that the tensor product ring A = E®FE of an extension E of F isomorphic to E over F acts as representation space for the regular representation of G inasmuch as the primitive idem po tents of A form an E-basis of A with regular permutation action r of the group G= lE®FG # G. On the other hand, of course E itself is a representation space of G of degree n = IG lover F for some matrix representation A: G -. F n x n. Also A can be interpreted as a matrix representation of Gover E with A as representation space. The two are known to be equivalent over if. Hence they are equivalent over F. It follows that there is a normal basis B = {g(X)lgEG} of E over F which can be found upon suitable specialization of the generic solution of a system of linear homogeneous equations. For every subgroup S of G we obtain the left coset decomposition (G:S)

G=

U Sgi, i= I

(12.21a)

172

The group of an equation

corresponding to the fix elements

0iS:=

L Sgi(X)

seS

(1 ~ i ~ (G:S)),

(12.21b)

of S which are said to be the Gauss periods of B with respect to S. All fix elements of S form an intermediate field ES with (12.21b) as F-basis: (G:S)

E S = {YEEI'v'gES:g(y) = y}

=

L FO iS '

(l2.21c)

i= I

Indeed, the O/s are linearly independent over F since they are non-overlapping F-linear combinations of B. Their number equals

(G:S) = dimf' ES •

(12.2Id)

Each of the Gauss periods generates ES over F since there holds a right coset decomposition (G:S)

G=

U giS.

(12.21e)

i= I

The G-conjugates

gjOiS

(I

~j ~

(G:S))

(l2.2lf)

are F-Iinearly independent because they are non-overlapping F-linear combinations of B, hence they are distinct. Thus the Gauss periods turn out to be primitive elements of E S over F. They are G-conjugates if and only if S is a normal subgroup of G. This occurs for example for the normal basis of the pth cyclotomic extension

Ep:= iQ((p), of 10, which is generated by x

(:-1

= (p

+ ... + (p + 1 = 0

(l2.22a)

and consists of

(p,(;, ... ,(:-I.

(12.22b)

This was the normal basis which Gauss studied in the Disquisitiones Arithmeticae. We observe that as a rule the S-conjugates of x form a normal basis of E over ES • In case of the prime factorization P - 1 = PIP2· ... ·Ps (PI' P2'"'' p. prime numbers) we construct Ep via the sequence of cyclic extensions 10 = '1'0 C '1'1 c .. · c '1'., = Ep, with 'l'i = 'l'i-I(Oi) of prime degree Pi over 'l'i-I' Here OJ = LgeG,g(x) with G = Go = (go) and go((p) = (:' (J a primitive root modulo p, Gj := (g\f-I)/(P,· ... ·PJ) (l ~j ~ s), G = Go::l G I ::l ... ::l Gs = 1. A sequence of quadratic extensions suffices to construct Ep, if and only if P is a prime number of the form p = 1 + 2'. Such prime numbers are called Fermat prime numbers. If the exponent s is divisible by an odd prime number

173

Normal bases

q, then (I + 2s/Q)I(1 + 2 hence a Fermat prime number must be of the form p = 1 + 22'. For t = 0, 1,2,3,4 we indeed obtain the Fermat prime numbers 3, 5, 17, 257, 65 537 which are the only ones known so far. We note, for example, that 64tl(1 + 2 2'). C. F. Gauss answered the question which cyclotomic construction tasks can be solved by ruler and compass by the statement that the nth primitive unit root can be constructed as a point of the Gaussian plane with 0 as origin and 1 t= 0 as second reference point if and only if n is a product of a power of 2 and a number of distinct Fermat primes. He anticipated Galois theory in a special setting by about 30 years. S

),

6. The theorem of the primitive element We have seen already that every finite separable extension E of a field of reference F can be generated by a primitive element. However, in order to find a primitive element generating E over F we must embed E into a minimal splitting field 'I' of E over F, we must construct a normal basis of 'I' over F, and we must form a period with respect to Aut ('1'/ E). A more direct way is given by the folIowing theorem.

Theorem (12.23) (J. Sonn and H. Zassenhaus). Let E be an extension ofthe field F withfinite basis B. Then E contains a primitive element over F if and only if at least one of tlte 21BI - 1 non-empty sums over distinct basis elements generates EaveI' F.

Proof If the characteristic of F is a prime number p and if there are two elements x, y of E for which xP,yPE'I':= Sep(F, E):= {zEElz separable over ['I'(x, y):'I'] = p2,

F},}

(12.24)

then it is impossible to find any single generator ~ of E over 1/1. Otherwise there is a natural number Jl for which ~"E'I',

hence ~p

~"-I¢'I',

,..- I

p-

I

cannot be contained both in 'I'(x), 'I'(y). Assume ~p ¢'I'(x), hence 'I'(x,~)~'I'(x)®'I''I'(~), x¢'I'(~), 'I'(~)cE, a contradiction. On the other hand, if there are no two elements x, y of E satisfying (12.24) and if 'I' c E, then there is a maximal natural number Jl such that Er 1 st'l', EP" s '1', hence there is an element ~ of E for which ~PE'I',

~p-l¢'I',

"-I

E o ='I'cE 1 ='I'W

[Ej:E j-

1]

=

p (I

)c"'CE,,_lCE,,=E,,_I(e),

~ i ~ Jl).

Let t/ be an element of E not contained in E,.. There is a natural number

174

The group of an equation v

V ~ jI.

v-I

;'1'. Hence there is a natural number A ~ v for which I}p A - t =:(;E", (PEE w By assumption (P;Eo = '1'. Hence, (PEE j , (P;Ej_ 1 for some number i ~ jI., and we have (p d 'E'I', (P;;EI' a contradiction. It follows that E" = E = 'I'(~). 0 Because of E = (P - n E) ® F 'I' it follows that there is an element I} of for which I}P E'I', I}P

00

P

-00

nE for which F(I})

=P

J,I-I

JI.

-00

nE, I}P EF, I}P

;F. We embed E into a

minimal splitting field M of E over F. The fixed subfield of Aut (M / F) is

P - n E. Any element ( of E which is not a primitive element of E over F 00

either is contained in the subfield Sep (F(I}r '), E) = F(I}r ') ® F 'I' of degree p" - 1 ['I': F] over F or in one of the [E: '1'] - 1 subfields (12.25a) where [E:'I']

Aut(M/F)=

U gjAut(M/E)

j=

(gl

= I).

1

We note that 'I' '= E j C E so that [Ej:F] ~ HE:F]

(1 < i ~ [E:'I'])

(12.25b)

according to the degree theorem. If E is separable over F, then we again embed E into a minimal splitting field M of E over F. The fixed subfield of Aut (M/F) is F. Any element ( of E which is not a primitive element of E over F is contained in one of the [E:F] - 1 subfields E j := {xEElx = gj(x)}

(I < i ~ [E:F])

where [E:F]

Aut (M/F) =

U gjAut(M/E)

j=

(gl = I).

1

We note that [Ej:F] ~ HE:F]

(I < i ~ [E:F])

(l2.25c)

according to the degree theorem. To conclude the proof we need the following combinatorial lemma.

Lemma (12.26) Let E be a linear space over the field F with a basis B. Any set {B I> B 2, ... , B,} of finitely many disjoint finite subsets B j ,= B (I ~ i ~ s) generates the shypercube formed by the 2' sums L.beBe(b)b subject to the conditions

e(b) = 0 for b;BI VB2V .. ·vB" e(b)E{O, I} for bEBI v B2 v .. · vB" e(b) = e(b') for b,b'EB j (1 ~i~s).

It spans an F-linear subspace X with the s basis elements LbEB,b (l

~j~

s)

Normal bases

175

such that the s-hypercube is characterized as the set of all sums over distinct elements of B contained in X. This is the s-hypercube situation. If the characteristic of F is 2 then we also allow all invertible linear transformations of B over !F2' Then any F-linear subspace X of E offinite F-dimension s contains at most 2' sums over distinct elements of B. Equality is attained only in the s-hypercube situation. Proof of (12.26) Let X be an F-linear subspace of E of finite dimension s over F and with the property that there is a set S of 2' sums over distinct elements of B contained in X, but the s-hypercube situation does not hold. Let B' be the subset of B formed by the elements of B occurring in one of the 2' sums. Assume that the number of elements of B' is as small as possible. We want to produce a contradiction. Without loss of generality we assume that B, B' are finite. We obtain an equivalence relation on B by defining b to be equivalent to b' if and only if either both b, b' or neither occur in anyone of the 2' sums of S. Upon transition from B to the set B' formed by the sums over each equivalence class we find another counterexample. Due to the minimal property of B it follows that each equivalence class consists of a single element of B. If an element b of B belongs to X then upon transition from B to B\ {b}, E to Y:= tb'EB\!b} Fb', X to X nY, and S to the subset of the sums in which b does not occur we find another counterexample with a lesser number of basis elements contrary to the minimal property of B. Hence no element of B belongs to X. Let bEB, Y:=I.b'EB\!b}Fb', dimF(YnX)=s-l. If Sn(Xn Y) consists of 2'- 1 or more elements, then it follows from the minimal property of B that we are in the (s - I)-hypercube situation, hence B\{b} s:: X nY, X = E, a contradiction. It follows that S n(X n Y) consists of less than 2,-1 elements, each of the form Lb'EB\!blcx(b')b' (CX(b')E{O, l}) and S\(Sn(X n Y) consists of more than 2,-1 elements of the form b + Lb'EB\{b}P(b')b' (P(b')E{O, I}) where never cx(b') = P(b') for all b'EB\{b}. Hence, dimF(Fb + X) = s + 1, Fb + X contains S as well as the 2' new sums b + Lb'EB\{b} cx(b')b', Lb'EB\{b}P(b')b'. Because of the maximal property of s we are now in the (s + I)-hypercube situation. This means that B s:: Fb + X, E = Fb + X, dim F E = s + 1. Hence S contains all sums b+b' (b'EB\{b}) yielding X = I.b'EB\{b}F(b + b'). If F is of characteristic 2, then X itself is in the s-hypercube situation after suitable invertible linear transformations of B over !F 2 , a contradiction. Hence the characteristic of F is not 2. For s = 1 we are in the s-hypercube situation. Let finally s > 1. Replacing b by another element b" of B we find that also X = I.b'EB\!b,,}F(b" + b'), which is impossible. 0 We apply lemma (12.26) to conclude the proof of (12.23). If E is separable of dimension n over F, then we have to avoid at most 1 + (n - 1)2"/2 < 2"

176

The group of an equation

sums of distinct members of B as a consequence of (12.26). If E is not separable of dimension tip" (j1EZ>o) over F, then we have to avoid at most 1+ (n - 1)2 np"/2 + 2np"-1 < 2np" sums of distinct members of B. In either case this can be done. In fact, the chances are the better the larger n, p,

j1

are.

o Exercises I. Let R be a unital commutative ring with 2E U(R). Show that the sum of the three non-equivalent permutation representations of degree 2 of Klein's Four Group is equivalent via matrix representation to the sum of the regular permutation representation and two permutation representations of degree I. 2. Show that the cyclic group of order 4 has no faithful representation of degree lover Q though there is one over Q( - l)t. 3. For any two unital commutative overrings R t , R2 of the unital ring R and for any semigroup G we have (R t ®RR 2 )G = R I G®RR 2 G. 4. Let A be known to be an algebraic sum of finitely many separable finite extensions of the field F with F-basis b l , ... , b•. Show that at least one of the 2· sums x = L7~ I ejb j (e j = 1 or 0) is a primitive element of A over F so that 1, x, ... , x·- I form another,F-basis of A. Estimate the likelihood of hitting a primitive element by 'random' choice. 5. Does (12.23) hold generally for unital commutative F-algebras A of finite dimension over F?

3 Methods from the geometry of numbers

3.1. Introduction The geometry of numbers was introduced by H. Minkowski who 'got the methods which provided arithmetical theorems by spacious perception'. This was about 1900 and since then the geometry of numbers has become an independent discipline of mathematics. We, of course, are mainly interested in those results which can be applied to problems of computational number theory. They will be outlined in the following three sections. In section 2 we consider modules over principal entire rings with regard to a subsequent specialization to lattices in Euclidean n-space. Especially, in connection with the study of the bases of a module and the bases of its submodules we derive the Hermite and Smith normal form of matrices. In section 3 our considerations are confined to lattices. The search for special lattice bases consisting of vectors of small length leads to the concept of reduction. We present several reduction methods such as Minkowski-reduction, a total-ordering-reduction and a new reduction algorithm of Lenstra, Lenstra and Lovasz [10] and also some applications. Closely connected with reduction theory are the successive minima of a lattice, also studied in section 3. Finally, section 4 contains Minkowski's famous Convex Body Theorem and some of its consequences for algebraic number theory.

3.2. Free modules over principal entire rings In the sequel we consider free unital modules M over principal entire rings

R which are finitely generated, i.e. M = EB/,= I b;R for suitable elements nEN, bl, ... ,bnEM. Those elements bl, ... ,bn are then called (R-)basis of M,n the (R-)rank of M.

Methods from the geometry of numbers

178

Lemma

(2.t)

rr bl,· .. ,bll and sat;~ry;ng

(b

"

are bases of M, then there is a matrix UEGL(n,R) (c l , ... , clI)U.

C"""C II

... , bll) =

Proof According to assumption there are U, VER" subject to (bl, ... ,bll )= (c I"'" ell) U, (c I" .• , cll ) = (b I" .. , bll) V and the uniqueness of the presentation of elements by a basis yields U V = III' III the n x n unit matrix. 0 In order to discuss the connections between the bases of a module and its submodules we need a few tools from matrix theory which are implicitly presented in most algebra courses but which may not be familiar to the reader. However, from a constructive point of view these tools are of considerable value. We recall that matrix multiplication from the right (left) yields an operation on the columns (rows) of the matrix. Especially we are interested in multiplications by so-called elementary matrices of Rnxn. For an easy description we introduce the following matrix types (I ~ i, j ~ n). X

"

Eij contains exactly one entry I in column j and row i, otherwise zeros; hence n

In

=LE

(2.2a)

jj ;

I

j=

II

Sij:=

L

Ekk + Eij + E jj

(i

i= j);

(2.2b)

k=1

k,/,j.j

(2.2c) II

diag(a" ... ,a,.):=

L

ajE jj

(ajER, I ~j~lI);

(2.2d)

i= 1

(2.2e) Multiplication of a matrix AER" X " from the right (left) by Sij interchanges the columns (rows) i and j. Multiplication of a matrix A from the right (left) by Tjj(a) adds a-times column i (row j) to column j (row i). Moreover, the inverse matrices of Sjj, Tij(a), D j are easily seen to be

(2.3) We use these matrices to transform any matrix A ER'" x II into a suitable normal form. To do this we need two preparatory lemmata.

Lemma (2.4) Let a I " " , an be elements of the principal entire ring R. Then R" X" contains a matrix A = (aij) subject to alj = a j (l ~ j ~ n) and det(A) = gcd(a ... , an). " Proof By induction on

11.

The case n = I is trivial. We therefore assume the existence

179

Free modules over principal entire rings

I)xllll) satisfying a 1j = aj (1 ~) ~ n - 1) and d,,-l:= det (A) = gcd(a1, ... ,an- 1). For d,,:=gcd(d,,_I,a n) there exist u,vER subject to dn = udn - I + va". We set

of A = (aij)ER 11I

°

aij = aij (1 ~ i,) ~ n - 1), a ln = an> ajn = an" = Un> anj = - (a)dn_l)v (1~) ~ n - 1). Then det (A)

=

(2 ~ i ~ n - 1),

d" is obtained upon expansion according to the last column.

o Example Let R = 7L and a l = 30, a2 = 42, a 3 = 70, a4 = 105. By calculating d l = 30,

d 2 =6=3'30+(-2) 42, d3 =2=12'6+(-I) 70,

d4 = I = 53-2 + ( - 1) 105 we get 30 42 ( 2 3 A= 5 7

70

105)

12

0'

15

35

21

° ° 53

We note that the actual computation of A requires the calculation of a presentation of d = gcd (a, b) by a and b and is therefore practicable in Euclidean rings only.

Lemma

(2.5) a" be elements of the principal entire ring Rand dn:= gcd (a l , ... , an).

Let a I"'" Then there exists UEGL(n,R) satisfying (al, ... ,an) U =(dn,O, ... ,O). Proof

Let A = (aij)E R nx n as in (2.4). The matrix A = (aij) given by ii jj:= aij (2 ~ i ~ n) and ii l /= al)d n (I~) ~ n) is clearly in GL(n, R) and satisfies (dn,O, ... ,O) A=(I,Q, ... ,O) A=(al, ... ,an),hence U:=A- 1 doesthejoh. 0 The last lemma yields a first normal form for matrices over a principal entire ring R.

Theorem (2.6) Let R be a principal entire ring and 9l a full system of representatives of RjU(R). For every matrix A = (aij)ER xn there exists a matrix U EGL(n, R) such that H(A) = (h jj):= A U is a lower triangular matrix the entries of which satisfy hjjE 9l (l ~ i ~ min (m, n» and in case hjj # the entries hij with) < i are uniquely determined modulo hjj • H(A) is called Hermite normal form of A, respective/y, (Hermite-)column-reduced. If H(A') is column-reduced. then A itself is said to be (Hermite-)row-reduced. III

°

Methods from the geometry of numbers

180

Proof By induction on n. For n = 1 let dE~H be associated to all' i.e. there exists eE U(R) subject to d = all e. In that case U = (e)EGL(l, R) satisfies AU = H(A). Now let n > 1 and the theorem be true for matrices over R with less than n columns. For d:= gcd (all"'" alII) let dE91 be associate to d. According to (2.5) there is a matrix U E GL(n, R) such that the matrix A = (aij):= AU e for e = d/d has entries all = d, alj = 0 (j> I). In case m = 1 we are done. For m> 1 we apply the induction hypothesis to the matrix B=(bij)ER(m,)x(II-') with entries bij = aj+ I,j+ I' There is V = (Vjj)EGL(n - 1, R) such that H(B) = BV. We choose V = (vij)EGL(n, R) via VII = 1, Vlj = 0 = Vii' vij = vij (i > 1, j > 1), and obtain H(A) = AUeV. 0 Especially, for R = Z we choose 91 = Z;;,O and hijE{O, 1, ... ,h ii - I} for hii =I O. As we already mentioned the Euclidean algorithm allows the practical computation of H(A) in that case.

Algorithm for the computation of Hermite normal form

(2.7)

Input. AEZ mxlI Output. HEr'XII, UEGL(n,Z) such that AU=H and

H is in Hermite normal form. Step I. (Initialization). Set H ..... A, U ..... I,,, r ..... min (m, n), i ..... 1. Step 2. (Determination of smalles~ element in row i). Let Sj:= {hijJj? i, hij of. O}. For Sj = 0 go to 6; else compute kE {i, ... , n} minimal with Ihjkl = min {lhijllhijESJ In case k = i go to 4, else to 3. Step 3. (Change of columns i and k). Set U ..... US jk , H ..... HS jk . Step 4. (Reduction of elements hij modulo hii for j > i). Set H ..... HTij(-{hij/h ii }), U ..... UTjj(-{hij/h ii }) for j=i+ 1, ... ,n. If hij = 0 (j = i + 1, ... ,n) go to 5, else to 2. Step 5. (Reduction of elements hij modulo h ii for j < i). For hjj < 0 set H ..... HDj, U ..... UD j. Then set H ..... HTij(-Lhjj/hiiJ), U ..... UTij( - LhulhiiJ) for j = 1, ... , i-I. Step 6. (Increase i). For i = r terminate,· else set i ..... i + 1. For i = r go to 5, else to 2.

If we also need U - I, we can compute it analogously to U. We start from U - 1 = In in step 1 and each time when we multiply U by an elementary matrix from the right we multiply U the left.

1

by the inverse of that matrix from

Example

We compute the Hermite normal form of M =

(1~ 2~ ~~) 31

36 40

index step

elementary matrices for

elementary matrices for H,V

(,; 31

V-I

V

H

'0)

7 20 25 36 40

V-I

13

13

~'

4

T1.2( - 2), T1,3( - 3)

(,; 31

3

S1.2

(-,~

-26

1 -10 -26

-2~)

- 53

-2

G

I

0

-n

'"3 T u (2), T!,3(3)

2

U

I

0

f)

0

Q.

c:

or.

.,c ~

-g 3' (')

3 15 31

-2~ )

- 53

00'

I

(-! -f)

SI,2

~

(! :) 2 0

0 0

'"~

~.

...

:;' OQ

4

3

2

T I ,2( - 3) T1,3( - I)

(-,~ -26

0 45 109

S2,3

(-,~ -26

0 -10

-27

-,~) -27

0)

45 109

n

7 -3 0

(-!

-I -I

-I) -I I

-D

'" TI ,z(3) TI ,3(1)

S2,3

n I:) 7 2 0

(~ 'I) 7 0 2

00

4

2

T2 ,3(4)

(-1~ ° 0) (-2° -1 3) -26

3

2

S2,3

-10

5

-TI

1

1 -1

-7

4

-I~ ° -100) (-26

(-2 3-1)

(-101 ° °0)

(-2 3 5)

5

- 27

T2 ,3( - 4)

1

°

-7 4

S2,3

-I 1

H

7 10) -8 -11

c!

2

3

7

10)3

2 -8

-11

00 N

s:

"os:Co

4

2

T2 ,3(2)

5

- 26

5

5

2

3

T2 ,1(2)

D3, T3,1(1)

- 25

(- 24°1 °5 - 25°0)

(°1 °5 °0) 1

25

1 -7

'"

T 2 ,3( - 2)

- 15

049

t- 4 13

8

(-!

18

- 8

-11

o

3

s:-

"d:o" 3

~ '
1, m = 1 was already treated in (2.5). Now let nand m both be greater than one. Similarly to the proof of (2.6) we apply (2.5) to the first row of A to obtain A(I) = (aij(l)) with a1j(I) = 0 for j> 1. Application of (2.5) to A(I)' yields A(1)=(a jp») with a i1 (I)=O for i> 1. Clearly, a l1 =gcd(al1,aI2, ... ,aln), a l1 (1) = gcd (a l1 , a21"'" ami)' If alP) = 0 for j > 1 we can apply our induction hypothesis. Otherwise we repeat that procedure to obtain A (2), A(3I, ... which must finally provide a1j(v) = 0 for j > I and some vEN since the number of prime elements dividing a 11 (v) strictly decreases if v increases in case there is an element alP) (j> 1) which is not divisible by all(v). Therefore we obtain EGL(n, R), VEGL(m, R) such that (a j ) = A:= VA 0 is a diagonal matrix. Next we obtain the divisibility condition. Let us assume that there are indices 1 :::; i

I

------>

0 5 0

:)~(~ 2!J

25

0

0 0

0 1 25

~)~(~ o

0 0

0 1 0

25 ~ 0 125 0

(5,3)

0)

0

0 5 0

0 1 25

12~J

(I ° o0) . 1 0

125

The numbers in brackets refer to the number of the step and the index i of Algorithm (2.7), respectively; t means transition to the transposed matrix. The elementary divisors of Mare 1, 1, 125. We apply the preceding results to obtain several useful relations between the bases of a module and its submodules. Lemma

(2.9)

Let N £: M be free modules over a principal entire ring R of rank n, m, respectively. (i) For each basis a I' ... , am of M there exists a basis b I' ... , bll of N such

that (b l , ... ,bll) = (a l , ... ,am)A, where A = (aij)ER IIIXII is an upper triangular matrix and the entries ajj (j > i) are uniquely determined modulo ajj' Incase n = m the matrix A is regular, i.e. det (A) -# O. (ii) For each basis bl>'''' bn of N there exists a basis a l , ... , am of M such that (b I' ... , bn) = (a I' ... , am)A, where A = (aij)E Rill x II is an upper triangular matrix and the entries aij (i lIa II < IIbll v (liall = IIbliA 3jE{I, ... ,n} Vi = 1, ... ,j - 1:aj = bj A aj > bj ) (a, bEIR"). (3. 19a) (The somewhat strange condition aj > bj implies that - e j is greater than e j (1 ~ i ~ n), i.e. the canonical basis of 7L" is totally reduced which we would naturally expect.)

(b l , ... , bk) < r(a l , ... , a k ):¢>3jE{I, ... , k} Vi = 1, ... ,j - 1: bj = aj A bj < raj. (3.l9b) A minimal element of 6

A

with respect to < r is called a totally

(3.19c)

reduced basis of A. Hence, totally reduced bases are uniquely determined and are of course Minkowski reduced. (We note that in the hexagonal lattice above the basis x, y, z is totally reduced.) However, their computation can be rather time consuming. Therefore in many cases we shall use LLL-reduction as a substitute. LLL-reduced bases can be easily calculated but don't have such nice properties as totally reduced bases. (Their basis vectors need not even be ordered with respect to the norm.) The concept of LLL-reduction is discussed at the end of this section. In the sequel we develop an algorithm for the computation of a totally reduced basis of a lattice A. It will be calculated inductively. Let b l , ••• , bk be the initial basis of A. We define r-dimensional sublattices via A,:= 7Lb l + ... + 7Lb, (1 ~ r ~ k). A totally reduced basis of Al is either b l or - b l . Hence, we can assume that we know a basis bl, ... ,bk of A such that b l , ... , b, is a totally reduced basis of A, for some r (1 ~ r < k). Then we need a criterion, whether b l , ... , b, + I also form a totally reduced basis for A, + I. If the above is not the case, there must be a vector cEA,+ I with the properties (3.20a)

193

Lattices and basis reduction

c is linearly independent of b l , ... , b"

(3.20b)

c can be supplemented to a basis of Ar+ I which is smaller than the basis b l , ... , br + I'

(3.20c)

Hence, lemma (2.10) suggests we consider the set

There are two possibilities: VXESr + 1 VjE{I, ... ,r+l}:gcd(~j""'~r+d=l=x=bjvbjo be minimal with the property that there exist linearly independent vectors Y1 " " , Yj in A satisfying II Yj 112 ~ M j (I ~ j ~ i). M l ' ... , M k are called successive minima of A (with respect to the function II II). The following chain of inequalities is a trivial consequence of the definition: (3.30) Since we use a different notation, the reader will already surmise that Y1"'" Yk will not be a reduced basis for A, generally speaking. Fortunately, we can be more precise and describe the relationship between reduced basis vectors bj and successive minima vectors Yj in greater detail (\ ~ i ~ k). The following example was already known to Minkowski:

Example

(3.31)

Let bj=ej (i= \, ... ,4), b 5 =!Lf=lej in 1R 5, A = Lf= l.lbj. It is easily seen that b 1 , •.• , b 5 is a totally reduced basis for A. (We recommend this as an exereise). On the other hand M 1 = ... = M 5 = 1 with Yj = bj (i = I, ... ,4), Y5 = 2b 5 - b4 - b 3 - b 2 - b 1 · Hence, successive minima vectors will not necessarily yield a reduced basis

196

Methods from the geometry of numbers

in dimensions greater than or equal to five. What about smaller dimensions? Here we have

Theorem (3.32) Let A be a k-dimensionallattice oflR" and M j = II Yj 112 (i = 1, ... , k) the successive minima of A. Then YI, Y2, Y3 can be supplemented to a (reduced) basis of A and there is always a reduced basis bl,oo.,bk of A such that M j = IIbj ll 2 for i = 1,2,00', min(k, 4). We see from (3.31) that this result is best possible. On the other hand there are lattices with M j = II bj 112 (i = 1,00', k; k > 4), and the proof of (3.32) gives some idea, under which additional premises we can extend the last statement of the theorem to indices i > 4. Proof We already noticed that the first vector b l of a reduced basis satisfies M I = II btll 2. Hence, for a reduced basis b l , 00.' bk of A we can assume M j = IIbdl 2 for i= 1,00.,r, r~ I. Each xEA has a presentation x=D=lxjbj (XjEZ, 1 ~ i ~ k) and II x 112 is a positive definite quadratic form IIxI1 2 =Q(x l ,00.,xd=

L

bijxjx j

(bij:=b/bj )

in the variables x I, . 00 , X k • As in (3.11) we compute %ER (i = 1,00', k;j ~ i) such that

with

(3.33a)

and we define k

Qj(Xj,oo.,x k ):=

L Qj(Xj,oo.,x

k ).

(3.33b)

j=i

All these quadratic forms are positive definite again. From our assumptions we know that b/i = Mj ~ qjj > 0 (1 ~ i ~ r), (3.33c) and we shall test if Mr+ I = II br + I V For Mr+ I = II X 112 we must have IXr+ II + ... + IXkl > 0, hence we will consider m:= gcd (xr+ 1"'" Xk)' In case m = 1 the vector x can be taken as new basis vector br + I because of (2.10). So, let us assume m > 1. From (3.33a), (3.33b) we obtain (3.33d)

197

Lattices and basis reduction

Therefore we can determine v = L~; I VjbjEA in the following way: x·

vj :=---'- (r+ 1 ~i~k), m

IV+

± qijVjl~-!-

j

(3.33e)

(i=r,r-I, ... ,I).

(3.33f)

j;j+ I

Since b " ... , br , v are linearly independent we must have (3.33g) Now (3.33d) and (3.33g) yield (3.33h) Applying (3.33g) and (3.33h) we obtain Mr+1

~

t q4ii(1 +_2_1_) m -I

j;1

m2r

~(m2_1)4max{qiill ~i~r}

m2 r ~(m2 -1)4 Mr (3.33i) For r = 1,2 this yields a contradiction to (3.30), and we get the first statement of the theorem. In case r = 3 we still get a contradiction except for m = 2 and M 1= ... = M4 = qll = q22 = q33' But then ql2 = ql3 = q23 = and we have M 4 = II V 112 for v = (0,0,0, X4/m, . .. , xk/m), hence v is a candidate for b 4 • 0 In case the first successive minima are known and if they are not equal, (3.33) can usually be improved, i.e. (3.33i) yields a contradiction also for r ~ 4. The importance of the successive minima hinges on the estimates stated in the following theorem.

°

Theorem (3.34) Let A be an n-dimensional lattice with successive minima M 1, ... , M n' There exists a constant Jln EIR > 0 depending only on n such that (3.34a) and even (3.34b)

198

Methods from the geometry of numbers

Proof (a) We consider balls B(x, r):= {y E!J;~n III x - YII ~ r} for XE !R n. It is obvious that the intersection of balls centered at different lattice points contains only boundary points for r = Mt/2. We define parallelotopes (I ~ i, < ... k the procedure terminates. There are three major steps: (A) Reduce flm.m _ I to Iflm.m - II ~ -1 by subtracting a suitable multiple of bm - I from bm • (All b1 remain unchanged!)

201

Lattices and basis reduction

(B) If (3.38b) holds for i = m proceed to (C), else interchange bm - I and bm • In case m > 2 also replace m by m - l. Then go on with (A). (C) Reduce (similar to (A» J1mj to lJ1m jl ~ t for j = m - 2, m - 3, ... , l. Then increase m by l. For m > k terminate, else go on with (A).

Remark In the algorithm the vectors bt are not used explicitly but only the squares of their norms B j := br'bt. (3.40)

LLL-reduction algorithm

Input. Basis vectors b l , ••• , bk of a k-dimensional lattice A. Output. A basis b l , ••• , bk of A which is LLL-reduced. Step 1. (Initialization). For i = 1, ... , k set: J1 jj t- b:b*)Bj

(1 ~ j ~ i-I),

j-I btt-bj -

L J1 jjbj,

Bjt-bt'b*j.

j= I

Then set m t- 2. Step 2. (Set I). Set / t- m - 1. Step 3. (Change J1ml in case lJ1mll > t)· r t- {J1m,}, J1mj t- J1mj - rJ1/j

If lJ1mll >

t, set

bm t- bm - rb" J1ml t- J1ml - r.

(1 ~ j ~ /- 1),

For / = m - 1 go to 4, else to 5. Step 4. «3.38b) violated on level m?) For Bm < (l- J1;',m-I)B m- 1 go to 6. Step 5. (Decrease I). Set / t-/- l. For / > 0 go to 3. If m = k, terminate; else set mt-m + 1 and go to 2. Step 6. (Interchange bm _ I' bm )· Set J1 t- J1m,m - I' B t- Bm + J12 Bm -I' J1m,m-1 t-J1Bm_I/B,Bmt-Bm_IBm/B,Bm_1 t-B; then set

( bm-I)t-(b m ), bm

bm -

I

(J1m~l,j)t-(J1mj J1m}

J1m-I,}

)

( J1j.,m-l) t- (1 J1m,m-1 )(0 _ 1 )(J1i.,m-l) J1lm

0

1

1

J1

J1lm

(1

~j~m-2),

(m

+ 1 ~ i ~ k).

For m > 2 decrease m by 1. Then go to 2. The transformation formulae of steps 3,6 are easily derived from the ideas in (A), (B), (C) (see also [10]). It remains to show that the algorithm terminates. For this purpose let

202

Methods from the geometry of numbers

be the principal minors of d(A)2 ( = Dk ) and k-I

D:=

nD

j•

j= I

Because of (3.3), (3.24) we also have /

D/=

n IIbjl12

(1 ~i~k).

j= I

Each time algorithm (3.40) passes step 6 the value D m _ 1 is diminished by a factor ~ whereas all other D/ remain unchanged. Hence, also D decreases by a factor l But - as exercise 5 shows - there are positive lower bounds S/ for the D/, i.e.

D/ ~ S/ > 0 (1

~i~

k)

independently of the chosen basis b l , •.. , bk of A. Therefore algorithm (3.40) can pass step 6 at most L-Iog(-b-n,.:} S)/logiJ times, the algorithm terminates after a finite number of steps. In case the lattice A under consideration is of rank n and integral (i.e. contained in IE") one can show [to]: Lemma (3.41) Let A = llEb/, b/ElEn, II b;ll2 ~ B (1 ~ i ~ n; B ~ 2). Then the number of arithmetical operations of algorithm (3.40) is bounded by 0 (n4 B), all occurring numbers (integers!) have at most 0 (n log B) binary digits.

EBi=

Before we present some important applications of algorithm (3.40) we illustrate its disadvantages by two examples. Especially, the first example shows that the unsatisfying estimate (3.39) (iv) cannot be improved by much. (3.42)

Examples (i) Let B = (Pij)ElRnxn be given by

.. '= P

{ (3

~2 /2)/ - I

for j = i for j < i.

, 1 ~ i ~ n.

I)"

t(3!/2)/-1

for j> i

Let Ak := EB~= llEb/ for fixed k (1 ~ k ~ n), where b l , ... , bn denote the columns of B. Then b l , ... , bk is a LLL-reduced basis of Ak and min { II x IIlxEAk, X #= O} = (3 1 / 2/2)k - 2 in case of k ~ 2 ([1], see also exercise 6). (ii) In this example the basis vectors of the lattice under consideration are again given by the columns of the matrices shown below. A basis (corresponding to the first matrix) is LLL-reduced, then Minkowski-reduced and finally LLL-reduction is applied again. The listed squares of the norms of the basis vectors show that LLL-reduction can even spoil a short basis. This example was found in [14].

Initial basis: 9 6 0

9

0

7 2

10

5 1 9 8 4

8

9

o o

2 5 7 5 3

1 0 8 4 2 9 6 6 9 8 2 7 8 5 016 5 3 7

o 5 8 2 9

2 2 7

364 4 7 7 9 1 1 6 6 238 8 0 1 8 6 4 7 671 7 7 0 8 573 5 2 6 3

o 10

8

7

o

8 3 1 9

5 2

o

4 0 0 4 3

3 2 5 9 2

6 0

4 9

5 8 5

1 0 9 4

4

5 2 5 7 2

9 2 1

341 389 845 9 2 3 081 103 8 9 9 6 3 0 4 7 3 3 2 7 8

10 9 4 2 7 4 1

7 3 2

3 3 3

5 0 3 1 9

3 7 8 5 6

0 5

971

571

543

3

3

6

7 1

1 5 1 3 7 1 6 4 2 9 4 4 6 8 7 4 9 3

7 7 4

7 0 2

7

6

7

7

8

8

2

4

8

8

3 3 4

0 1 3

7

8

9

o

0 2

8 0 8 6 8 4 165 6 9 1

3 5 7

2 7 3

4

6

1

5

6

6

6

2

6

5 7 3

6 8 7

3 3

4 8

8

4

9

o

9 5

3

4

9

0

9 7

0 2

o 5

8 5

2 6

5 3 9

3

8

2

8

o

2

919 4 0 4 8 5 3 6 0 8 9 2 306 4 5 2

677

804

10

8

7 7

7

o

7 3 4 7 4 895 6 9 5 860 122 o 4 7

8

6

8

2 2 5 3 6

2 6

10

8

7 3 5 9 9

9

8 7 6 5

o 5 5 2 7

o

8 1

t""

~ §. '"

'"= c.. cr

'"~. ;;

c.. c: !:l.



=

o 6 7 9

Squares of norms of columns:

854

473 553

410 455

548

710

494

560 512

645

597

642

613

498

734

~ ....,

LLL-reduced basis:

33332 -4 -1 0 -4 0 4 0 4 -1 -2 -2 0 -4 1 1 -2 3 -2 -3 3 4 - 3 2 1 1 3 1 -4 -4 0 2 4 2 2 0 -3 1 0 -4 -2 -2 0 -1 1 4 3 -3 -1 -1 o 4 2 -2 5 4 -4 -4 4 -3 1 -2 3 -6 -1 -2 4 -1 -4 -1 -3 -3 -2 2 -1 3 0 0 -3 -1 0 -1 -1 1 2 2 -2 1 3 -2 -4 0

-1 -1 -6 -2 5 0 -1 3 -3 -2 4 5 0 0 -1 1 -3 -1 0

6511 -2 -4 6 -6 2 -5 -4 0 2 -1 -3 -4 4 -1 -1 - 4 - 2 1 - 5 -2 1 -2 -2 -3 3 0 1 0 -1 -1 -3 -1 -2 -1 -2 -1 -2 3 4 3 -1 3 -2 -1 0 -1 3 4 -1 2 2 1 0 4 -5 -3 -6 3 0 -5 3 2 -3 -6 -2 -1 -1 -2 -1 -2 2 0 -1

0 -2 5 -2 - 2 0 -3 0 -4 2 -1 2 -3 2 2 -2 -7 5

113232221 2 -5 0 -4 -1 -5 2 3 -3 -3 -2 -1 2 -1 3 -3 -1 -1 3 2 3 3 -3 0-3 -2 -2 2 -3 4 -3 3 2 - 4 0 0 - 2 -5 - 6 4 3 1 -1 -1 -1 2 0 0 -1 -5 -2 7 1 5 -4 -2 0 7 -2 6 0 0 -5 3 -2 -1 2 3 4 -2 -3 -2 0 1 -1 2 -2 0 1 -3 5 5 6 -2 -2 0 -2 -4 0 -1 6 0 2 2 -2 6 2 6 1 -3 2-5 -1 -4 -2 1 -2 2 -3 2 4 3 -2 6 3 4 2 -4 -2 -1 -1 -7 3 -2 1 2-7 3 3 -2 4 2 7 -2 -3 -3 6 3 4 -1 -5 3 -2 -5 -1 -2 5 -1 6 0 0 -2 7-1 -4 0 1 0 -1 5 4 -5 -5

Squares of norms of columns:

116

130 123

144 133

151 144

167 153

184

168 167

174

193 189

194 194

204 201

206

~

::

:ro Q..

'"

3' 3

:r '"

~

o 3

~ .... '
0 go to 3. Else set m f- m + 1 and go to 2. Step 6. (Bm=~=O?). Set ~f-~m.m-I' Bf-Bm+~2Bm_I' For B=O go to 7. Else set ~m.m-I f-~Bm_IIB, Bmf-BmBm_IIB,

~,... m-I)~(l ~m.m-I)(O _l)(~,... m-l) ~ ( ~I.m 0 1 1 ~ ~,.m

(m + 1 ~ i ~ k

+ 1).

210

Methods from the geometry of numbers

hm-I) 0 which satisfy IX" I ~ C I + e, IX,;I < C j (2 ~ i ~ n). Because of (3.15) there are only finitely many X, at all, if we bound e by 1 from above, and for e ...... 0 one of these X, must already satisfy IX "I ~ C I'

o In most applications, however, the pointset S under consideration is by no means convex. In that case it can be helpful to apply Minkowski's Convex Body Theorem to a convex subset C of S. For example, in algebraic number fields the non-zero integers are of absolute norm greater than or equal to one. For the Minkowski-mapping of those integers into IRn (see chapter 6 (3.6)) the set S, s

S:=

{

n-I

}

xElRn}J Ixd }ll (x; + xt+ d < 1 \

(4.5)

i -sodd

for suitable sE7!"o, n - S = 2t, cannot contain images of integers different from O. Since S is not convex in general we consider the subset C instead: C:=

{XElRn/

JI IXil + i:~ I(x; + x;+ d 2

l/2

< n}.

(4.6)

j-sodd

(C!:; S is an immediate consequence of the inequality between geometric and arithmetic means.) Then C cannot contain images of non-zero integers either, and as C is convex (by (4.1a), (4.1 b)), Theorem (4.2) yields V(C) ~ 2nd(A), where A denotes the lattice of the image of the algebraic integers. This yields an important estimate for d(A) in terms of V(C).

Computation of V(C). Let

Obviously,

V(Cs,r(A)) = AnV(Cs,t(l )).

(4.7a)

216

Methods from the geometry of numbers

For s > 0 we have

=

V(CS.I(l))

fl

V(Cs-1.1(l-lxi))dx

=2V(Cs- 1.,(l))

L

(I_X)"-Idx

2

= -n V(C s - 1 .,(1))

(4.7b)

= 2.

(4.7c)

and V(C1.o(l))

For t > 0 we obtain V(CO.I(l))

=

If

2

V(CO.I-1(l- 2(x 2 + y2)1/2)) dx dy.

2

x +y v'x = vx' v'x + vx'

-+-=------:v v' vv'

x x' v v' lO(R)

(2.1 a)

xx' vv" v v

=-,

x , , -=x¢:>vx =X

(2.1 b) (2.1 c)

V

(x, x' E R; v, v' two non-zero divisors of R), such that O(O(R)) = O(R),

O(R 1 Et> R 2 ) = .Q(R 1) Et> .Q(R 2 ),

(2.2)

(2.3)

The algebraic background

N R(O(R)) = O(R) N R(R), O(R)/N R(,Q(R» ~ ,Q(R/N R(R».

223

(2.4) (2.5)

If R is subring of the unital commutative ring I\. containing lA then the canonical monomorphism

I:

R ~ ,0(1\.): aM Textends uniquely to the mono-

morphism t':,Q(R, I\.)~,Q(I\.):~I--+~ of the subring ,Q(R, 1\.) of ,Q(R) formed by

v

those formal quotients

v

~ where aER and VER is a non-zero divisor of 1\.. v

In constructive algebraic number theory we must solve one algebraic equation or a system of finitely many equations in a constructively given commutative ring. The smallest ring available is the ring generated by the coefficients of the equations to be solved. In any case our constructions employ only finitely many algebraic quantities. Moreover, it is usually not easy and often not even necessary to test the irreducibility of the given equations. That is the reason why we pay much attention to finitely generated commutative rings in this presentation.

Lemma

(2.6)

Let I\. be a unital commutative ring with zero nilradical which isfinitely generated over the subring R, an entire ring containing I A such that every non-zero element of R is a non-zero divisor of 1\.. Then we have ,Q(R, 1\.) = O(R), and ,0(1\.) is the algebraic sum offinitely many fields, each of which is isomorphic to a finitely generated extension of ,Q(R). Each component has non-zero intersection with I\.. Proof By assumption I\. = o, XI = lA = IR. If s = I then I\. = R, 0(1\.) = O(R). Apply induction over s. If s > 1 then by induction hypothesis applied to the subring


0 then let m' be the product of the distinct prime numbers dividing m. In any case, n(Ajm'A) contains the same number of idem po tents as n(A). Without loss of generality we assume that A is unital with non-zero nil radical and of characteristic a

m'= nPi' i= I where

lJEZ>o

and Pl, ... ,Pa are distinct prime numbers. Hence, a

A = EB(m'!Pi)A, i=1 a

n(A) = EB n«m'!Pi)A), i= I

and (m' !Pi)A i is a finitely generated unital commutative ring of prime characteristic Pi whose quotient ring contains only finitely many idempotents according to lemma (2.6). 0

226

Maximal order

Concerning non-constructive extensions of the quotient ring concept see exercises 1-4 at the end of this section. 2. Localization

The construction (2.1 a) of a ring using a given commutative ring Rand certain elements of R as denominators can be applied to any ring R containing a subsemigroup S of the (multiplicative) semigroup of the center of R. It yields a unital ring R/S, said to be the S-localization of R. Its unit element is (2.8a) and the mapping R cp: R -+-:

S

vx

XI-+--

v

(xER, YES),

(2.8b)

suggested by (2.1 b) is unique. The image ring cp(R) is a subring of R/S such that the elements of cp(S) are non-zero divisors of R/S forming a subsemigroup of the center of R/S. This mapping is injective (monomorphic) if and only if the elements of S are non-zero divisors of R. In that case we consider cp as the canonical embedding of R in R/S, and interpret R/S as an overring of R. For example

R

cp(R)

cp(R) cp(S)

S

cp(S)

cp(S)

(2.8c)

is an overring of cp(S). It is because of (2.8c) that we confine our consideration to localization by means of semigroups of central non-zero divisors. Any ideal a of R generates the ideal

R S

a

R S

(2.9a)

-=0-=-0

S

of R/S such that a+b

0

ob S

0

b

-S-=S+S'

onb

(2.9b)

b

SS' 0

b

--=-n-

S

S S

The algebraic background

227

(a, b any two ideals of R). Conversely, for any ideal 21 of R/S we find that the intersection with R is an ideal of R generating 21 over S:

~(nR

= 21

S

'

(2.9c)

the intersection of 21 with R is the largest ideal of R generating 21 over S. In other words, localization sifts out certain ideals 21 n R of R, the S-ideals in one-to-one correspondence with the ideals of R/S such that the ideal structure in regard to addition, mUltiplication and intersection is preserved. For example for any prime ideal p of any commutative ring R the elements of R not belonging to p form a multiplicative semigroup R\p. It defines a unital overring R/(R\p) by localization precisely if R contains no non-zero divisors and in that case R/(R\p) is an entire ring. This particular localization is said to be the p-localization of R though, of course, the denominators used are precisely those elements of R which do not belong to p. In fact p generates the maximal ideal p/(R\p) of R/(R\p) and this is the only maximal ideal of R/(R\p). This is because the units of R/(R\p) are precisely the elements of R/(R\p) which do not belong to p/(R\p):

I

U(R~P) R~P R~P . =

Definition A ring with only one maximal ideal is said to be a local ring.

(2.9d)

(2.10)

A local domain is characterized as an entire ring with precisely one maximal ideal. It is a ring providing its own localization with respect to its maximal ideal. For example the 2-localization of 7L, i.e. the localization of 7L with respect to the prime ideal 27L is obtained as the ring

7L\~7L of all rational numbers with

odd denominators. The 2-ideals of 7L are the ideals generated by powers of 2 and O. Similarly, for any prime number p of 7L the p-Iocalization of 7L emphasizes the powers of p and 0 among the ideals of 7L. Thus p-Iocalization appears as a tool for detailed aspects ofthe arithmetical structure of 7L. Upon gathering the aspects obtained by many p-Iocalizations we obtain a richer global view of it. For any ideal a of a commutative ring R the elements x of R for which the residue class x/a modulo a represented by x is a non-zero divisor of R/a form a subsemigroup S. of R. The a-localization of R is defined as the ring R/S•. If R is an entire ring then R/S. is a subring of O(R) containing R as a subring. For any non-zero ideal of 7L, say the ideal m7L generated by the natural

Maximal order

228

number m, the m-Iocalization 711S," consists of the rational numbers with denominator prime to m. We have 71IS 1 = 71. For m > 1 there are only finitely many maximal ideals of 71IS,", viz. the principal ideals piS,. where p runs through the prime numbers dividing m.

Definition

(2.11)

A ring with only a finite number of maximal ideals is said to be semilocal. The semi local localizations of 71 and of generalizations of 71 (Dedekind orders) become important in the detailed study of finitely many distinct prime ideals and their interaction. The localization concept extends to modules over rings. Suppose R is a unital commutative ring and M is an R-module, in other words M is a module with a binary multiplication of the elements A of R (scalars) by elements x of M defining the homomorphism

8: R -4 End(M), 8(A)(x)

= AX

(AER, xEM)

of R into the endomorphism ring End(M) with 8(lR) = 1M .

For any subsemigroup S of R the S-Iocalization MIS is the RIS-module formed by the formal quotients X

I

(xEM, AES) with the operational rules

x'

- = -¢>A'x = AX' A A' ' X X ..1.'x + AX' I+ A' = ,1...1.'

(2.12)

JJ. X JJ.X (x,x , EM; JJ.E R ; A, 1 _._=-

VA

VA

l' A,

VE S)

as is easily verified by the reader, who also realizes that the mapping M

¢: M - 4 - : S

vx

C"-"-

(xEM, YES)

(2.13a)

V

provides an additive homomorphism satisfying ¢(AX) = lifts to an injective mapping of MjTor(MjS) into (MjTor(MjS))jS so that MjTor(MjS) is S-torsion free. If Mis S-torsion free then the S-R-submodules of M are defined as those R-submodules which are obtained by intersecting an RjS-submodule of MjS with M. They are the largest R-submodules of M among those generating the same RjS-submodule of MjS. They are in I-I-correspondence with the RjS-submodules of MjS such that addition and intersection of modules is preserved. Note also that for any ideal a of R and any R-submodule m of M we have

am

am

S

SS

Exercises I. Let R be a unital commutative ring. An ideal a of R is said to be large (,non-zero divisor ideal') if 0 is the only annihilator of a. For example, R itself is large. Show:

(a) (b) (c) (d) (e)

Any ideal of R containing a large ideal is large. The sum of two large ideals is large. The product of two large ideals is large. The intersection of two large ideals is large. Any ideal of R containing a non-zero divisor of R is large.

2. (Lambek) A partial endomorphism of a unital commutative ring R is defined as a mapping qJ: a --> R of a large ideal a of R into R satisfying qJ(a + b) = qJ(a) + qJ(b), qJ(Aa) = AqJ(a) (a, bEa, AER). For example, the fraction i is associated with the partial endomorphism qJ: 31--> I: 3xI-+ 2x. Two partial endomorph isms qJj:a j --> R (i = 1,2) of R are said to be equivalent, if their restrictions to the intersection of the large ideals a" a 2 coincide: qJ,l a."a2 = qJ21 •• "a2' For example, the partial endomorphisms of 7L associated with the fractions t ~ coincide on 6In9I = lSI. Both are equivalent to 1. Show: (a) The equivalence of partial endomorphisms is reflexive, symmetric, and transitive. (b) If qJ:a-->R, r/!:b-->R are two partial endomorphisms of R, then also the sum qJ+r/!:anb-->R:xl-+qJ(x)+r/!(x) and the product qJr/!:ab-->R:xl-+qJ(r/!(x)) are partial endomorph isms. (c) Both addition and multiplication of partial endomorphisms satisfy the substitutional law so that the equivalence of partial endomorphisms qJj(i = 1,2), r/!j(j = 1,2) implies the equivalence of qJ, + r/!, and qJ2 + r/! 2 as well as of qJ, r/! 1 and qJ2r/!2' (d) The equivalence classes ofthe partial endomorph isms of the unital commutative

230

Maximal order

ring R define a unital commutative ring O(R), the Lambek-U shida quotient ring. (e) There is the canonical monomorphism !: Q(R) --> O(R) subject to !(x/v): vR --> R: VYI-+ xy (xER, v a non-zero divisor of R) of the standard quotient ring Q(R) into the Lambek-Ushida quotient ring. (f) For entire rings R we have Q(R) = O(R). (g) There are unital commutative rings R satisfying Q(R) c O(R). (h) O(O(R» = O(R).

3. Let R be a unital commutative ring and M an R-module. (a) There is the R-module homomorphism '1: M-->Q(R)®RM: ul-+l®u such that Q(R)®RM is a Q(R)-module according to the rule x(y®u) = xy®u (x, YEQ(R), uEM) and Q(R)®RM = Q(R)'1(M). (b) For entire rings R there holds ker'1 = Tor (M/R), where Tor (M/R):= Tor (M/S R) and SR denotes the non-zero divisors of R. (c) If we define Tor (M/R) as ker'1 then Tor ((M/Tor (M/R)/R) = O. 4. (a) Under the assumption of 3. show that there is the R-module homomorphism ij: M -->O(R)®RM: Ul-+ 1 ®u such that O(R)®RM is a Q(R)-module according to the rule x(y®u)=xy®u (x,YEO(R), uEM). (b) ker ij = ker '1.

4.3. Valuation theory I. Pseudo-valuations The mapping of a complex number on its absolute value is a mapping q> of C, the complex number field, into the real number field IR for which q>(a)

~

q>(a) = O¢>a q>(a

(3.1 a) (ll b)

0,

= 0,

± b) ~ q>(a) + q>(b), = q>(a)q>(b),

(3.1 c) (lid) (lie)

q>(ab)

q>(±I)=1

for all complex numbers a, b. The real number field IR provides an example of an algebraically ordered ring which is defined as a ring with a total ordering relation such that

P> 0 => ex + p > 0, ex > 0 /\ P> 0 => exp > 0,

(3.2a)

ex > 0 /\

if (X "# 0, and if not ex>

(X

> 0 then -

(3.2b) (X

> 0,

P¢>ex - p > 0 for all elements ex, p of .

(l2c) (l2d)

231

Valuation theory

Definition (3.3) The mapping cP of any unital ring R into the algebraically ordered unital ring $ satisfying (3.1 aH3.lc), (3.1e) for a, b of R and the generalization cp{ab) ~ cp(a)cp(b) (a, bE R)

(3.3a)

is said to be a pseudo-valuation of R in $. The pseudo-valuation is said to be multiplicative or just a valuation if (3.1d) is satisfied for a, b of R. For example, the rational number field 0 is algebraically ordered according to the rule a a' -b > -~abb'2 > a'b'b 2 (a , a' "b b' ElL ,0r ~ bb') . b'

(3.4)

For any prime number p we have the p-adic valuation

pVa CPp:O ~ O"o:bl-+ p-v

(vElL; a, bElL, pfab).

o 1-+0 Similarly we have for any composite natural number n the non-multiplicative n-adic valuation:

CPn: O~O"o, cpn(n;a)=n-

V

(vElL;a,bEZ, nfa,gcd(b,n) = 1),

CPn(O) = O. It is a pseudo-valuation but no valuation. The pseudo-valuations satisfy the rule

cp(a + b) ~ max (cp(a), cp(b»,

= CPn (3.5)

which implies the triangle inequality (3.1 c). Pseudo-valuations cP satisfying (3.5) are said to be non-archimedean. On the other hand the ordinary absolute value valuation (3.6)

does not satisfy the stronger condition (3.5). It is said to be archimedean. 2. Algebraically ordered rings and semirings Let us now study the pseudo-valuations for the purpose of embedding orders into maximal orders. Firstly we observe that only the non-negative elements $,,0 of $ occur as values of the valuation function cp.

Maximal order

232

They form an algebraically ordered semiring as is implied by the following definitions.

Definition (3.7) A semiring is defined as a set with two associative binary operations, addition and multiplication, linked by the two distributive laws

a(b + c) = ab + ac, (b + c)a = ba + ca. For example, the natural numbers form a semiring.

Definition (3.8) A total order relation on a semiring S is said to be an algebraic ordering if it satisfies the rules (3.8a)

and rx

> fl

I",

> 0 ~rxy + flO > fly + rxO for all rx, fl, y, 0 of S.

(3.8b)

The reader will find it an easy exercise to deduce (3.8a), (3.8b) from (3.2a-d). On the other hand we note that addition in a semi ring need not be commutative. Let us show that algebraically ordered semirings have commutative addition. Certainly both cancellation laws of addition are satisfied:

y + a = y + fl~a = fl, a + y = fl + y~a = fl·

(3.9a) (3.9b)

This is because of (3.8a) and the trichotomy of total ordering which means that for any two elements a, fl of a totally ordered set one and only one of the 3 relations: rx > fl, fl > rx, rx = fl takes place. But in a semi ring S satisfying both cancellation laws of addition the elements of S2 commute under addition since (rx

+ fl)(y + b) = (rx + fl)y + (rx + fl)b = rxy + fly + rxb + flb = a(y + 0) + fl(y + b) = ay + aO + fly + flO

implies upon cancellation of rxy on the left, flO on the right that

fly + rxO = rxO + fly· If an algebraically ordered semiring S contains a neutral element n of addition (zero element) at all then n is characterized by the equation n + n = n. Indeed, if n+n=n then we have n+n+rx=n+rx, rx+n+n=a+n by uniqueness and n + a = a, rx + n = rx by the cancellation laws of addition. Conversely anyone of the equations n + a = a, rx + n = rx implies the equation

n + n = n. For an algebraically ordered semiring S we also have the cancellation

233

Valuation theory

laws of multiplication

all = ay = fJ

y

(3.9c)

= ya=fJ = y

(3.9d)

=

and

fJa

for three elements a, fJ, y of S for which a + a #- a. Indeed, if IY. + a > a, fJ> y then (a + a)fJ + ay > a{3 + (a + a)y by (3.Sb), hence a{3 + afJ + ay > afJ + ay + ay and upon cancellation of a{3 on the left, ay on the right afJ> ay. Similarly we conclude that a{3 < ay from a > a + a, (3 > y. There is just one semiring with one element only, the null ring. In an algebraically ordered semiring S which is not a null ring the addition is commutative because there is an element a of S for which a + a #- a. For any two elements fJ, y of S we derive from the commutativity afJ + 'Y.y = ay + afJ for the addition of the products afJ, lY.y upon cancellation by a on the left the commutative rule fJ + y = y + fJ· A semiring S with commutative law of addition and the cancellation laws of addition also is said to be a half-ring. This is because it is embedded into the ring = S - S formed by the formal difference elements a - fJ(a, fJES) subject to the operational rules:

a - {3 = y - (j=a + (j = fJ + y, (a - fJ) + (y - (j) = (a + y) - (fJ + (j), (a - fJ)(y - (j) = (ay + (3(j) - (a(j + fJy), a - {3 = y-¢>a = {3 + y (a, (3, y, (jES).

(3.10a) (3. lOb)

(3.IOc) (3.IOd)

The ring properties of and the embedding of S in may be verified by the reader without difficulty. Note that (a - fJ) + {3 = a as it should be in a ring. The algebraic ordering of an algebraically ordered semi ring S extends to a total ordering of S-S upon defining

a - {3 > y - (j-¢>a

+ (j > fJ + y (a, fJ, y,

(jES)

(3.lla)

and verifying that

a - {3 > y - (j and a - fJ = a' - Il', implies that a' - {3' > y' - S,

y - (j = y' - (j'

(3.11 b)

and that (3.l1c) (0(,0(', {3, {3', y, y', (j, (j', e, y/ES).

It is left to the reader to verify that the total ordering of S-S provided by (3.lla) satisfies the rules (3.2a-d) for an algebraic ordering of S-S extending the algebraic ordering of S. Indeed this is the only way to do so because for an algebraic ordering of S-S any time we have 0( - fJ > y - (j (0(, {3, y, (jES) we gather upon addition of {3 + (j on both sides that a + (j > y + {3 = fJ + y.

234

Maximal order

Note that in any algebraically ordered ring , the positive elements, i.e. the elements> 0, form an algebraically ordered semi ring O}, which generates = 0 consists of the squares of non-zero real numbers so that there is only one algebraic ordering of the real number field IR. The null ring is embedded into the algebraically ordered ring Z. Any other algebraically ordered ring R is embedded into the unital algebraically ordered ring R EB Z formed by the formal sums x EB A(xER, AEZ) with operational rules

= yEBIl¢>VIXER: (x - Y)IX = IX(X (xEB2) + (yEBI1) = (x + y)EB(2 + 11), (x EB A)(y EB 11) = (xy + AY + Ilx) EB All XEBA

y)

= (11- 2)1X,

(3.12a) (3.l2b) (3.12c)

x EB 2> 0¢>3IXER: IX> 01\ XIX> - AIX

(x, YER; A, IlEZ) (3.l2d)

as may be verified by the reader. Thus it comes that in valuation theory the values are taken from a unital algebraically ordered ring though not all elements of occur as values. We remark that values itself multiplicatively by the absolute valuation

IIXI

={ ~ -IX

if IX> 0 if IX=O (IXE IX

(3.13)

in as much as lal~O,

lal = O¢>a = 0, la + hi ~ lal + Ihl, labl = lal'lbl, I ± 11 = 1 (a, bE 0 0 if IX = 0 - 1 if 0> IX. I

sign (IX) = {

(3.l4a)

It is multiplicative: sign(lXfJ) = sign (IX) sign (P)

(IX,PE of R into $ satisfying merely (3.1 a), (3.lc), (3.ld), (3.le), all elements of R with q>value zero form an ideal J(q>,O) of R such that the mapping

if>: R/ J (q>, 0) -. $:a/J( q>, defines a pseudo-valuation if> on R/ J (q>, 0).

0) 1-+ q>(a)

The strength of valuation theory rests in the fact that it provides an evaluation of complex algebraic structures like those provided by the algebraic structure of a ring R by means of a totally ordered structure like the algebraically ordered unital ring $. Therefore we say that two pseudo-valuations of R, say q> in $, q>' in $', are equivalent if q>(a) > q>(b)=-q>'(a) > q>'(b)

(a, bER).

This equivalence relation between pseudo-valuations is reflexive, symmetric, and transitive. For example the n-adic pseudo-valuation q>n of 0 (nEil> I) is equivalent to anyone of the pseudo-valuations q>:0 -. ~:Xl-+ q>,,(x)fl

with positive exponent p. The strength of our particular choice of q>p (p a prime number) and of q>oo rests in the product formula

n q>p(x) = 1

(0 =f. XEO),

(3.15)

p

where the product on the left extends over all prime numbers p as well as over 00. Moreover, for each x only a finite number of factors is not 1. The product is taken only over those factors. The product formula is an elegant equivalent to the fundamental theorem of number theory. It suggests to look at q>oo, i.e. the absolute value valuation of 0, as of the infinite prime Poo of 0. As this example shows, valuation theory provides for a proper analysis of the complexities of an algebraic structure by considering many valuations. The non-archimedean valuations of a division ring ( = skew field) which are also called Krull valuations have their values only in a multiplicative group and in O. The restriction of an algebraic ordering of a unital ring $ to a subgroup G of the unit group of $ establishes an algebraic ordering of G. It is a total ordering of G subject to the rules 0:>1, P>I~o:p>l, 0:> 1~~o:CI > 1,

(3.16a) (3.16b)

Maximal order

236

IXEG,

IX:j> I,

IX:f.: I =IX- 1 > I,

IX>P~IXp-I>1

(IX,P,~EG).

(116c) (116d)

Conversely, if a group G contains a subset G> 1 satisfying (3.16a-c) then by means of (3.16d) a total ordering of G is established that is extended to an algebraic ordering of the group ring ~G by defining

L A(g)g > 0~(3goEG:A(go) > 0/\ (VgEG:g > go=A(g) = 0».

(3.16e)

geG

It follows that the total ordering of G determined by means of (3.16d) is an algebraic ordering of G. This brief excursion shows that even in case the non-zero values belong to an algebraically ordered group it is still acceptable to speak of a valuation into an algebraically ordered unital ring.

For any non-archimedean pseudo-valuation cp:R -+

(3. t 7a)

of the unital ring R we have the modules /(cp,p)

= {xERlcp(x) ~ p}.

(3.17b)

of R defined for each p of "0. They are said to be the valuation modules corresponding to cp and they have the properties /(cp,p)£;J(cp,p')

ifO~p~p',

/(cp, p)/(cp, p') £; /(cp, pp') (p, p' E"o), J(cp, 0)

= 0,

(3.l7c) (3.17d) (3.l7e)

U

J(cp,p)=R,

(1 t 70

pe~O

(117g) The valuation module J(cp, I) is a ring said to be the valuation ring of cpo Conversely, if J(p) are submodules of R defined for each element p of ,,0 and subject to the conditions (117c-f) with /(p) in place of /(cp, p) then there is the non-archimedean pseudo-valuation (117a) defined by (3.l7g) so that J(p) = J(cp, p) (pE"o). From now on we simply speak of , valuations' in place of ' non-arc hi medean pseudo-valuations'.

4. Extending valuations I A central problem of valuation theory is the task of extending a given valuation (3.17a) of R to a valuation of a given unital overring A. If 1R can be extended to an R-basis B of A such that cxb j = bjlX bjbj

= L

bkeB

(IXER, bjEB),

Yjjkbk

(YjjkEC(R»,

(3.18a) (3.18b)

Valuation theory

237

ljj(bjb j ) ~ ljj(bj)ljj(b j ) (b i , bjEB),

(3.ISc)

then we have the inequalities

ljj(bibj ) ~ max {CP(Yijk)ljj(bdlbkEB}

(3.ISd)

(b i , bjEB),

for every valuation (3.ISe)

ljj:A-+

of A extending cp. Suppose now, we can solve the inequalities max {CP(Yijk)Kb.lbkEB} ~ Kb,K bj (b i , bjEB)

(3.ISf)

by positive constants K b,E (biE B) subject to K 1 = I,

(3.ISg)

then we define an extension ljj of cP to A by setting ljj(

L ~kbk):=maX{cp(~k)Kb.lbkEB}

(3.ISh)

b.eB

(~kER, ~k

= 0 for all but a finite number of bd. If B is finite, then (lISf, g) are always solvable, viz.: K1=1,

Kb.=max{cp(Yijk)lbj,bjEB}

(l:l=bkEB).

(3.ISi)

The extensions ljj obtained in this way satisfy the rule (3.ISj) which characterizes the normalized bases of A over R. Of course, in general, it can happen that A has no normalized R-basis. The advantage offered by a normalized R-basis B of A is the possibility of defining the product valuation ljj'®Rljj:A' ®RA -+

(3.19a)

of the tensor product R-ring A' ® RA for two unital R-rings A, A' with valuations ljj, ljj' extending cP, respectively. It has the properties ljj'®Rljj(X'®X)~ljj'(X')ljj(X)

ljj' ® Rljj(y' ® y) = cp(y')cp(y)

(X'EA', xEA),

(3.19b)

(y, y' E R),

(3.19c)

ljj' ® Rljj is maximal among the generalized valuations of

(3.19d)

A'®RA satisfying (3.19b,c).

Indeed, every element z of A' ® R A is uniquely presented in the form z=

L x~ ® b

k

(X~EA', x~ = 0 for all but a finite number of bk ).

(3.1ge)

b.eB

Then (119b-d) are satisfied by setting ljj' ® Rljj(z) = max {ljj'(X~)ljj(bk)1 bk E B}.

(3.19f)

Maximal order

238

We observe that for any system S of generalized valuations cp: X unital ring X in also the maximized mapping

~

of a

(3.19g) is a generalized valuation of X in provided that the maximum exists for all XEX. For example, the possibility of defining i[>' ® Ri[> in general depends on the conditions (i) IA,®p=O=>p=O for all pER, (ii) the existence of some generalized valuation satisfying (3. 19c), (iii) the existence of the maximization demanded by (3.19d). Before we continue to discuss the extension problem a few simple remarks on valuations cp of R are in order. cp( - a) = cp(a)

(3.20a)

(aER),

For any two elements a, b of R we know that cp(a

± b) ~ max (cp(a), cp(b)).

However, if cp(a) i= cp(b) then we know more precisely cp(a

± b) = max (cp(a), cp(b)).

(3.20b)

Indeed, for cp(a) < cp(b) we obtain cp(a

± b) ~ cp(b) = cp«b ± a) =+= a) ~ max (cp(b ± a), cp( =+= a)) = cp(a ± b),

Furthermore, if ab

= IR then we have 1 = cp(1 R) = cp(ab) ~ cp(a)cp(b).

If cp(a)cp(b) = I then we have for every element x of R cp(x)

= cp(x ab) ~

cp(xa)cp(b) ~ cp(x)cp(a)cp(b)

= cp(x),

hence cp(xa)

= cp(x)cp(a).

(3.20c)

cp(bx)

= cp(b)cp(x).

(3.20d)

Similarly, The unit a of R is said to be a cp-unit if cp(a)cp(a - 1) = cp(a - 1)cp(a) = I.

For cp-units a we have

= cp(a)-l, cp(ax) = cp(a)cp(x),

cp(a- 1 )

cp(xa)

= cp(x)cp(a)

(XE R).

The cp-units form a subgroup of the unit group of R. Similarly, we see that the elements a, b of R satisfying (3.20c, d) for all x of R form unital semigroups (of right cp-multipliers, left-cp-multipliers).

Valuation theory

239

The pseudo-valuation qJ is multiplicative if and only if every element of R is a right-qJ-multiplier (Ieft-qJ-multiplier). This implies the condition that

J(qJ, p)J(qJ, a) = J(qJ, pa)

(3.20e)

for any two p, a of n qJ(R), though the converse need not hold. If R is a division ring then the valuation qJ of R is multiplicative (a Krull valuation) if and only if

qJ(R\ {O}) £ U( 0 form a uniquely divisible commutative group. The same is true for the additive group of a as well as of any field of zero characteristic. (3.28) Lemma Any commutative group G without elements #- 1 of finite order (torsion free abelian group) has a unique torsion-free divisible commutative overgroup G1/ N formed by all symbols ar (aEG, rEO) subject to the operational rules

The proof is left as an easy exercise to the reader. Any algebraically ordered commutative group G is torsion-free. The algebraic ordering of G is uniquely extendable to an algebraic ordering of G1/ N by defining

aP/q >

bP'/q':~apq'

> bP'q (a, bEG; p,p'EZ; q, q'EN).

(3.29)

It will be shown in the next subsection that for any algebraically ordered field $ there is an algebraically ordered extension with divisible positivity group. At any rate, any valuation

p, then R:= R + Pq• has the property described above yielding R => R contrary to our assumption. Hence, we must have 0 Pq• = P for all PEX, and therefore R is a Krull valuation ring.

Corollary

(3.46)

(a) Under the assumption of lemma (3.45) let X = {p, p} such that pcp, then for each Krull exponential valuation ,,:F -+ M u { oo} for which 1(1],0);2 R, 1(", > O)nR = P we derive the Krull exponential valuation

Valuation theory

251

ij:F-+Mu{oo} such that I('1,0):JI(ij,0)2R, I(ij,>O)nR=p. If the rank of '1 is finite then the rank of ij is smaller. (b) If every non-zero prime ideal of the entire ring R is maximal, then every non-trivial Krull valuation of O(R) containing R in its valuation ring is of rank one, and vice versa. Among the rank one valuations we distinguish the discrete valuations. They are characterized as Krull valuations with infinite cyclic value group:

qJ: F -+ $:

af4

~3(a)

(0 < ~o < I),

(3.47a)

or, in terms of an exponential valuation,

'1: F -+ 7L u { 00 }, '1 surjective.

(3.47b)

For example, the p-adic valuations of the rational number field Q are discrete valuations. Conversely, we have

Lemma (3.48) Every non-trivial Krull valuation of Q is equivalent to a p-adic valuation for some prime number p. Proof Let qJ: Q -+ $ be a non-trivial Krull valuation. Then we have 7L ~ I( qJ, 1) and since qJ is non-trivial on Q, also qJ Iz is non-trivial. Hence, Pip n 7L is a prime ideal of 7L, i.e. there is a prime number p subject to Pip n 7L = p7L with the consequences 0< qJ(p) = ~o < I; qJ(m) = 1 for plm (mE7L), qJ(pVmn-l) = ~o (y,m,nE7L,plm,pln). Clearly, qJ is equivalent to qJp. 0 The fundamental theorem of number theory implies the (strong) independence of the p-adic valuations (p running through all prime numbers) in the following sense:

Definition (3.49) A system S of non-archimedean valuations qJ: R -+ $ of the unital ring R in the algebraically ordered ring $ is said to be independent, if for every finite subset {qJI, ... ,qJrn} of S and any m elements I:jEqJj(R\{O}) (I ";;i";;m) there is an element x ofR satisfying qJj(x) = I:j(l ,,;; i ,,;; m). Iffor any finite subset {qJ I"'" qJrn} of Sand I:jEqJj(R\{O})n$oo:F -+ 1R:!g-1I-+qdeS (f)-de S (9)

(f,gERo,/g # 0),

01-+0

(3.52)

again a discrete Krull valuation of F. The uniqueness of prime factorization in R finds its equivalent expression in the product formula

n

q>,,(x) = 1 (xEFX).

(3.53)

"enu{oo}

I t follows that the system S u {q> } is not strongly independent. Indeed, n'l'esu{'I'",,}J(q>, 1) = F o. If X contains more than one element, then there are also non-discrete Krull valuations of F containing R in their valuation ring. In fact, there are such Krull valuations of rank greater than one. But if X consists only of one element, say t, then every non-trivial Krull valuation q> of F with R contained in its valuation ring is equivalent to precisely one member of S. Indeed, the elements of R with value less than one form a non-zero prime ideal p. Since R is a principal ideal ring it follows that p = Rn for some nEn, hence q>(n'mn- 1) = q>(n)' (rEZ; m, nER, n/mn) so that q> is equivalent to q>". Moreover, every Krull valuation q> of F satisfying J(q>, 1);;2 F 0,

J(q>, 1) ~ R

(3.54)

Valuation theory

253

is equivalent to CPoo- This is because (3.54) implies that cp(t) > 1, hence cp(t- 1 ) < 1 and FO[t-l]!; /(cp, I). The rational integers ~ and the polynomial ring in one variable over a field form the prime examples of entire rings R with the following valuation theoretic properties:

R is integrally closed;

(3.55a)

every non-trivial Krull valuation of F:= .Q(R)

(3.55b)

containing R in its valuation ring is discrete; any system of irifinitely many Krull valuation prime

(3.55c)

ideals over R intersects in zero. Kummer and Dedekind discovered in the nineteenth century that the integral closure of ~ in any finite extension of Q again has the properties (3.55a-c). Today entire rings with the properties (3.55a-c) are called Dedekind rings. We are going to study their properties, in particular with regard to subrings defined by a monic equation in section 5.

9. Order rank, rational rank, and degree of transcendency For any Krull exponent valuation '1:F-+Mu{w}

(3.56a)

of a field F on the join of an algebraically ordered module M and the symbol 00 we have three invariants, the order rank p(M) of M as defined in subsection 8, the rational rank r(MIQ) which will be discussed below, and the degree of transcendency d(F) of F over the prime field F 0' where the transcendency concept is assumed to be familiar to the reader. The three invariants satisfy p(M) ~ r(MIQ) ~ d(F)

(3.56b)

in case the restriction of '1 to F 0 is trivial. Otherwise F 0 is the rational number field, and 'lIFo is equivalent to a p-adic valuation (p a prime number), and we have the relation p(M) ~ r(MIQ)

< d(F).

(3.56c)

Let us observe that an algebraically ordered module M is torsion-free: na = O=a = 0 v n = O. Hence, M is embedded into its Z-quotient module M I[Z\ {O}] formed by the formal quotients uln (uEM, nE~>O) with operational rules: VaEMVnE~:

u

u'

n

n

- = ,n'u = nu',

u n

u' n'

n'u + nu' nn'

-+-=----c-

254

Maximal order

and

M I[&:'\ {O}] is an algebraically ordered a-module according to the operational rules: p u

pu

q n

qn'

U

U'

n

n'

- > -¢>n'u > nu'

The order rank of M/[&:,\{O}] is the same as that of M: p(M) = p(M I[&:'\ {O} ]). The dimension of the a-linear space M/[&:'\{O}] is defined as the rational rank of M: r(Mla) = dimo(M/[&:'\{O}]) =:r(M/[&:,\{O} ]). The analysis carried out in subsection 8 yields the inequality p(M) ~ r(Mla). By construction M contains a a-basis B of M/[&:'\ {O}]. For each bEB there is an element ~(b)EF satisfying q(~(b» = b. If q IFo is trivial, then the values q(~(bl )'" ~(b2)'·2 ..... ·~(b.)vs) =

s

I

vjb j

i= 1

are all distinct so that the non-trivial linear combinations of the monomials in ~(B) over the prime field F 0 of F have q-values in M which means that they are not zero. Therefore we get d(F) ~ r(M\ a). If q IFo is not trivial, then the same argument applies to B\ {b o }, where bo = q(p) and (3.56c) is obtained. Let us observe that for any purely transcendental extension F = F o(x 1, ... , Xd) we find that M is free abelian. Any module M with finite &:'-basis uI, ... ,un(nE&:'>O) has the rank n algebraical ordering based on lexicographic ordering: n

LI AjUj > O¢>Ai >0

fori=minUll ~j~n,Aj#O}.

j=

Also all rank n algebraical orderings of M are lexicographic with respect to a suitable &:'-basis. Algebraic number theory utilizes rational rank I valuations. Algebraic function theory in n variables utilizes rational valuations of rank ~ 11.

Exercises I. Deduce (3.8a. b) from (3.2a-d). 2. Prove lemma (3.28). 3. For every natural number /I> 1 and for every non-negative rational integer x there holds a unique presentation

Eisenstein polynomials

255

00

I

x=

(a;(x, II)EZ, 0 ~ aj(x, II) < II,

aj(x, /1)11;

j=O

0= a;(x, II) for II; > x).

Develop an algorithm for that 'II-adic presentation' of x. 4. (Ostrowski)

°

(a) If rp:Z -+ IR> is a valuation satisfying rp(lI) ~ I for some integer II> I, then show we have rp(x) ~ (II - 1)(1 + lognx), rp(xi) ~ (II - 1)(1 + j logn x) (jEZ>O) for every natural number x. (b) If rp is multiplicative, then show we have rp(x) ~ (II - 1)IIi(l + j logn X)11i (jEZ>O), rp(x) ~ I for every natural number x, hence rp is non-archimedean.

5. (Ostrowski) Show that every non-trivial Krull valuation of the rational number field Q is equivalent to a p-adic valuation for some prime number p. 6. (Holder) Show that the mapping rp:C -+ lR;.o:zl-> Izl" = exp (odog Izll is a multiplicative archimedean valuation of the complex number field C for every fixed positive real exponent IX ~ I. All of those valuations are equivalent. 7. (Ostrowski) Let rp:Q -+ 1R;'0 be a multiplicative valuation satisfying rp(2) > I. Show that (a) rp(lI) > I for IIEZ> I. (b) rp(x) ~ (11- l)rp(lI)I +IOKnX, rp(x i ) ~ (II - \)rp(II)1 +iloKnX, rp(x) ~ (II _1)1/irp(II)lliIOgnX (jEZ>O), rp(x) ~ rp(II)IOKn\ rp(X)I/logx = rp(II)I/logn for any two integers x, IIEZ> I. (c) rp(x) = Ixl" for all xEQ, where rp(2) = 2",0 < IX ~ I.

8. (Banach) Let rp:F -+ lR;'o be a multiplicative valuation of the field F and let flJ:L-+ 1R;'0 be a mapping of the F-Iinear space L into the non-negative real numbers subject to the condition on a rp-norm: flJ(u

+ v) ~ flJ(u) + flJ(v),

flJ(AU) = rp(A)flJ(U)

(u,

VE L,

AE F).

Then show that the F-linear transformations T:L-+ L of L subject to the flJboundedness condition flJ(Tu) ~ MflJ(u) (uEL) for some positive real number M form a unital F-algebra B(L/flJ). Also show that the Banach algebra B(L/flJ) of L over flJ has the valuation '1': B(L/rp) -+ IR;' 0: TH glb {flJ(Tu)/flJ(u) I0 oF UE L},

such that 'I'(AT) = rp(A)'I'(T)(TE B(L/flJ), AE F). 9. The sequences of rational integers form a unital commutative integrally closed ring for the operational rules: (an) = (bn)¢>a n = bn (liEN), (an)

+ (b n) =

(an

+ bn),

(an)(b n) = (anb n)·

Its prime ring is formed by the constant sequences and is isomorphic to Z. But show that the integral sequences that are algebraic integers over the prime ring form the proper subring of those sequences which have only finitely many distinct entries.

Maximal order

256

4.4. Eisenstein polynomials Given a unital commutative ring R with a non archimedean pseudo- valuation f{J:R -4 in an algebraically ordered field with divisible positivity group

f{J(~VI + d =

... = f{J(~v,) > ... >

f{J(~V'_l + ,)

= ... = f{J(~"), (4.9a)

257

Eisenstein polynomials

where

1~

VI


1. Note that according to definition (4.10) also polynomials like t

P

-

t3

-

250t

+ 25

are qJs-Eisenstein, not merely the polynomials like t3

-

250t

+5

with last coefficient not divisible by 52. The importance of the Eisenstein polynomials is primarily derived from their assured irreducibility which is shown below, though we will learn to know their significance from another point of view in section 6.

Lemma Every Eisenstein polynomial. is irreducible.

(4.11)

Proof Let f(t)EF[t] of the form (4.2a) be an Eisenstein polynomial relative to the Krull valuation (4.lOa) of F, and let E be a finite extension of F generated by a root ~ off over F. According to the Chevalley theorem (3.30) there is an extension

f1J:E -+ of qJ to a Krull valuation f1J of E. According to (4.9g, i) we have s = 1, VI = n, f1J(~) = qJ(an)l/n. We will show that 1, ~ , ... , ~n - I are linearly independent over F implying [E:F] = n and therefore the irreducibility off. In any non-trivial linear combination

of 1, ~ , ... , ~n - lover F there are at least two non-zero summands on the right-hand side. For any two non-zero terms, say

Al,

Ak~k

(0 :::; i

< k < n; Aj, Ak E F, AjAk ¥- 0),

260

Maximal order

it is impossible that

0

(s < i ~ t),

Maximal order

268

where also Ps+ 1,···, P, are distinct non-zero prime ideals of R, and

n Pi-I", n pr'-I", I

(gR)-1 =

i= I I

g-1 9 =

i= 1

where we set

Vi ~ 0

for s < i ~ t.

In order to prove uniqueness we discuss the equation

n pf'= n Pi"', s

s

i= I

i= I

(5.4)

where PI,P2' ... 'Ps are distinct non-zero prime ideals and J1.i' Vi are rational integers. Upon moving the factors with negative exponents to the other side, r~spectively, we must show that there is no equation (5.4) with distinct non-zero prime ideals PI> ... ' Ps (s > 0) and with rational integers J1.i, Vi subject to the condition that either

J1.i>O,

Vi=O

J1.i=O,

or

Vi>O

(I~i~s).

Indeed, if J1.1 > 0 then the left-hand side is contained in PI' hence the right-hand side also is contained in PI. It follows that at least one of the prime ideal factors with positive multiplicity on the right-hand side is contained in and distinct from PI' say

Pi C PI

for some index i

(I < i ~ s).

But that is impossible, since every prime ideal is maximal. Thus (5.2) is demonstrated. 0 The multiplicity vp(e) of the non-zero prime ideal P of R in the non-zero element of O(R) defines the p-adic Krull exponential valuation

e

vp:O(R) --+ 71. U {oo}.

It is defined for

(5.5)

eof R as follows: vp(O) =

00,

and for O:f. eER we set vp(e) to be the unique rational integer satisfying

For

we set

Vp(e):= Vp(I1) - vlr).

The p-adic Krull exponential valuation is discrete with

~ as its valuation R\p

Dedekind rings and orders

269

ring. Hence there is precisely one Krull valuation ring of .Q(R) containing R such that its maximal ideal intersects R in p according to (3.46). Since R is integrally closed, it follows that R is the intersection of the Krull valuation rings of .Q(R) in which it is contained. From lemma (5.2) it follows that any non-zero element of R is contained only in finitely many maximal ideals of distinct Krull valuation rings of .Q(R) containing R. In other words R is a Dedekind ring. The previous observations are extended by the next theorem.

Theorem Let R be an entire ring. Then the following conditions are equivalent.

(5.6)

(I) R is a Dedeking ring. (II) The fractional R-ideals "# 0 form a group under multiplication. (III) R is Noetherian, integrally closed and each non-zero prime ideal of R is maximal. (IV) Every ideal of R is a product of prime ideals.

Proof We have shown already that (II) =;. (III),

(II) =;. (I V),

(II) =;. (I).

We are going to show that (a) (III) -+ (II), (b) (1)-+(111),

(c) (IV) =;.(11).

(a) Let R be an entire ring satisfying (III). In order to show the group property of the non-zero R fractional ideals it suffices to show that every non-zero ideal of R is invertible with respect to R. Let us assume that there are non-zero ideals of R which are not invertible with respect to R. Then among those there is a maximal one, say p. Because of R - I = R it follows that p is a proper ideal. If p is contained in a maximal ideal m and m is invertible with respect to R then we have seen in (5.2) that p is a multiple of m and hence it is a prime ideal only if p = m. It remains to prove that every maximal non-zero ideal p of R is invertible with respect to R. There is a non-zero element n of p. We want to show the existence of a prime ideal product "# 0 contained in the ideal nR, say OCPIP2,,·p s snR.

(5.7)

If that is wrong then among the ideals of R not containing a non-zero prime

270

Maximal order

ideal product there is a largest one, say o. The ideal 0 is proper and not a prime ideal. Hence, there are two elements aI' a 2 of R for which

so that

According to our assumption there are non-zero prime ideal products contained in 0i' say OCPilPi2···Pi/l,SOj

(i= 1,2),

implying the relation

nn 2

Oc

"i

PijSOI02 S0 .

i= I j= I

Thus (5.7) holds for suitable non-zero prime ideals PI'···' Ps. We stipulate that s is as small as possible, hence s

U= 1,2, ... ,s).

nPi$nR ;=1 i~j

Since we have nEp it follows that s

n PiS nR sp,

i= I

so that at least one of the prime ideals Pi is contained in p, say PI

sp.

Because of the maximal property of every non-zero prime ideal of R it follows that PI

=p.

Moreover, s

Il Pi $nR,

i=2 s

n- I

n

i=2

Pi

$ R,

but s

n- I

n Pi S R,

i= I

so that s

n- I

n Pi S [Rip], i=2

Dedekind rings and orders

271

hence R c [R/p]'

Because of the maximal property of p and p = pR £ p[R/p] £ R we have either p

= p[R/p],

or R = p[R/p].

In the first case it follows from the Kronecker criterion that [R/p] belongs to the integral closure of R in O(R) contradicting the integral c10sedness of R. Hence, we find that

demonstrating (II). (b) Now let R be a Dedekind ring. We want to establish (III). By definition R is integrally closed. If p is a non-zero prime ideal of R, then there is a Krull valuation ring R of O(R) containing R such that the maximal ideal of R intersects R in p. Since the corresponding Krull valuation is discrete, it follows that p cannot properly contain another prime ideal '# 0 of R according to (3.46). Thus it is seen that every non-zero prime ideal of R is maximal. Finally we show that any non-zero ideal a of R is a finitely generated R-module. There is an element a '# 0 of a, and there are only finitely many Krull valuation rings of O(R), say R l ' R 2 , ••. , Rs such that R £ R j , aR j c Rj(l ~ i ~ s). The integral closure property of R yields R=R 1 nR 2 n···nR s·

By assumption there are discrete Krull exponential valuations fJj:O(R) -+ 7L U

{oo},

with R j as valuation rings such that the intersections

are s maximal ideals,

s

fl m?;(X I ,

n z :71"-..71"-l:x = (XI' .. . ,x,,),f->(x z , ... ,x,,), = :x. Let Y be a non-empty subset of 71" which is bounded from below. According to the induction hypothesis Oz(Y) has only finitely many minima, say XI> ... 'xs. In n;I(Xj)(1 Y we choose Xj with minimal first coordinate (l ~ i ~ s). Let m be the maximum of the first coordinates of XI , ... , xS. Clearly, nl(y) contains only finitely many integers X satisfying X ~ m, say ~ 1'···' ~k. Thus we are led to consider the subsets Yj := rYE YI n 1(y) = ~j} of Y (I ~ i ~ k). Again, n z( Yj ) has at most finitely many minima, say Yi, , ... , Yj" with (unique) preimages Yi,' ... ' Yj in Yj • Now all minima of Yare contained in the 0 finite set {yj,ll ~ v d'sj, 1 ~ i ~ k}. Historically speaking, the theory of Dedekind rings originated from the remark made by certain astute French mathematicians that in the ring of cyclotomic integers 71['.]«(.. a primitive nth root of unity) there does not always exist a greatest common divisor of two non-zero elements IX, fl, as Dirichlet pointed out to E.E. Kummer who had made the assumption implicitly. Thus E.E. Kummer was inspired to introduce 'ideal' numbers (i.e. algebraic integers outside the field playing the role of the greatest common divisor of IX, fl. R. Dedekind introduced the ideal generated by IX, fl as a substitute for the greatest common divisor which does not always exist in algebraic number fields, i.e. finite extensions of O. Dedekind showed that the ideals of the algebraic integer ring CI(71, E) form a semigroup with unique factorization into prime ideal products for any algebraic number field E.

0(,.»

274

Maximal order

He also observed that the non-zero fractional ideals of Cl(£" E) form a group and that this property implies both (III) and (IV). He already suggested to take (III) as defining property for a more axiomatic treatment. This program was carried out in a famous 1926 paper by E. Noether [2]. The valuation theoretic treatment leading to (I) goes back to the work of W. Krull. It is seen from our treatment that (I), (III) run parallel inasmuch as (a) integral closure, (b) the Noetherian property, (c) the maximality of prime ideals, have equivalent valuation theoretic and ordinary ring theoretic definitions. The characterizations (I), (III) both can be used to show that the integral closure of a Dedekind ring in a finite extension of the quotient field is again a Dedekind ring. Actually (I) will be used here since it does not require to distinguish the case of a separable and a non-separable extension. The characterization (IV) given by Matusita appears to be the most natural one but it is not as useful as the other three.

Theorem (5.9) The integral closure A of a Dedekind ring R in a finite extension E of the quotient field F = .Q(R) is a Dedekind ring. Proof The classical argument (of E. Noether) demonstrates (III) for A. This must be done separately for separable and for inseparable extensions. Since the latter do not occur in algebraic number theory we shall give the classical demonstration only in the case that E is a separable finite extension of F. This demonstration is then followed by a demonstration of (I) for A without separability condition on E. However, we shall combine the latter demonstration with the proof of a weak independence which is of intrinsic value. (i) Classical argument By definition A is integrally closed. In order to show the maximality of the non-zero prime ideals of A we must show that every Krull exponential valuation

'1:E-4Mu{oo} (M an algebraically ordered module) of E satisfying '1(A) ~ 0 is discrete. But the restriction of '1 to F is a Krull exponential valuation of F satisfying

'1(R) ~ O. Since R is a Dedekind ring it follows that '1IF is discrete. We have seen in the proof of (3.30) that any subset X of E with the

275

Dedekind rings and orders

property that 1f(X) is a representative set of 1f(E\{O}) modulo 1f(F\{O}) is linearly independent over F. Hence, the index of (1f(E\ {O}): 1f(F\ {O})), which is also called the ramification index of 1fIF in E, is finite. Since the module 1f(F\{O}) is cyclic of order 1 or 00 and since the module 1f(E\{O}) is torsion-free and offinite index over 1f(F\ {O} ) it follows that 1f(E\ {O} ) is cyclic of order 1 or 00. Hence, 1f is discrete. Finally, it must be shown that A is Noetherian. For this purpose we need the assumption of separability which implies, firstly, the existence of a primitive element ~ of E so that 1, ~, ... , ~n-I is an F-basis of E and, secondly, the non-vanishing of the discriminant d(f) of the irreducible polynomial

f(t) = t n + a1t n -

1+

... + an,

with coefficients in R of which ~ is a root. This in turn implies that A is contained in the R-module with basis

so that 11-1

L

R[t]/f ~

n-l

R~j ~

CI(R, E) = A ~

j=O

L

d(f) - I R~j.

j=O

(See also (5.17).) Hence, the Noetherian property of R implies the Noetherian property of the R-module A. A fortiori, A is a Noetherian ring. (ii) Valuation theoretic demonstration Making no separability assumption on E we will demonstrate (5.6) (I) for A. It has already been shown above that A is integrally closed and that every Krull valuation of E with A in its valuation ring is discrete. It remains to prove that for every non-zero element ~ of A there are only finitely many Krull valuation rings of E containing A such that ~ is contained in the corresponding maximal ideals. We know that ~ satisfies an irreducible monic equation ~m

with coefficients a l If we show that

, .•. ,

+ a 1 ~m - 1 + ... + am = 0,

am in the integrally closed ring R such that am -:f. O.

am = ~( -

~m - 1 -

a 1 ~m -

2 -

... -

am _ I)

belongs to only finitely many maximal ideals of Krull valuation rings of E containing A, then the same is true for the element ~ dividing am in A. Without loss of generality we can therefore assume that ~ belongs to R. We know already that there are only finitely many Krull valuation rings of F, say R I> R 2 , ••• , Rs with the property that the maximal ideal ntj of R j contains ~(l :::;: i:::;: s). Thus it suffices to show that every Krull valuation ring

276

Maximal order

R of F is contained only in finitely many Krull valuation rings of E intersecting F in R. More sharply. there are at most as many distinct extension rings AI' A2 •••. of R to Krull valuation rings of E intersecting F in R as the degree n of E over F. Suppose we have the Krull exponential valuation

rf;:F->Mu{oo} of F with R as valuation ring and with divisible algebraically ordered value module M and the distinct extensions

'I'j:E -> Mu {oo}. with Krull valuation rings Aj (i= 1.2•... ,s) such that 'I'jIF= rf;. We establish the weak independence of '1'1' ... ' 'I's by the subsequent lemma (5.10). where we show the existence of elements £jEAj (I ~ i ~ s) satisfying

0< 'I'j(ej - I),

0 < 'I'j(ek)Erf;(F) (I

~

i. k ~ s, i #- k).

We now go on to prove that those £, , ... , £s are linearly independent over F implying s ~ n thus concluding the proof of the theorem. Namely, let AI, ... ,A.,.EF\{O}(I~CT~S) be given subject to rf;(Ad~ rf;(A 2 ) ~ .•• ~ rf;(Aa). We show that a

c;:=

L Ajen(i)

(nEes)

satisfies 'I' n( 0 implies 'Pi(ei) = 0, hence eiEAi (i = 1,2). For s> 2 we apply induction on s. Hence, we assume that there is an element II of Al such that O:A -+ the elements of A of q>-value 0 form a maximal ideal 9Jl such that the replacement of elements of ,Q(R) by the residue classes of ,Q(R)/9Jl carries !l to a matrix representation X of it = A/9Jl of degree n over ,Q(R) = ,Q(R)/9Jl satisfying X(x)ECl(R, X(it)) (R = R/9Jl, x = x/9Jl). The matrix representation X restricts on the subalgebra generated by x over ,Q(R) to a matrix representation li of degree n over OCR) with the property that for each irreducible component r the characteristic polynomial of r(.x) is a power of the minimal polynomial of rex). The latter is a monic irreducible polynomial over R. This is because A(x) belongs to Cl(R, X(it)) and because R is integrally closed in the quotient field ,Q(R) = ,Q(R), according to our assumption on R. Hence, the characteristic polynomial of X(x) is a monic polynomial of degree n over R. It follows by assumption that the characteristic polynomial of !lex) is monic of degree n over R. 0 Theorem

(5.19)

The integral closure of a Dedekind ring R ill a separable commutative ,Q(R)-algebra A of fillite dimension novel' ,Q(R) is all R-order. Proof We know that there is a primitive element ~ of A such that the powers 1,~, ... ,~n - 1 form a ,Q(R)-basis of A. The n + 1 coefficients of the (monic) minimal polynomial of ~ have a common denominator D # 0 in R. Then D~ is also a primitive element of A with monic minimal polynomial of degree n over R. Without loss of generality we can assume that A = ,Q(R) [t]ff(t),Q(R)[t] is the algebraic background of the equation order AI = R[t]/f(t)R[t] of the monic separable polynomial f of degree n > 0 over R. The regular trace of an element x of A is defined as the negative second

Dedekind rings and orders

281

highest coefficient of the characteristic polynomial of the regular representation of x, a matrix representation of degree II over ,Q(R). Hence, Tr (x) belongs to R for every x of el(R, A) according to lemma (5.18). It follows that the regular trace bilinear form B:A x A--.,Q(R):(al,a2)I-+Tr(a 1a2) restricts on el(R, A) to a symmetric bilinear form with values in R. Thus it follows that Af ~ el(R, A) ~ A}, where the B-dual

A; is defined by A} = {YEA ITr(yA f ) ~ R}.

Because of d(f) = det«Tr(~i+k-2»I.;,.h") #- 0 it follows that the system of linear equations (5.20a) for the unknowns Yjl"'" Yjll (I ~j ~ /I) has a unique solution so that there are elements 11

bj =

L Yjk~k-l k=l

(YjkE,Q(R), 1 ~j ~ II)

(5.20b)

of A, satisfying Tr(~i-lb)=i5ij

Those elements form an R-basis of any element x of A} we have

(l ~i,j~n).

A},

(5.20c)

a so-called dual basis. Indeed, for

Tr(~i-lx) = Tr( ~i-l Ctl TrW-1X)b k))

(I

~ i ~ n)

(5.20d)

so that the difference 11

x'=x-

L Tr(~k-lx)bk

k=l

has the property

which implies x'=O

as we had already observed in chapter 2. It follows that every element x of A} is uniquely presented as the R-linear combination x=

L" TrW-1x)b k

k=

(5.20e)

1

of b1, ... ,b" and that (5.20f)

282

Maximal order

For the more general theory of duality and orthogonal complementation see exercises 12-14. Since R is a Noetherian ring it follows that every R-submodule of the finitely generated R-module A} is finitely generated over R (see exercises 15, 16). In particular CI(R, A) is finitely generated over R. Since A is separable over .o(R) it follows that A is isomorphic to the algebraic sum of finitely many fields so that A contains no nilpotent element 0 besides zero. Hence, Cl(R, A) is an R-order. 4. Finitely generated modules over Dedekind rings In the remainder of this section we prepare an algorithm for embedding the equation order AJ of the monic separable polynomial f(t) of degree n > 0 over R into its maximal order Cl(R, A) = Cl(R, .o(R) [t]/f(t).o(R)[t]). The algorithm itself is developed in section 6. We begin with the task of characterizing a finitely presented module over a Dedekind ring by means of a full system of invariants. Let R be a unital commutative ring. Then for any module M with finitely many generators VI' ... ,V" over R there is the standard R-epimorphism 1/: RlxlI-+M of the n-roW module over Ron M which sends the unit row ej on the generator vj(1 ~j ~ n). The kernel of that epimorphism is formed by the n-rows (.,1.1> ••• ,A") for which there holds the linear relation AIV I + ... + A"v" = 0 between the R-generators VI' •.. ' Vn of M. Thus ker (t1) is the relation or (first) syzygy-module of M relative to the generating set VI' •.. ' Vn over R, and the factor module is R-isomorphic to M: RI xlI/ker (1/) ~ M.

Definition (5.21) The elementary ideals (fj = (fj(M/R) of Mover R are defined as the ideals of R generated by the (n - i) x (n - i) minors of the (n - i) x n matrices formed from any n - i rows ofker(tJ). For iEZ;'" we define (fj(M/R):= R. The reader will easily verify that the elementary ideals are independent of the choice of the finite generator set of Mover R (see exercise 17). In case the relation module is finitely generated over R the finitely many generators of it form the rows of a rectangular matrix, the so-called relation matrix of M relative to the finitely many generators of Mover R. Conversely, every s x n-matrix A = (Aid over R is associated with the R-submodule !R(A) of RlxII generated by the s rows of A. That R-submodule is said to be the row module of A over R, the factor module RI "/!R(A) is an R-module with the generators ej/!R(A) (1 ~j ~ n) over R and A as relation matrix. The elementary ideals are easily computable (see exercise 18). The definition can be extended to arbitrary R-modules (see exercise 19) and behaves constructively for algebraic sums (see exercise 20). As the X

Dedekind rings and orders

283

definition shows the elementary ideals form an ascending sequence (fo

~

(fl

~

(f2

~

... .

(5.22)

For any ideal a of R we find that the factor module M/aM is an R/a-module according to the definition

(A/a)(u/aM):= Au/aM

(AER, uEM),

(5.23a)

and that (fj(M/aM)/(R/a))

= (fj(M/R)/a

(iEZ;'O).

(5.23b)

For any commutative overring A of R with

I,.. = l R ,

(5.24a)

it follows that there is the R-monomorphism

l1,..:M --+ A®RM:u t-+ I,.. ® u

(5.24b)

of M into A ®R M such that (fj(A ®RM) = A ®R(f;((M/ker(l1,..))/R)

(iEPO).

(5.24c)

In particular, we have

(5.24d) If R is an entire ring then we have (f;(.Q(R)®RM) = (fj«(.Q(R) ®R MjTor (M/R))/.Q(R)) =

for i < r(M/R) {oo, 0 C pAAI ~ J(A), hence, J(AjpAAI) = J(A)/pAA I, the factoring of J(A) over pA A I is nilpotent, hence there is a natural number fJ. satisfying J(A)/J~p),I\I' J(I\)/JI\I ~P),Af =P),I\I ~J(A). For J(A)I\I ~ J(A) we have Al ~ 1\', I\' = AI, A c 1\'. For J(A)AI i J(A) there is an index P.'EZ>I satisfying J(A)/J'AI ~J(A), J(A)/J'-IA I iJ(A), so that there is an element x of J(A)/J'-IAI for which x~J(A), x/pAAI is nilpotent, x~A, xJ(A) ~ J(A)'" A I ~ J(A), XEI\', I\' => A. 0 Of course the lemma also yields a method of embedding the commutative order A into its maximal order (5.54a): Either [AR(A)/AR(A)] = A and A itself is the maximal order Al or I\' = [AR (A)/AR (A)] => A, in which case we continue with I\' in place of A. However, in general the computation of AR (A) is too time and storage consuming. Even if AR (A) is already at hand, the computation of [AR(A)/AR(A)] consumes more time and storage than the method presented in the next section as experience has shown. On the other hand, in the special case A = A/lemma (5.53) yields a very useful criterion which was already known to R. Dedekind.

Dedekind rings and orders

295

Criterion (Dedekind) (5.55) Let R be a local Dedekind ring with p = nR as its only non-zero maximal ideal and let f be a monic separable polynomial of R[t] with n = deg (f) > O. Let

n

f == " gl mod (pR[t])

(5.55a)

;= 1

be the congruence factorization into a power product of monic polynomials YI' ... ,y" over R that are mutually prime and separable mod (pR[t]). Then we

have

n g;(~)AJ' II

J(A J) = pA J +

(5.55b)

;= 1

where II

~=

tlf(t)R[t],

AJ =

L

R~; -

(5.55c)

I,

;= 1

and f(t) -

n" y;(t); = nh(t)

(h(t)ER[t]).

(5.55d)

;= 1

The equation order AJ is maximal precisely if h(t) is prime to pR[t].

ni'= 2 g;(t) modulo

Proof Because of (5.55a) it follows that the element 11 = ni'= 1 g;(e) satisfies the congruence 1/" == 0 mod (pA J ) so that l1EJ(A). Hence the right-hand side of(5.55b) is contained in the left-hand side so that we have y(e) == OmodJ(A J ) for y = ni'= 1Y;· Since AfIVR ['] = AJ/pA J it follows that the minimal polynomial qf e modulo pA J equals fmod(pR[t]). On the other hand, it divides mod (pR[t]) any polynomial j(t)E R[t] satisfying j(e) == 0 mod pA J. Because of the nilpotency of J(A J) modulo pA J it follows that some power of the minimal polynomial of e mod J(A J) [t] will be contained in pR[t]. Hence, that minimal polynomial equals y mod pR[t]. Thus (5.55b) is established. Any element x of [J(AJ)/J(A J)] satisfies the condition xpA ~ J(A J), therefore it is congruent to an element of the form y = n- Ig(WI(e) withjl(t)ER[t], degUd 1.

Lemma

Then the Euclidean algorithm in O(R)[t] yields an equation Xf + YD,(f)

= I,

(5.57a)

with polynomials

x = X(f, D,(f))EO(R) [t],

Y

= Y(f, D,(f)EO(R)[t],

(5.57b)

uniquely determined by the degree conditions deg(X) < deg(D,(f»,

deg(Y) < n = deg(f).

(5.S7c)

Then the R-fractional ideal generated by the coefficients of X, Y is the inverse of the reduced discriminant ideal. Proof Because of the localizability of the concepts used it suffices to deal with the case that R has just one non-zero maximal ideal, say p = 1[R. Since both polynomials f, D,(f) have coefficients in R it follows that the coefficients of X, Y generate an ideal of the form p-A with A.E~;'o, thus we have an equation (S.57d) where X I, Y1 are polynomials of R[t] with coefficients that are not all divisible by 1[. The equation (S.S7d) implies that YI(~)D,(f)(~)

= 1[A

(~= tl.f(t)R[t]EAf)'

(S.S7e)

Dedekind rings and orders

297

We have already seen earlier that D,(f)(e)A~ £ A J , hence nAA~ £ A J ,

nAE'J.)o(AJ/R). Conversely, if nA'E(fo(AJ/R) (A'EZ"o, X~A), then we have n A' A~£AJ' But we also saw that D,(f)(e)-IEA}, hence nA'D,(f)(e)-tEA J , so that there holds an equation Y2(e)D,(f)(e) = n A', where Y2(t)E R[t] is of degree less than n. Hence, there also holds an equation X 2(t)f(t) + Y2(t)D,(f)(t) = n A' with X 2(t)ER[t] of degree less than deg(D,(f». Since (5.57a, b) are unique under the degree condition (5.57c) it follows that X 2 = X I> Y2 = YI, ..1= X. 0 As a consequence of lemma (5.56) we obtain the reduced discriminant of a separable monic polynomial f by the usual Euclidean division algorithm applied to f, D,(f) over .Q(R) and a simple computation with the coefficients of X(f, D,(F», Y(f, D,(f)) whereas the discriminant computation of f needs pseudo-division, hence a much more careful inspection of each division step.

8. Structural stability

Lemma (5.58) The embedding of an order A over a Dedekind ring R into an R-overorder Al of the same R-rank is stable in the following sense: Let a be an ideal of R contained in the square of the exponent ideal n = n«AdA)/R) #- 0 of AdA over R. Let A be an R-order and let a:A ~ A be an R-isomorphism of the Rmodule A on the R-module A satisfying the congruence condition a(xy) == a(x)a(y)mod(aA) (x, YEA). Then there is a unique extension r:A~A of a to a .Q(R)-isomorphism of the .Q(R)-module A = .Q(R)®RA on the .Q(R)-module A = .Q(R) ® R A such that the restriction of r to A I yields an R-overorder Al = r(AI) of A in its central quotient ring A. Proof Since A is a torsion-free R-module the unique extendability of a to r is obvious. Let A, = r(A d. Because of nA, £ A it follows that nAt

£A.

Let xt,Yt be any two elements of AI' By definition there are elements XI>YI of At satisfying r(xt)=xl> r(Yt)=YI' Now nAI £A implies for any two elements A, J.I. of n:

x:= Axl EA,

y:= J.l.y, EA,

a(x) = r(x) = AXI EA, a(y) = r(y) = J.l.YI EA

and by assumption

aA3a(x)a(y) - a(xy) = r(x)r(y) - r(xy) = r(Ax dr(J.l.yd - r«Axd(J.l.YI» = AJ.I.(r(x t)r(YI) - r(x,YI» = AJ.I.(x,h -ill, where x,y, = z, EA" r(z,) = i, Er(Ad = A,. Hence,

aA;2n 2(x,y,

-id,

n-2aA~xIYl -ii'

298

Maximal order

By assumption we have u £; n 2 i:- 0, hence n- 2 u£;R,

A2n- 2 uA,

Xdil-i1EA,

o

The application of lemma (5.58) is as follows. Let Af be the equation order of the monic separable polynomial f(t) of positive degree n over the Dedekind ring R and let l(t)ER[t] be another monic separable polynomial satisfying

do(f)/do(J)E U(R),

(5.59a)

1=fmod(do(f)2R).

(5.59b)

We note that the reduced discriminant ideal do(f)R is contained in the exponent ideal of the factormodule of the integral closure Cl(R, Af) in the central quotient ring O(Af) = O(R) [t]/f(t)O(R) [t] = Af over A f . We remark that Cl(R,A f ) consists of certain linear combinations L?=l ..ti~i-lEO(R)[~] for ~ = t/f(t)R[t]. According to the lemma applied in both directions (from A = Af to A= Al and from Ato A) it follows that the maximal order Cl(R, AI) of A,consists of the very same linear combinations :L/= 1 ..tli - 1 EO(R)[~] for ~ = t/l(t)R[t] as are used to compute Cl(R, A f)' In other words: the task of embedding Af into its maximal order is equivalent to the task of embedding Al into its maximal order. Regarding the condition (5.59a) on the reduced discriminants off, it is a consequence of (5.59b) in case R is semilocal so that J(R)3d o(f). In fact, we have the stronger statement:

1

Proposition

(5.60)

Let f(t) be a monic separable polynomial of positive degree n over the semilocal Dedekind ring R such that do(f) is contained in the Jacobson radical J(R) of R. Then any monic polynomiall(t)ER[t] satisfying the congruence condition

1 =f

mod (do(f)J(R))

(S.60a)

is separable over R such that (5.59a) holds.

Proof We observe that

do(f)R

= (R[t]f(t) + R[t]D,(f)(t»n R.

(5.61)

This is because by definition do(f) is uniquely presentable as a linear combination

do(f) = Xf + Y D,(f),

(S.62a)

with polynomials X, Y ER[t], such that

deg(X) < deg(D,(f),

deg(Y) < n,

(5.62b)

and the greatest common divisor of the coefficients of X, Y is one. Hence the element do(f) of R is contained in the ideal of R[t] generated by f, D,(f).

Dedekind rings and orders

299

On the other hand, any presentation a = X t! + Y 1D,(f) (X l' Y 1E R[t]) of an element aE R gives rise to a division with remainder Y1 = Q(Y1,f)1 + R(Y1,J) (Q(Y 1, f), R(Y1,J)ER[t], deg(R(Y1,J)) < n) and to the equation

a = X d + Y2D,(f),

X2

= Q(Y1,J)D,(f) + Xl,

Y2 = R(Y1,J)

(5.63a)

with deg(Y2 ) < n, hence deg (X 2) < deg (D,(f)).

(5.63b)

Because of the uniqueness of the presentation 1 = do(f) - 1 XI + do(f) - 1 Y D,(f)

(5.64a)

derived from (5.62a) in O(R)[t] and in view of the degree conditions deg (do(f) - 1 X) < deg (D,(f)),

deg (do(f) - 1 Y) < n

(5.64b)

derived from (5.62b) it follows from (5.63a, b) that X 2 = AX, Y2 = AY with A in O(R). In fact A is the greatest common divisor of the coefficients of X 2, Y2 over R. Since by construction both X 2, Y2 are in R[t] it follows that A is in R, do(f) divides a, (5.61) is established. Because of the invariance of the concepts used in proposition (5.60) under localization it suffices to prove it only for the case that R is a local Dedekind ring with just one non-zero maximal ideal p. According to (5.60a) there holds an equation

1=

J+ do(f)g,

(5.65)

where the polynomial g(t) is in pEt] with deg (g) < n. Hence

D,(f) = D,(]} + do(f)D,(g),

(5.66)

and upon substitution of (5.65), (5.66) in (5.62a) we obtain the equation

X]

+ YD,(]) = do(f)(1 - Xg - YD,(g)).

(5.67)

If ] is inseparable, then the greatest common divisor of ], D,(]) is a non-constant monic polynomial of R[t] dividing do(f) modulo (do(f)p[t]), obviously a contradiction. Hence, J must be separable, say do(])R = pAR for some AE1:;'o, (5.68) for some polynomials X, YER[t] with gcd(X, Y)= 1. For ,1.=0 we obtain do(])ldo(f). For A> 0 we derive from (5.67) upon multiplication by 1+ r,t::1 (Xg + YD,(g))i and substitution of (5.68) an equation of the form X J + Y1D,(]) = do(f) (X " Y, ER[t]) which shows in view of (5.61) (for lin place of f) that do(])ldo(f). Similarly we show that do(f)ldo(J). (Note that (5.59b) also holds with I and] reversed.) Hence (5.59a) is proved. D

Maximal order

300

9. Reducible polynomials

If the monic separable polynomial I(t) over the Dedekind ring R permits a factorization I =Id2 into the product of two monic non-constant polynomials II J2 E.o(R) [t], then both factors already belong to R[t]. This is because for the universal splitting ring A = S(fI/S(f2/.o(R))) the generating root symbols Xhi (1 ~ i ~ deg (fh) =: nh, h = 1,2) entering the defining factorizations Ih(t) = ni'~ I (t - x h;) (h = 1,2) satisfy the monic equation I(X"i) = 0 over R so that they belong to the integral closure Cl(R, A) and hence the coefficients of Ih belong to the intersection of Cl(R, A) with .o(R) which is R because of the integral closure property of Dedekind rings. Due to the separability of I it follows that both 11,J2 are separable and mutually prime in .o(R)[t] so that we have the algebraic decomposition A f = .o(R) [t]/I(t) .o(R)[t] = Afl Et) Ah with A flo = .o(R) [t]/Ih(t) .o(R)[t] (h = 1,2). As was shown before we obtain the idempotents eh = l AI " (h = 1,2) serving to define AJr. = ehA f by means of the Euclidean division algorithm applied to 11,J2 over .o(R) leading to an equation adl + ad2 = 1 with a"E.o(R)[t] and to eh=a3-h(~)/3-"(~) for ~=t/.r(t).o(R)[t] (h= 1,2). It follows that CI(R, A f) = CI(Re I' A f,) Et) CI( Re2, A fJ Let us suppose that we have solved the embedding problem of the R-order Af " into the maximal order Af .. := Cl(R, Af ,,) already, say by means of establishing an R-basis of the form Whl , ... ,whn" such that k

Whi =

L

j~

I

Ihij~t I ({3hijE.o(R), 1 ~ j ~ k, 1 ~ i ~ nh, h = 1,2),

(5.69)

with ~h = t/lh(t).o(R) [t]. Then we set ~h = eh~ (h = 1,2) and use the n l + n2 = n = deg (f) elements W hi (I ~ i ~ nh , h = 1,2) as R-basis of Af = Cl(R, Af)' Of course, the new ~-basis does not have the canonical form of an R-basis WI' ... ,W" of Af for which we demand that i

Wi =

L {3ij~j-1 j~

({3ijE.o(R), 1 ~j ~ k, 1 ~ i ~ n).

(5.70)

I

But, provided that R is a principal ideal ring, it is always possible by means of presenting ~h = a3-h(~)/3-hW~ in the normal form ~h=

L" IY.hj~j-1 j~

(lY.hjE.o(R),I~j~n,h=I,2)

(5.71)

I

and substitution of (5.71) into (5.69) to present the basis w; = w li (1 ~ i ~ nl)' +i = W2i (I ~ i ~ n2) in the normal form w; = L'J~ I {3;P-I. By means of Hermite row reduction of the quadratic matrix ({3;) we obtain a reduced matrix ({3ij) with all entries above the diagonal being zero. This leads to a canonical R-basis (5.70) of Af . This construction will be tautly adopted in step 4 of section 6. W~,

301

Dedekind rings and orders

10. The Hensel lemma The structural stability lemma (5.58) of course applies to any situation in which the monic separable polynomial f(t) of positive degree n over the semilocal ring R is modified modulo a suitable ideal a of R contained in J(R) to a monic polynomial say l==fmod a[t]. Whenever a is contained in do(f)2R we are entitled to use a canonical R-basis Wi (1 ~ i ~ n) of CI(R, A J) of the form

1.

i

WI =

L {3ij~j-1

(Ai = O(R) [t]/l(t)O(R) [t], ~ = t!l(t)O(R) [t],

j= I

{3ijEO(R), 1 ~j ~ i, 1 ~ i ~ n)

in order to produce the canonical R-basis Wi (1 I

WI =

L {3iP-1

(1 ~ i ~ n, Af

~

(5.72)

i ~ n) ofCI(R, A f) of the form

= O(R) [t]/f(t)O(R) [t], ~ = tl.f(t)O(R) [t]).

j= I

(5.73) The main application is made in case a congruence factorization

f == flOf20 mod bEt]

(5.74)

of fis known modulo an ideal b of R contained in J(R) such that f10'/20 are two non-constant monic polynomials for which an equation

alOflO + a20 f20

= 1 + aOO (aiO ER[t],O ~ i ~ 2,a oo Eb[t])

(5.75)

is given which expresses in a constructive manner the idea that flO' f20 are mutually prime modulo b[t]. It is evident from the description that an immediate application of the structural stability lemma and of the results of subsection 7 on reducible polynomials is out of the question since the ideal b may not be contained in do(f)2 R. It becomes therefore necessary first to raise the congruence modulo b to a suitable power of b contained in do(f)2 R. That this can always be done is the assertion of Hensel's lemma

(5.76)

Let R be a unital commutative ring, b an ideal of R, andf, flO' f20ER[t] monic non-constant subject to (5.74), (5.75). Then for every kEf\! there holds a congruence factorization (5.76a) (flk,f2kER[t] monic non-constant) satisfying the coherence condition fik == flO mod bEt]

(i

= 1,2)

(5.76b)

and an equation

+ a2kf2k = 1 + aok (aikE R[t], deg (aik) < deg (f3 _i.k), i = 1,2, ao kEb 2k [t]). alkflk

(5.76c)

Maximal order

302

Prool We show how to obtain the result for k = I. The rest is done by inliuction on k. We try to obtain Iii in the form Iii = liO + diO

(diOEb[t], deg (diO) < deg (fiO)'

i = 1,2)

(S.77)

which already meets the coherence condition (S.76b) for k = 1. The congruence condition (S.76a) for k = 1 then becomes do:= 1-/10/20 == I 10 d20 +120dlO mod b 2[t], which is essentially met by setting dio:= a3-i,odo (i = 1,2) because of (S.74), (S.7S). However, the degree condition requires that we replace d10 by its remainder upon division by liO: diO := R(d10, liO)' We note that both quotient Q(d10,fiO) and remainder diO are in bEt] (i = 1,2). Thus we get

d I:= I - II ti21 =1- (flO +d IOH/20 +d 20 ) = do - l IO d 20 - 120d 10 - d IOd20 = do - llOd!o - 120d! 0 - d IO d zo +llOlzo(Q(d! 0 JIO)+ Q(d!OJ20»' where we already know that the first term on the right-hand side is in bl[t]. On the other hand, the left-hand side is of degree less than deg (f) = deg (fl d + deg (fll)' A lortiori, the left-hand side is of degree less than deg(/ll) + deg(/12) modulo bl[t]. Hence the same is true for the righthand side. But IlOilO is monic of degree deg(f) modulo bl[t] yielding Q(d!o, 110) + Q(d!o, 110)Ebl[t]. Hence (S.76a) is satisfied for k = 1. Analogously we try to solve (S.76c) for k = 1 by setting

ail = aiO + biO

(biOER[t], i = 1,2).

(S.78)

This leads to the condition

+ blOH/lO + d lO ) + (alO + b20 )(110 + dlO ) = (a oo + blo/lO + blOl10 + alOd lO + alod10 ) + (blOdlO + blOdlO)Eb2 [t]

aol := (alO

1

which is solved by setting

biO =

-

aiO(aOO + alOd lO + alod10)Eb[t]

(i = 1,2).

(S.79)

Of course, the solution ail (0 ~ i ~ 2) of (S.76c) obtained in this way will in general not yet satisfy the degree condition. Hence we replace ail by R(ail ,f3-i,d = :a;1 (i = 1,2). Upon substitution into (S.76c) for k = 1 we obtain

(Q(a ll ,f2d+Q(a21,fll»/lllll

+ (a'll/ll

+a~till-I)Ebl[t],

hence Q(all,fl d + Q(all,fl dEbl[t], also implying a'i till + a~ till - IEb 2[t]. Therefore we meet the degree condition by substituting ail ~ a;\, aO I ~a/ll/ll +a~dl\-I (i= 1,2). 0

Dedekind rings and orders

303

II. Localization Throughout subsections 1-10 of this section we have used the localization argument which is based on the observation that for transition from a Dedekind ring R as base ring to the Dedekind ring R/S for any subsemigroup S of R\ {O} the concept of orders, arithmetic radicals, discriminant ideals, reduced discriminant ideals etc. remains invariant. A slightly different form of localization is introduced by means of

Definition (5.80) Let R be a Dedekind ring, A an R-order, and a a non-zero ideal of R. The Roverorder AI of A is said to be an a-overorder if a).A I S; A for some ..lEN. It follows that an a-overorder of A has the same R-rank as A. Both the order and the exponent ideal of the R-module AI/A contain some power of a. The intersection of the members of any system of a-overorders is an a-overorder. If the subring generated by two a-overorders of A is itself an R-order (as is the case if A is commutative) then it is an a-overorder of A. If the non-zero ideal b of R is contained in every prime ideal of R containing a then every a-overorder of A also is a b-overorder. For '!l(A/R) # 0 every R-overorder of A of the same R-rank is a '!l(A/R)-overorder and also a '!lo(AlR)-overorder. The connection with localization is established by

Lemma (5.81) Let R be a Dedekind ring, a a non-zero ideal of R, S. the subsemigroup of all elements XER satisfying xR + a = R (i.e. x/a is a unit of R/a). Let A be an Rorder. Thenfor every a /S.-overorder AI of AlS. of the same rank there is the aoverorder Al 1\ A = A I := {xEA I 13AEZ>o:a).x S; A} such that AI

Al

= S' •

(5.82)

Conversely, for every a-overorder AI of A wefind the a/S.-overorder AI/S. of AlS. such that AI/S. 1\ A = AI' Proof The order property of Al 1\ A follows from the remark that the exponent ideal of the R/S.-module AI 1\ AlS. contains a power of a/S., say (a/S.)IlAI £; AlS. for some IlEZ> o. Hence for any x of i\ I 1\ A we have a).x S; A for some AEZ> 0 and

(al'/S.)x s; AlS. implying al'x £; A. It follows that a"AI £; A. For x,y of AI we have a"x £; A, ally £; A, hence a"(x + y) £; A, a21l xy = (a"x)(a"y) £; A, a"xy s; A. Therefore Al is an a-overorder of A. By Landau's theorem (5.39d) there is an element a # 0 of a" satisfying aa - Il + a" = R. For any element x of Al we have a"x £; A/S., hence aXEA/S •. Hence there is PES. satisfying !XPXE A. By Landau's theorem there is an element y of !Xa - Il for which

304

Maximal order

yaa-I' + aR = aa-I', hence, YES., al'yflx ~ A, yflES., yflxEA I , xEAI/S. so that the first part of (5.81) is established. Conversely, let Al be an a-overorder of A. Then Al = AI/S. is an a/Saoverorder of A/S •. There is IlEN satisfying al'AI ~ A, (al'/Sa)AI ~ A/Sa' If for some element x of Al and for some AE£:>o we have a"x ~ A then we obtain al'x~A and also x=y/a with YEA I , aES•. Hence, aXEA I , al'x~A~AI' Rx = (aR + al')x = aRx + al'x ~ AI,xEA. 0

Definition

(5.83) Let R be a Dedekind ring, a a non-zero ideal ofR. Then the R-overorder Al of the R-order A is said to be a-maximal, if Al is an a-overorder of A and if any 0overorder of A containing Al coincides with AI' It follows from lemma (5.81) that the a-overorder Al of the R-order A is a-maximal precisely if AdS. is an a/S.-maximal order. If the discriminant ideal 'D(A/R) of the R-order A is not zero then the R-overorder Al is maximal precisely if it is a 'D(AjR)-maximal R-overorder of A. If in that case a is any non-zero ideal of R then any a-overorder Al of A also is an (0 + 'D(AjR»-overorder of A. Among the a-overorders of A contained in the R-overorder AI of A precisely one is maximal, viz. AI/Sa 1\ A. Let II be a natural number. For any collection of Il non-zero ideals a I' ... , 01' of R the overorders A dS.j /\ A(l ~ i ~ Il) generate the R-overorder AdS........ If Al is a maximal R-overorder of A then Al contains a maximal R-overorder A2 of A of the same R-rank as the R-rank of A. Furthermore, if 0 1 ,,,,, 01' are comaximal ideals of R with the property that some power of a I ... 01' is contained in (A 2 : RA) then we have

(5.84) where there holds the direct R-module decomposition

(5.85) This relation is the strongest expression of the localization argument in terms of the concept of a-overorders. It is used within the embedding algorithm of section 6 as follows. Let a monic separable non-constant polynomial f(t) be given over the Dedekind ring R. For the purpose of embedding the equation order AJ into its maximal order AJ = CI(R, .Q(R) [t]/ f(t).Q(R)[t]) one determines certain nonzero elements 0 1 , ••• of R such that the principal ideals OJ = OjR (1 ~ j ~ Il) of Rare comaximal and that (A/RAJ) contains a power of 0 1 .. ·aJ" The

,°1'

Dedekind rings and orders

305

algorithm provides a canonical R-basis I

wij =

L {Jljk~k k;1

I

({JljkEO(R), I ~ k ~ i, I ~ i ~ n, ~ = t/ f(t)O(R) [t])

(5.86)

of the armaximal R-overorder Af/S •. 1\ Af of Af (I ~ j ~ II). The final task is J • then to provide a canonical R-basis WI = I {Jlk~k- I ({JlkEO(R), I ~ k ~ i, I ~ i ~ n) of Af' But according to (5.85) the lin elements wij of (5.86) provide a system of generators of Af over R. Since ~i-I is contained in Af as well as in Af/S. J 1\ Af for j = I, ... , II, it follows that {Ju # 0, {Jijl # 0, {Jii 1 E R, {Ji;/ E R, moreover {JijiR contains some power of a l and {JII I is equivalent to OJ; I {Jlj/ . Hence, it suffices to find a linear combination

:n;

(5.87) with coefficients Aij in R and to set WI = Lj; I Ai)Wij (1 ~ i ~ n) in order to obtain a canonical R-basis of Af' For the purpose of solving (5.87) we form the I{J.-l of R and observe that elements Y,j = n~; h 'f'j .h.

L" YijR = R.

(5.88)

j; I

Assuming the existence of a Euclidean division algorithm in R we use it to obtain elements A.ij of R satisfying the equation (5.89) corresponding to (5.88). The equation (5.89) is tantamount with (5.87). In the next section we shall refer to the construction just described as amalgamation ofcanonical R-bases of the armaximal overorders (1 ~ j ~ II) to a canonical R-basis of A f .

Exercises I. Let F0 be a field. The formal power series ring in one variable t over F is defined as h . 0 t e rmg Fo[[t]] of all formal sums I:~Oajtj, where (adiEZ;'o) is any sequence of elements of F0, with operational rules co

co

i=O

i=O

I a/ = I b/-a co

I

i=O

ajt j +

j

= bIViEZ;'O,

co

co

i=O

;=0

I b/= I

(a j + by,

306

Maximal order

(a) Show that Fo[[t]] is an entire ring. (b) Which sequence of elements of F 0 corresponds to the unit element, which to the zero element, which to the negative of an arbitrary element of Fo[[t]]? (c) Show that the mapping I:Fo[t]->Fo[[t]]:L/=OaitiI->L/'=,oa/ subject to a i = 0 for i> II is a monomorphism. It is said to be the canonical monomorphism of Fo[t] into Fo[[tJ]. (d) Show that the unit group of Fo[[t]] is formed by all power series L/'=,oa/ with non-zero constant term ao. (e) The quotient field Fo((t)) of Fo[[t]] consists of all formal Laurellt series L= L/'=, -ooa/ (aiEFo,iEJ'.); there is an index t/(L) for each Laurent series different from 0 = L/'=, _ 00 Ot i such that t/(L)EJ'. and ai = 0 for i < t/(L). The operational rules for the Laurent series are obtained from those for the power series by substituting - 00 for 0 below the summation symbol. Show that the mapping i: Fo[[t]] -> Fo((t)):L/'=,oa/ I-> L/'=, _ ooaiti subject to a i = 0 for i < 0 is a canonical monomorphism of F o[[tJ] into F 0((1)). (f) Show that Fo[[t]] is a discrete Krull valuation ring of F o«t)) for the exponent valuation t/: F o((t)) -> J'. v {oo} of part (e).

2. Let R be a Krull valuation ring of the field F. Let E be a finite extension of .Q(R). (a) Show that the maximal ideal p of R generates a proper ideal of CI(R, E), and there is a finite basis b l ,b 2 , ••• ,bn • ofCI(R,E) modulo pCI(R,E). (b) Show that for any such basis the elements b l , b 2 , .•• , bn, are linearly independent over F. (c) Show that if R is discrete and if CI(R, E) is finitely generated over R, then the number II' equals the degree of E over F. 3. Let F 0 = IF p be the prime field of prime characteristic p > O. Let F be the subfield of IFp((t)) generated by t and by x = L/'=,ot pj '. Let R = IFp((t))(\F. (a) Show that x is algebraically independent of t and that R is a Dedekind ring with F as quotient field. (b) Let E be the subfield of IF p( (t)) generated by t and by y = L/'=, ot i'. Show that E is a purely inseparable extension of degree p over F such that E = F(y), yP = x. (c) Show that p:= tR is the maximal ideal of the local ring R. (d) Show that CI(R. E) = pCI(R, E) + Rp. (e) Show that CI(R. E) is not finitely generated over R. 4. Two ideals a l ,a2 of the unital ring A are said to be comaximal if they satisfy a l + a 2 = A. Show that (a) Any two distinct maximal ideals of A are comaximal. (b) Two ideals al' a 2 of A are comaximal, if and only if there are elements ajEaj (i = 1,2) satisfying a l + a2 = I. (c) Any two comaximal ideals ai' a 2 of A satisfy a l a 2 = a l (\ a 2 = a 2a l ,

A/(a l (\ a2 ) ~ A/a l ® A/a 2·

307

Dcdekind rings and orders

(d) If the finitely many ideals a I"

.. ,

as of A are pairwise comaximal then we have s

a l a 2 .. ·as = a l na 2n .. ·nas ,

A/(a l na 2 n .. ·nas ) ~ EBA/aj. i= J

5. The intersection J(A) of a ring A with its maximal ideals is called the Jacobson radical of A. Show that every ring epimorphism of A onto another ring i\' maps J(A) on J(i\'). 6. If the Jacobson radical of the unital ring A is already the intersection of finitely many maximal ideals al, ... ,as of A then show that a l ,a2, ... ,as are the only maximal ideals of A. In that case we have AfJ(A) ~ EB:= I A/aj, and the 2S distinct ideals ajl naj2 n .. · nal, (0 ~ r ~ s, I ~ i l < i2 < ... < i, ~ s) of A are the only ideals containing J(A). 7. For any two rings AI' A2 we have J(A I Efl A2) = J(AdEflJ(A2)' 8. A commutative ring is said to be simple if it is not nilpotent and if it contains no ideal other than itself and zero. Show that a commutative ring is simple if and only if it is a field. 9. A commutative ring is said to be semisimple ifit contains no nilpotent ideal different from zero and if the intersection of finitely many maximal ideals is zero. Show that (a) A commutative ring R =I: 0 is semisimple if and only if it is isomorphic to the algebraic sum of finitely many fields. (b) A commutative F-algebra over the field F is semisimple if and only if it is the algebraic sum of finitely many extensions of F. (c) A unital commutative F-algebra of finite F-dimension is semisimple if and only if its Jacobson radical is zero. 10. (E. Noether) Let ri:-O be a non-nilpotent minimal right-ideal of the ring A. Show that (a) r2 = r. (b) The left-annihilators of r in r, i.e. the elements p of r satisfying pr = 0, form a right-ideal of A which is contained in r. (c) The only left-annihilator of r in r is O. (d) For any non-zero element p of r we have pr = r. (e) For any non-zero element p of r there is an element e of r satisfying pe = p. (f) For the elements p, e of (e) we find that p is a left-annihilator of e 2 - e. (g) For the element e of (e) we find that (e 2 - e)A c r. (h) r = eA = er3e 2 = e i:- O. (i) What is the corresponding ('dual') statement for left-ideals?

II. Let F be a field. Show that (a) Every F-algebra H of finite F-dimension which is not nilpotent contains an idempotent. (Hint: use exercise 10.) (b) If the F-algebra H of finite F-dimension over F is a nilring then it is nilpotent. (Hint: use exercise 10.)

Maximal order

308

(c) The maximal nil radical NR(H) of an F-algebra H of finite F-dimension is nilpotent; it contains the Jacobson radical. Moreover, there are only finitely many maximal ideals of H containing NR(H), say 1 , ... ,0" and we have J(II/NR(H» = NR(H/NR(H» = 0,

°

H/NR(H) ~ 11/01 ® ... ® H/o" J(H/o;)=NR(H/o;)=O (1 ~i~s). (d) If H is a unital F-algebra of finite F-dimension then J(H) = NR(H) is the maximal nilpotent ideal of H. (e) If II is a commutative F-algebra of finite F-dimension then HjNR(H) is isomorphic to an algebraic sum of finitely many fields. 12. Let R be a unital commutative ring and A, M two R-modules. The most general R-bilinear form is defined as an R-linear mapping B: A ® R A -+ M. The orthogonal right B-complement of any subset X of A is defined as the set Xl of all elements y of A satisfying B(x ® y) = 0 for all x of X (notation: B(X ® y) = 0). The orthogonal left B-complement of X is defined as the set 1 X of all elements z of A satisfying B(z ® x) = 0 for all z of A (notation: B(z ® X) = 0). Show that (a)

x\ 1 X are R-submodules of A.

(b) Xl

= (RX)l,

1X

= l(RX).

(c) 1(X1);2 X,(l X)l;2 X. (d) (l(Xl»l = xl, 1«1 X)l) = 1 X. (e) Xs y~Xl;2 y1, lX ;2ly.

(f) (X u y)l = (RX + Ry)l, l(X U Y) = l(RX + R Y). (g) (X ( I y)l ;2 Xl + yl, l(X ( I Y);2 Xl + yl. (h) l(Xl ( I yl)

= 1(X1) + l(yl), (1 X (11 y)l = (1 X)l + (1 y)l.

(i) B is said to be non-degenerate if A 1 = 1 A = O. B is said to be symmetric if B(a ® b) = B(b ® a) for all a, b of A. B is said to be antisymmetric (skew symmetric) if B(a ® b) = - B(b ® a) for all a, b of A. Prove: if B is symmetric or antisymmetric then we have Xl = 1 X for any subset X of A, and B induces a non-degenerate bilinear form 8 on A/Al upon setting

8(a/Al®b/A1) = B(a®b) (a,bEA). (j) If b l , b 2 , • •• , b. is an R-generator set of A then B is symmetric if and only if the matrix (B(b i ® bk». ",;,k",. is symmetric. B is antisymmetric if and only if that matrix is antisymmetric. (k) If b., . .. ,b. is a finite R-basis of A and M = R then B is non-degenerate if and only if det (B(b; ® bk )) is a non-zero divisor of R. (I) If M I is an R-submodule of M then B induces the R-bilinear from

B: A ®RA -+M/M l:a®bJ-+B(a®b)/M I' (m) If A is a .Q(R)-module then B is a .Q(R)-bilinear form. (n) Let A be a .Q(R)-module with finite .Q(R)-basis b l , ... , b•. Then the .Q(R)bilinear form B is non-degenerate if and only if det (B(b i ® bk )) is a unit of .Q(R). (0) Let A be a .Q(R)-module with finite .Q(R)-basis bl, .. "b. such that det (B(b; ® bk )) is a unit of .Q(R). Then there is the uniquely determined dual

Dedekind rings and orders

309

.Q(R)-basis b~, ... ,b; of A satisfyingB(bi®bt) = c5 ik (1 ~ i,k ~ n), and we have A.L = L~= I Rbt for A = L~= I Rb k. Note that .L(A.L) = A.

13. The same notations as in 12 are used. Let A be an R-ring. (a) Let d: A -> .Q(R)Jx d be an R-homomorphism of A into the ring of matrices of degree dover .Q(R). Show that the d-trace Tr,1: A -> .Q(R):XH Tr (d(x)) is an R-linear form giving rise to the symmetric R-bilinear form B,1:A ®RA -+ .Q(R):x® yH Tr,1(xy) satisfying the admissibility condition

B,1(x®yz) = B,1(xy®z) (x, y, zEA). (b) Let B: A ® R A -+ .Q(R) be an admissible symmetric R-bilinear form on A. Then show that for any R-submodule A of A we find that [A\A]A.L £ A\ .LA[A/A] ~ .LA.

14. Let R be a unital commutative ring. The R-module M is said to be cyclic if it can be generated by one clement over R. Show that M is cyclic over R if and only if it is an R-epimorphic image of R. 15. Let R be a unital commutative ring. The R-module M is said to be Noetherian if every R-submodule of M can be finitely generated over R. Show that (a) Every R-submodule and every R-factormodule of a Noetherian R-module is Noetherian. (b) If both the R-submodule m of the R-module M and the R-factormodule Mlm are Noetherian then M is Noetherian, too. (c) (Lasker- McCaulay) If R is Noetherian then every finitely generated R-module is Noetherian. (d) Show the converse of (c).

16. (Hilbert) Let R be a unital commutative ring. An ascending sequence Mo ~ M I ~ M 2 ~ ••• of R-submodules of the R-module M is said to be afiltration of M if M = U~OMi' The corresponding grading of M is defined as the algebraic sum EB~oM; with M~ = M o, M; = M;/M i - I (iEN). (a) Show that for any R-submodule m of M there is the filtration mnMo £mnM I £ mnM2 ~ ... and thegradingEB~om;withmo = mnMo, m; = mn M;/mnMi_1 ~ M;(iEN) induced by the given filtration and grading of M. (b) Show that there are the grading epimorphisms t7o:Mo-+M~:UHU,

t7i: Mi-+ M;:uHuIM i _ 1 (iEN). (c) Show that two submodules X, Y of M satisfying X ~ Y coincide if and only if the given grading of M induces the same grading of X and of Y. (d) For every R-submodule m of M show there is the filtration M o/m £ M dm £ ... of Mlm induced by the given filtration of M. Describe the corresponding grading. (e) The polynomial ring R[t] in one variable t has the filtration M 0 ~ M 1 £ "', where M j denotes the R-module formed by all polynomials of degree ~ i. Show that the filtration splits inasmuch as M = R[t] = EB~oM; for M; = Rt j so that t7i(n=obktk) = b/. (f) For any ideal a of R[t] show we have t7j(anM;l = a/, where aj is an ideal of R

310

Maximal order

such that there is the filtration 00 ~ 0 I ~ 02 ~ (g) If R is Noetherian then R[t] is Noetherian.

...

of the ideal

U;x:, °OJ of R.

17. (a) Show that the transition from one finite generator set VI""'V" of the Rmodule M to another one can be done by a finite number of elementary changes: (i) Increase the generator set to VI>" ., V"' V" + I' where V" + I = Al VI + ... + A"v" is presented as a linear combination of VI' ...• V" with coefficients ..1.1 •...• ..1." of R. (ii) Decrease the generator set to V I> ...• V" _ I' if v" = Al V I + ... + ..1." - IV" - I is presented as a linear combination of Vi •... ' V" _ I with coefficients )'1 •...• ..1."-1 of R. (iii) Permute the generator set in anyone of the n! ways. (b) Suppose there is a relation matrix AER'x". Produce a relation matrix for anyone of the generator sets obtained by an elementary change. (c) Show that the elementary ideals of M remain unchanged for any elementary change. (d) For any epimorphism e of the finitely generated R-module M on the R-module M' show that it follows that M' is finitely generated over R and that 'fj(M'/R);? 'fj(M/R) (iEl'''o). 18. (a) If the ring R is Noetherian and r, is an R-epimorphism of RI X" on the R-module M then show that ker (r,) is finitely generated, say ker (r,) = Lf= I Rr:, r: = (Ail" .. , Aj "). so that the matrix A = (Ajk)E Rsx " is a relation matrix of M relative to the R-generators Vj = r,(rl) (I M an epimorphism on the R-module M with relation matrix 9l, ,,: RI XII--> RI X":u' I-> u'K (KEGL(II, R) a non-singular R-linear transformation), then there is also the R-epimorphism ",,: R I x II --> M with relation matrix 9lK - I. (b) Suppose the relation matrix ~HERsXII of the finitely presented R-module M contains the 11th unit row e~, then we have M = R,,(e'l) + R,,(e~) + ... + R,,(e~_.J with relation matrix 9l' derived from 9l by removing the 11th column. 28. Let M be a module over the unital commutative ring R. Then show that the intersection of all R-submodules M' of M with finitely generated R-factormodule is an R-submodule M o of M satisfying n«M/M o)/R);2(fj«M/M o)/R)= (fj(M/R) (iEl"o). 29. (a) For any non-zero polynomial P in II variables tl, ... ,t n over the infinite field F show there is a specialization tjl-> 'fj (l ~ i ~ II) in F such that P('f I" .. , 'f n) '" O. (b) Show that the polynomials in n variables t I' ... ,tn over the finite field IFq that vanish for all specializations tjl-> 'fjElF q (l ~ i ~ II) form an ideal of IFlt I"'" tnJ. It is generated by the monic polynomials t1- tj (l ~ i ~ II). (c) Construct for any non-zero polynomial P of IF q[t I"'" tnJ a finite extension E and n elements 'f 1" .. , 'fn of E such that P('f I'" . , 'f n) '" O. 30. (a) Let A be an order over the Dedekind ring R and let E be a finite separable extension of O(R). Then show that A = CI(R, E)®RA. is an order over the Dedekind ring R = Cl(R, E). (b) If a is a A-fractional ideal then show that a = R® Ra is a A-fractional ideal. (c) Show that (A:Ra)= R®R(A.:Ra). (d) If under the assumption of (b) A. is commutative and if the A.-fractional ideal a is invertible relative to A then show that A is commutative and a is invertible relative to A such that a- I = R® Ra - I. 31. If R is a Dedekind ring and A is an R-order then show that for any semigroup S of non-zero divisors of R the S-Iocalization A/S is an R-order. Moreover, show that we have (a/S:R1Sb/S) = (a:Rb)/S for the A-fractional ideals a, b.

313

Embedding algorithm

32. If R is a Dedekind ring and A is a commutative R-order then show that any Afractional ideal 0 of maximal R-rank is principal, if and only if 0 contains an element IX satisfying (A:RO) = (A:RIXA). In that case we have 0 = IXA. 33. Let A be a commutative order over the local Dedekind ring R and let 0 be a A-fractional ideal which is invertible with respect to A. (a) Show that there is a finite extension E of O(R) such that CI(R,E)®Ro is a principal CI(R, E) ® RA-fractional ideal. (b) Show that (5.45) holds for all A-fractional ideals b in case the A-fractional ideal 0 is invertible. 34. (E.C. Dade, O. Taussky, H. Zassenhaus) (a) Let M be a submodule of a unital ring A containing I A' Show that M j = M j + I (iEN) implies that M j is the subring of A generated by M. (b) Let R be a Dedekind ring and A an R-module with n basis elements. Let 0 be a non-zero ideal of R. Then show that for any R-submodule M of A containing oA there is an R-basis b l , ... , bn of A and there are elements el, ... ,en of R such that Oco+e I Ro;:;o+e 2 Ro;:; .. ·o;:;o.+e.Ro;:;R and M = LI= I (0 + ejR)b j. (c) Let R be a Dedekind ring and A a unital R-ring with n basis elements over R. Let M be an R-submodule of A containing I A' Show that M"- I is the subring of A generated by M. (Hint: Use induction over the natural number A in case M ;? pA A for some prime ideal p of. 0 of R, then apply a localization argument.) (d) Let R be a local Dedekind ring. Then show that every commutative maximal R-order is a principal ideal ring. (e) Let R be a local Dedekind ring and AI a commutative maximal R-order with n basis elements over R. Let A be an R-suborder of AI of the maximal R-rank n so that A = O(A) = O(AI)is asemisimple commutativeO(R)-algebra of dimension n. Let 0 be a A-fractional ideal of maximal R-rank n. Show that III contains a unit IX of A such that 2IA I = exA I and that A' = (ex - IIlI)"- I is an R-overorder of A. Hence, 0·-1 is invertible with respect to its order. (f) Let R be a Dedekind ring and A be a commutative R-order of R-rank n. Then show that for any A-fractional ideal 21 of maximal R-rank n the power ideal 21· - I is invertible relative to [2In - 1/21" - I].

4.6. Embedding algorithm In this section we describe an algorithm for embedding the equation order

AI = R[t]lf(t)R[t]

=

n

L: RX

i- 1

(x

= tlf(t)R[t])

(6.1 a)

(nEN)

(6.1 b)

i= 1

of the monic separable polynomial

f(t)

= t n + a1t"- 1 + .. , + an

314

Maximal order

with coefficients at, ... , an belonging to the Oedekind ring R into the maximal order Cl(R, A) of the algebraic background n

A

= Af=O(R)[t]/!(t)O(R)[t] = L

a(R)x j -

t.

(6.1 c)

i= 1

We are especially interested in the two cases R=~

R = IFq[e]

~~

(q

= pV,PEP, vEN,e an independent variable over IFq)

(6.2b)

in which R is a PIO. The output will be obtained as an integral ( = minimal) basis (6.3a) of Cl(R, A) over R, where ajkER,

0=1 NjER,

gcd(ai\,aj2 ,···,a jj)

1

(6.3b)

(I~i~n).

(6.3c)

=

and - as we already know ajj=lO,

N t =l=a\1,Nj_ t IN j

If it is desired we also attain uniqueness by making the additional demands ajj>O(l~i~n),

O~aij I in case -~ < 2x ~~. For any rational integer x there is precisely one reduced rational integer R(x,~) modulo ~ which is congruent to x modulo ~. It is found by means of division with remainder of x by ~ (compare chapter 1 (1.6)). Analogously the polynomial x of IFq[t] is said to be reduced modulo the monic non-constant polynomial ~ of IFlt] in case the degree of x is less than the degree of~. For any polynomial x oflFlt] there is precisely one polynomial which is reduced modulo ~ and congruent to x modulo ~, viz. R(x, ~). It is found by means of division with remainder of x by ~. In the sequel we shall use certain elements ~t' ... , ~Il of R which are mutually prime divisors of the discriminant d(f) of the polynomial! such that ~j is not in U(R) and ~fi divides d(f) for some natural number /(;, but the quotient d(f)/~fi is prime to ~j: (6.5)

In general we only know about some of ~;'s whether they are prime elements or at least square free elements of R. In any event certain computations

Embedding algorithm

315

modulo t5 j R[t] will have to be made in order to perform the embedding algorithm. If t5 j is not known to be a prime element of R then the task of dividing an element rx of R modulo t5 j by fJER, fJ ¥= 0 mod t5 j , can be carried out uniquely if and only if the Euclidean division algorithm of R for fJ,t5 j yields 1 = gcd (fJ, t5 j ) = X(fJ, t5 j)fJ + Y(fJ,t5 j)t5 j in which case rxl fJ == X(fJ, t5Jrx mod t5 j • Otherwise we find gcd (fJ, t5 j ) to be a proper divisor of t5 j which is not a unit of R. In that case we obtain by divisor cascading of fJ, t5 j a factorization

n t5j"i I,t5'I,···,t5~mutuallyprimeelementsofR\U(R),

j= I

and we replace

t5 jt-t5'l,t5/1+jt-t5j+1 Kjt- KjK'I'

K/I+ j t -

so that (6.5) still holds but

J.1.

(1 ~j 1 of d(f). This is because no method to test for a square factor greater than one is known which is polynomial time in terms of log Id(f)I. For that reason the following compromise is suggested: For a suitable natural number M > 1 the first M prime numbers PI = 2, P2 = 3, ... , PM are added to the input data such that we have at least n ~ PM' Then we determine the prime factorization d(f) = Pl'p'? .. · p't/Po with vjE7L;'o (I ~ i ~ M) and PoEN not divisible by any pj (I ~ i ~ M). We set

In case of c5~ = c5'1 = 1 the test is affirmative, i.e. d(f) is square free, and we terminate. If c5~ = I, c5'1 > 1 then no decision is made and we proceed to Step 2 with entries J1. = I, c5 1 = c5'1 > I, KI = l. For c5~ > 1 the test is negative. We assume that there are J1.'EN and indices 1 ~jl 1Jor its minimal

If ( is a-split then we apply a Hensel lift (see (5.76» to the congruence factorization (6.l4a) of m = mc in order to produce the congruence factorization s(C,A) mc= g~~:tmod(L\R[t]) (6.l6a)

n

i= 1

(L\ = (j2\S«(,L\) = s(m,(j),iY.iCd = iY.im6,giCd = gim6mod(aR[t])) and a presentation s(C,A) L aiCA«)OiCA«() = 1 mod (L\R[t]) (aiCA(t)E R[t], deg (a iCA) < deg (gim6), i= 1

(6.l6b) which evolves from (6. 14b). In this way we compute the set ofs«(, L\) orthogonal L\-idempotents eiCA:= aiCA«)OiCA«() (1 ~ j ~ s«(, L\»,

(6. 16c)

characterized by the congruences: eiCdejCd = 0 mod (L\R[(]),

01= elcd = eiCd mod (L\R[(]) (1 ~ i ~ s«(, L\)),

s(C,A)

L

(6.16d)

eiCA = I mod (L\R[(]).

i= 1

The R-order Aj = AIR[(] has the property that L\A j ~ AI' hence Aj contains the suborder A1* = L\A j + Lr~'t) eiCAAI with the property that J/ L\A1* is the minimal polynomial of e/L\Aj* over R/L\ and that Aj* /L\A j* = EB:~,t) eiCdAJ/L\Aj* so thatJ = n:~'t)Ji mod (L\R[t]), whereJi(t) is a monic non-constant polynomial of R[t] for whichJdL\R[t] is the minimal polynomial of eiCAe/L\Aj* over R/L\ and = tlf(t)R[t] as before. For the computation of theJi it suffices to form the R-orders Aj,* generated by and eiCA and to compute the minimal polynomial of eiCAe modulo L\. Using the remarks made at the end of subsection 8 of section 5 we realize that the task of embedding AI into its (j-maximal overorder is reduced to the task of embedding Aftfr-i.({.d) into its a-maximal overorder. That task is reduced to the tasks of embedding the R-equation orders AI, into their a-maximal overorder (1 ~ i ~ s«(, L\». It follows that any J-split leads to a reduction ofthe

e

e

Embedding algorithm

321

embedding task for Ito similar embedding tasks for finitely many polynomials of degree lower than the degree off.

Example For f(t) = t 3 K

(6.17) t 2 - 2t - 8, d(f) = - 22503 we compute 0 = 2, do(f) = 2,503, = 2, ~ = 22 = 4, It (t) = t 2 - 2t, f2(t) = t + I. -

It suffices therefore to make the assumption throughout the core algorithm

that every element Cof AJ that is brought to the test turns out not to be o-split.

Definition The element

(6.18)

Cof AJ is said

to be o-uniform

if s(C,~) = I, m{(O)R + oR = R.

The o-uniform elements of AJ are special units of AJ as follows from the equation m{m = O. An element C of AJ which is neither o-split nor o-uniform is characterized by the congruence m{(t) = tl', mod dR[t]

(6.19)

or else we find a factorization of O. In order to deal with such elements we introduce the o-adic exponential valuation '1:.Q(R)-+~u{ 00},'1(0) = I, '1(0) = O,'1(Oixy -l) = i(iE~, x,YER, olx, yR + oR = R). As was stated before, it suffices to assume that yJOo - ~(¥,({) R + oR = R whenever Yi(O is not zero and is brought to the test (I ~ i ~ /J{). Hence the non-zero coefficients of m{ are '1-multipliers. According to assumption we have Yi(C)EOR (I ~ i ~ /J(J It was pointed out for the special case R = ~ at the end of section 4 that the o-adic exponential valuation '1 is the minimum of certain additive exponential valuations '11' '12'" . ,'1c of .Q(R) in ~ U { oo} corresponding to the c prime ideals of R containing O. Suppose that E is minimal splitting field of m{ over .Q(R) then there are finitely many extensions of '11'"'' '1c to additive exponential valuations of E, which define an exponential valuation 1/:E -+ iQ u {oo} upon taking their minimum. This exponential valuation restricts to '1 on .Q(R). Since the constant term of m{ is an '1-multiplier it follows that the roots C1"", CI', of m{ in E are 1/-multipliers. Let 1/(C 1) ~ 1/(C2) ~ ... ~ 1/(CI.,) > 0 and let A.2 be the denominator of the positive rational number 1/(CI',)=A.t!A. 2 (A.1>A.2E~>o, gcd(A. 1 ,A. 2)= 1) then it follows that 1/«(f20-AI) ~ 1/(CA2{j-AI) = 0 so that for the element ~ C*:= CA20-AIEAJ the corresponding minimal polynomial m{. has the roots C;20 -),', though perhaps with a multiplicity which is not as large. For elements' of .Q(R)AJ satisfying

a

(6.20a) it is safe to define 1/(0 as the rational number occurring in (6.20a). Using the 1/-Newton polygon method of section 3 the statement (6.20a) is equivalent

Maximal order

322

to the inequalities

i '7(Y11(m ~ - '7(Yi«(» J1~

(1 ~ i < J1~)

(6.20b)

which can be easily tested. If the test is positive then we have (6.20c) Definition (6.21) The element' of Af is called a c5-element if it satisfies (6.20b) and if r;«() "# 0,

r;(0-1 E~>o. Starting from an arbitrary non-zero element ( of Af we produce a c5-element of R[(] as follows. Test whether ( is c5-split. If that is not the case form (* = glmb«()"# O. Test whether '7(Y11('((*» ~ (i/J1~.) '7(Yi«(*» (1 ~ i ~ J1~.). If that is the case form '7«(*) = A.dA.2 (A."A.2E~>0,gcd(A.I,A.2) = 1), k,A., + k2A.2 = 1 (k" k2E~), n(O:= «(*)k'c5 k" hence 0 < r;(n«(» = 1/,.1,2' In particu!ar, the use of c5-elements permits to give a new criterion for the c5-maximality of A f · Criterion (6.22) The equation order Af is c5-maximal precisely ifn(e) can beformed and satisfies

n@ = gl~b(e) (gl~b(t):= glm~~(t)), J1~'7( n(~»

= 1.

(6.22a) (6.22b)

Proof We use localization. It suffices to assume that R is local with c5R as maximal ideal. Then Af is maximal precisely if the elements ~/e*k (0 ~ i < deg(g,~~), o ~ k < '7(n(W- I) form an R-basis of Af as follows upon projecting Af on 0 the simple components of .Q(R)Af . Hence, (6.22a, b). The criterion (6.22) yields a useful test for c5-maximality: Criterion (6.23) Let (6.22a) be satisfied (in which case we call e normalized) and assume that _I

n(e)lJ{n{m

IJ{n(W-I-1

==

L

c/(e)n(e)i mod (AA f)

i=O

(Ci(t)E R[t], deg (Ci) < deg(gi~b)' 0 ~ i < '7(n(W - I). Then Af is c5-maximal precisely if co(e)/c5 is a c5-unit.

After the preceding introductory remarks we proceed to expound the last three computational steps yielding the embedding of Af into a c5-maximal overorder. They constitute the

Embedding algorithm

323

Core algorithm Step 4

(Normalization of ~). If gl~~(~) = n(~) is already satisfied then proceed to step 5, else set f +- ~ + n(~). It follows that gl~'~ = gl~~ and that is not !5-split. This is because by in any minimal splitting assumption f has n distinct roots l extension E of f over O(R) and either iiK- ej)=O or i/(e;- e) ~ i/(gl~~(n(e))) > i/(n(W (I ~ i

deg(gl~~)'

(6.24)

This must be achievable in a finite number of trials and errors since the residue class fields under consideration are finite and there holds the theorem of the primitive element in the strong form that a finite field IF generated by two elements Co is already generated by one element ofthe form + P(co), where P is some polynomial with coefficients in the ground field. Now suppose that (6.24) is satisfied. If deg(m~.) is less than n we form expressions

t,

~"=~'

t

+ c5P2(~)

beginning with P2(t) = t, we will have

(P 2 (t)ER[t]

c5-reduced with deg(P 2 ) < n)

(6.25)

e" = e' + !5e. After a finite number of trials and errors deg (m~oo) = n.

(6.26)

e

We fi~d that ~me" ~ AI' AI = AI + Ame'" We replace by f'. The transition from Ameoo to Af is routine. We go back to step 4. We note that the degree of g\~6 increases each time we carry out step 5. That can happen only a finite number of times. Step.6 (development of n(~)~(·(W-I). At this point we have

nW = gl~6(e),

Co = !5-l n(e)'EA f

,

ii(co) =

0,

v = '1(n(m- 1 < p.~.

(6.27)

Maximal order

324

It follows that there holds a congruence development Co == Lr:J Cj(~)ll(~)j mod (ll(~YA f) with (j-reduced polynomials cj(t) of R[t] satisfying

deg(cj) < deg(gl~6)

(0::::;; i < v),

Co

# 0,

(6.28)

which is easily obtained by calculations in R/(jR[t] modulo ll(~YR/(jR[t]. Since 1l( ~Y is contained in (jA f it follows that there holds the congruence development Co == Lr:J Cj(~)ll(~)j mod «(jA f ). We extend it as follows. Assuming that there already holds a congruence development v- I

Co

==

L

Cj(~)ll(~)jmod((jiAf)

(jEN)

(6.29)

j=O

with polynomials cj(t) of R[t] satisfying (6.28), the expression p = (j - i(co - Lr: J Cj(~)ll(~)j) is not zero since the minimal polynomial of ~ over R is f, and we have ij(p) ~ 0, hence p = P'll(~)A.p"-1

+ p"R = R). (6.30) deg(m~.) = n, gl~6 = gl~'6' p.~ = p.~"

(p'EAf,AEZ,p"ER,(jR

For ij(p') > 0 we form ~' = ~ + p' so that 1l(~') = gln(O, '1(1l(~'» = '1(p') < ij(ll(e)), Now we replace ~ by ~' and go back to ste~ 5. (W O. A similar argument excludes the possibility 1=0. In case I", 0, J '" 0 (2.11) yields 1
0 such that 6' and 6m yield the same element of U. say ~u, i.e. there are m, lEN, ml, ... ,m" 11, ... ,l,E~ such that

Hence, (2.13g) and the units 6, 6 1 , ...• 6, are dependent. From the preceding lemmata we easily derive:

o

Theorem (Dirichlet) (2.14) Let R be a subring of the integral closure of ~ in an algebraic number field F of degree n. Let the ~-rank of R be n, and let F have s + 2t conjugates ordered in the usual way. Let r = s + t - 1. Then the unit group U(R) of R is the direct product of its torsion subgroup, generated by a root of unity (. and r infinite cyclic groups, generated by so-called fundamental units E 1 ' " ' ' E,: U(R)=(O x (E 1 ) x .. · x (E,). Proof The torsion subgroup TU(R) of R was already determined in (2.6). From

The Dirichlet theorem

335

the proof of (2.13) we know that each eE VCR) is of a form e = l1,e l m, ... . 'e rmr

(l1,EU (compare (2.13f),} mj E7L, ejEV(R) subject to (2.11), 1 ~ i ~ r),

(2.15a)

and that each unit is dependent from e I' ... , er' In particular, there are minimal exponents n,EN such that 117' is a power product of e l , ••• er (I ~ I ~ v). Let M:= lcm(n l , ... , nJ.

(2.15b)

Then for each eEV(R) the Mth power eM belongs to the subgroup (f. I ,.··, er) of VCR), i.e. this subgroup is of index at most M in VCR) by chapter 3 (2.9), (2.15c) The rest of the proof is an easy consequence of the principal theorem on finitely generated abelian groups. However, for the reader who is not familiar with this theorem we also prove the remaining part. As a system of generators of VCR) modulo TV(R) we shall obtain Mth roots of suitable power products e';'I. ... · e~r. For this purpose we consider sets of units 9R j defined by

9R j:={eEV(R)le ME(e j, ... ,er )}

(I~i~r).

(2.15d)

In the presentation (2.15c) of eM for eE9R j we have m I = ... = mj _ I = 0 and the occurring mj form a 7L-ideal f;1L,. We choose E j E9R j for which the exponent of ej in (2.15c) is fj (I ~ i ~ r). Hence, given eE VCR) we successively get rational integers a I' ... , ar by eM = e l m, ... . 'f. rmr = E I Ma, e2 ti'2, ••• 'f./ir (2.15e) Therefore (eEia'· ... ·Er-ar)M = I, i.e. eEial. ... ·Er-ar belongs to TV(R), and we have shown that a suitable (ETV(R) and EI, ... ,Er generate VCR). It remains to prove that E I , ... , Er are independent. Let us assume (2.15f) This implies ElmI M ...

"Ermr M = 1,

and we can substitute el , ... , f. r and obtain f.1 hi .... ·e/r = I for suitable hj E7L (I ~ i ~ r), hence hi = ... = hr = O. But, hi = mJI which yields m1 = O. Successively we obtain m 2 = ... = mr = O. This and exercise 1 complete the proof.

o Remark

The preceding lemmata and the Dirichlet theorem are valid also for /' = O. Especially (2.14) yields VCR) = TV(R) iff s + t = I, i.e. s = I, t = 0 (F = 0) or s = 0, t = 1 (F = d)t), dEN, d squarefree).

0« -

336

Units in algebraic number fields

Unfortunately, the deduction of the Dirichlet theorem given in this section is not constructive. Of course, looking through the proofs carefully we could derive a method for determining (, E I"'" Er in a finite number of steps. But this number is too large for practical computations. Therefore we shall develop better ways for the computation of TU(R) and a system of fundamental units in the next sections. We note that a system of fundamental units E I, ... , Er is not at all unique for U(R). For example, we can multiply each E j by arbitrary powers of (. Also, for E I , ••. ,Er being fundamental units, the units til , ... ,tIr satisfying r

n.·=

'fl'

f1 j= I

E.mi) J'

(2.17)

subject to M

= (mij)EGL(r, 1')

are a system of fundamental units.

Exercises


X .•. x and TU(R) = 1 of g(t) = (I + y/k)2/n. Let a = alai + ... + a.a.EA be a solution of (3.2), (3.3) which exists according to our premise. We set (3.9a) which implies (3.9b) Hence, we can write Yj in the form (3.9c)

340

Units in algebraic number fields

o ~ t:k < 1 (s '''' w .. Obviously, 'I'w satisfies the first property required, i.e. '1'", is linear of det 'I' w = ± 1, hence 'I' w(n) is an O-symmetric parallelotope of volume 2". Also the absolute norms of elements - 1('1'w(n) n lLn) are bounded by B because of

n(w):= 'I'w(n) = {IN(w)I-I/" MroXEIR"I- 1 ~ Xi ~ 1, 1 ~ i ~ n},

(5.6)

and

n (IN(wWl/nl(wV), ... ,w~j)Mwx)1 n

j= 1

=IN(wWl

n"

Iw(j)(wY), .. ·,w~)xl

j= I n

=nlx'(wy>, ... ,w~),I~B

for-l~xi~l,

l~i~n.

j= I

It remains to show how we can easily determine 'I' w(II)nlLn. By chapter 3

352

Units in algebraic number fields

(2.7) we compute unimodular matrices U""U;;,I such that M~Uw=:N,. is in Hermite normal form. We recall that Nco is a lower triangular matrix, hence the product of its diagonal elements nii (I ~ i ~ n) is - up to sign - N(w). Elementary integral calculations yield a lower triangular matrix B,.EZ'/xII such that (5.7) M~U ",B", = diag(IN(w)I, ... , IN(w)l). Namely, if we denote the entries of N "" B", by nij, bjj, respectively, (5.7) is equivalent to

L: k= "

JijIN(w)l=

L: njkbkj k=j j

njkb kj =

I

(I ~i,j~n).

(5.8)

Let us assume that we have already computed bij subject to (0;: =jo+ I nkk)lbjoj for fixed ioEZ""o and 1 ~j ~ n. Then (5.8) yields in case i = io + I ~ n: for j = i:b jj = IN(w)l/njjEZ\{O}, for j < i:

for j > i: b jj

= 0; .

hence, we can compute bij subject to bij(O;:=j+ I nkk)-I EZ for i = io + I, 1 ~j ~ n. Thus B",EZ" X " is obtained successively. Let C =(cl"'" e,,)' be a lattice point ofO(w). Then there is x =(Xl>'" ,X")'EIR" subject to -I ~Xi~ 1 (I ~i~n) such that c=IN(w)I-I/IIMwx, and also d = U~c is in Z". Multiplication by B!. yields B~d = IN(w)IC"-I)f"X, hence each cEO(w)nZ" is obtained upon multiplication by (U.;;I)' from a solution dEZ" of II

-IN(w)IC"-I)/"~

L djbjj~IN(w)IC"-l)/"

(i= I, ... ,n).

(5.9)

j=j

Since the ith inequality of (5.9) contains only the coordinates d j , ••• , d", all integral solutions of (5.9) can easily be computed by determining all integers dj solving the ith inequality for each (n - i) - tuple (d j + 1"'" d") already obtained (i = n, n - I, ... , I). Each solution d of (5.9) then is multiplied by (U;;,I)' to obtain all lattice points c ofO(w)nZ": c = (U';; I )'d.

(5.10)

Before we discuss the processing of the integers cp -1(O(w)n Z") we should consider the preceding computations more thoroughly. Let us remember that we started fixing an integral basis WI>""W" of R. The choice of WI, .•• ,W" is of strong influence on the amount of necessary computations, since the size of B of (5.3) is directly affected by it. Let us demonstrate this by a simple but impressive example.

Example (5.11) t t Let R = Z[6 ]. For WI = 1, W 2 = 6 we easily compute B= 6 (see also exercise 5).

Computation of independent units

353

But if we choose WI = 1, W 2 = 2 + 6 t , we obtain B = 5. The corresponding parallelotope contains the lattice point (3, 1)'. We fix W 2 and take cp - 1 «3, 1)') = 3 + 6 t as new basis element W l ' This not only yields B = 3, a much better bound, but also the new basic parallelotope contains cp(e) = CP(WI + w 2) = cp(5 + 2(6)t) as a lattice point, e being the fundamental unit of R. Of course, we would like to choose WI'"'' WII to make B as small as possible. Unfortunately there is no solution for that task as far as we know. Even for the easiest case of a real quadratic number field that problem is about as difficult as solving Pell's equation directly which just means determining the fundamental unit (see exercise 5). From that result we conclude that it will be rather hopeless to look for an optimal ~-basis of R such that B of (5.3) is minimal. On the other hand it suggests to search for basis elements Wi (1 ~ i ~ n) of small norm. Since such a basis is also difficult to determine we instead take a reduced ~-basis of R with respect to the length

(5.12) Because of the inequality between arithmetic and geometric means we obtain (5.13) from which we conclude that elements rt.ER of small length also have small norm. We note that a ~-basis of R which is only pairwise or LLL-reduced (see chapter 3) in general suffices for our purposes. Such a basis can be computed very quickly starting from an arbitrary ~-basis of R. The use of such bases was of great advantage in [6]. Not only was the amount of computation time drastically reduced but also the coefficients of the obtained fundamental units became much smaller, sometimes by several powers of ten. Even for some totally real sextic fields we obtained all five fundamental units from the basis parallelotope II when we used a reduced basis (compare table 6.1 of the appendix). Another comment must be made about the choice of the transforming element WER. It is clear that WE~ would yield Mw=diag(w, ... ,w) and therefore ll(w) = ll. But within R\~ the choice of W is completely free. We would like to choose W such that ll(w) contains many new lattice points. Unfortunately we don't know how to determine w for that purpose. From our experience in computing units we suggest the choice of an element w of small absolute norm and then a few consecutive powers of that element for transforming II and then to switch to another w. Jhis method has several advantages. Elements w of small absolute norm are stored anyway and are therefore always at hand. If w is of small absolute norm, usually the entries of M ware small, too, and the entries of the first few powers of M w still fit

354

Units in algebraic number fields

into one computer word. Also the use of powers M~d = Mrok diminishes the calculations necessary for computing U wk, BWk (see [5]). We note that the choice of transforming elements w should still be investigated in greater detail. See also exercise 6. A final remark concerns the computation of n(w)n ~ •. The method discussed in (5.5)-(5.10) is indeed very simple. All computations (except for 1N(w)lb, r:=a-La/bJb, s~t~Lk/aJ, r>k-j~O. Then the solutions (x, y)' E(Z "0)2 of j ~ ax + by ~ k subject to s ~ x ~ t and the -rt)/bl ~ u ~ Uk -rs)/bj solutions (u, V)'E(Z"~2 ofj ~ bu + rv~ k subject to are in I-I-correspondence.

ru

Proof It is easily seen that each solution (x, y) with s ~ x ~ t yields a solution (u, v) with 0 ~ S':= rt)/bl ~ u ~ Uk - rs)/bj =:t upon setting u = y + La/bjx, v = x. If, on the other hand, (U,V)'E(Z,,0)2 satisfies j ~ bu + rv ~ k and

ru -

356

Units in algebraic number fields

s ~ u ~ t, we set x = v, y = u -

La/bJv and get

o Therefore we can apply Euclid's algorithm to the pair (a, b) of (5.18) as long as the remainder is larger than the difference k - j. What happens when it finally becomes smaller? ~mma

(~~

°

Let a> b > 0, k ~ j ~ 0, t ~ s ~ be integers subject to l(j - at)!bJ ~ 0, b > k - j, and r:= a -la/bJb ~ k - j. Then for each UE~ satisfying rt)/bl ~ u ~ Uk - rs)/bJ there is a VE~;'o subject to j ~ bu + rv ~ k, s ~ v ~ t, and each such pair (u, v) yields a solution x = v, y = u -la/bJv ~ of j ~ ax + by ~ k satisfying s ~ x ~ t.

ru -

°

Proof

ru -

Because of k - bL(k - rs)/b] ~ rs, j - b rt)/b1 ~ rt, we obtain for every u in the interval [r U- rt)/b 1, L(k - rs)/b J]: k ~ bu + rs, bu + rt ~ j, and because of r ~ k - j for each such u there exists (at least one) v, s ~ v ~ t, satisfying j ~ bu + rv ~ k. The rest of the proof is by similar arguments as in (5.19).

o Before we now develop an algorithm solving (5.18) we need to be a little more explicit about the necessary computations. At each step i we assume to have an inequality j ~ ajXj + bjYj ~ k together with bounds Sj, t j, Sj ~ Xj ~ tj ~ Lk/ad. According to (5.19) we compute qj:= La;/b;J, rj:= aj - qjb j,

aj+ 1 =bj, bj + 1 =rj, ( Xj+I)=(qj Yj+

I

1

°1)(Xj), Yj

Finally, if b. ~ k - j for the first time we must compute XI' YI for all solutions

357

Computation of independent units

Xm

Vj:= (1' ~) Vk - 2 • ••• 'V I = U nG:). For

YII' This is done efficiently in the following way. We set

(I ~i~n-I) for abbreviation and define U k := Vk (2 ~ k ~ n). Obviously, Un is unimodular and satisfies (;~)

Un = (~~

I

~!) we have

Algorithm solving j ~ ax + by ~ k for x, YElL"o

(5.21)

Input: Integers a, b, j, k satisfying k ~ j ~ 0, a> b > O. Output: All pairs (x, y)'E(lL"of satisfying j ~ ax + by ~ k, respectively, 'No solution' if none exists. Step I: (Initialization). Set i +-- I, aj +-- a, bj +-- b, Sj +-- 0, tj +-- Lk/a J, U j +-- (~ ?). Step 2: (bj > k - j?). In case bj ~ k - j go to 4. Step 3: (Long division of a, b). Set qj +-- Laib;J, rj +-- aj - qjb j. Set i +-- i + I, aj+--b j _ l , bj+--rj_ 1 Uj+--(qiil ~)Uj_I' Sj+--rU-bjtj_I)/ajl, t j+-- Uk - bjsj_I)/a;j. In case Sj> tj terminate with 'No solution', otherwise go to 2. Step 4: (Print solutions). For each uElL, Sj ~ U ~ tj compute all vElL such that Sj_1 ~ v ~ t j_ 1 andj ~ aju + bjV ~ k. For each such pair (~) print solution G) = Uj-I(~). Remarks (5.22) (i) In step 4 solutions always exist according to (5.17) and (5.20). (ii) This algorithm is an improvement of the one given in [5]. It requires only one-third of the arithmetic operations of the latter to proceed from level i to i + 1. (iii) To exclude the superfluous solution (0, k o) of (5.16) it is advisable to consider the case So = 0 in step 1 separately and then to proceed with So = 1. Method II: ellipsoids Again we apply (3.8) in the case A = RA = R, k = I. However, there is the problem that we do not know realistic bounds (3.3) for the conjugates of the elements of bounded norm which we are looking for. Hence, we omit (3.8d) and modify (3.8g) to:

Irjl ~ m

Irjol = m, (5.23) positive integer. The initial value is m = 1 of course. If all

(1 ~j ~ n)

and there is an indexjo such that

where m denotes a lattice points of all ellipsoids (3.8e) have been determined for a fixed value of m, then we increase m by 1 and proceed until a maximal set of independent units has been determined. We remark that the condition hoi = m guarantees that no ellipsoid is considered twice. From (3. lOb) we know that the norms ofthe elements found

358

Units in algebraic number fields

as lattice points are bounded by 1 + y in absolute value. The appropriate choice of y was discussed at the end of section 3. On the other hand, we can also choose y in such a way that the obtained ellipsoids always contain non-zero lattice points. By Minkowski's Convex Body Theorem we find by an easy calculation that a choice of (nI2)!

y

{ ~ -1 + (~)'" Idll (l~\ nn 2" _n_

2

) I

.

for n even for n odd

(5.24)

is sufficient for that purpose (see exercise 4). Of course, this can not be recommended if the absolute value of the discriminant of R is large. Method II has the advantage that it proceeds in a systematic way. Hence, it is guaranteed to provide a maximal set of independent units. Moreover, the procedure of increasing m makes it likely that not only independent but fundamental units are detected. After we showed how to produce sufficiently many elements of R of bounded norm we need to consider the processing of such elements once they have been computed. Let xER be the last element obtained from the parallelotope under consideration. We assume that the elements determined earlier are stored in some array X which contains nx elements of R of bounded norm at the moment. The corresponding norms - respectively their absolute values - are stored in an array X N • Moreover, we need auxiliary arrays i, iN of fix elements each. The initial values are nx = fix = 0, of course. Algorithmfor comparing x with stored elements of small absolute norm (5.25) Input. xER of absolute norm N x> 1, arrays X, X Noflength nx as described above. Output. X, X N, nx and/or units B 1 , ... , Bp. Step 1. (Initialization). Set fix +- 0, k +- 0, p +- 0. Step 2. (X completely searched?). Set k +- k + 1. For k > nx go to 6. Step 3. (Next element of X). Set a+- X(k), N« +- X N(k). For N« > N x go to 5. Step 4. (Compare X(k), x for XN(k) ~ N x ). For m:= N)NAlL go to 2. For p:= x/a¢R go to 2. For m = 1 set p+- p + 1, Bp+- Pand go to 7. For m > 1 set x +- p, N x+- m, k +- and go to 2. Step 5. (Compare X(k), x for X N(k) > N x). For m:= N IN All go to 2. For p:=a/x¢R go to 2. For i=k, ... ,n x -1 set X(l)+-X(l+ 1), X N(l) +- X N(l + 1), nx +- nx - 1. Then set fix +- fix + 1, i(fi x ) +- p, i N(fix) +- m, and go to 4. Step 6. (Insert x into X). Set nx+-nx+ 1, X(nx)+-x, XN(nx)+-N x .

°

Regulator bounds and index estimates

359

Step 7. (Decrease X) For fix =0 terminate. Else set x O. j= I

Uk

Therefore L 2 ('1 d, ... , L 2 ('1r) are IR-linearly independent implying that L 2 (e 1 ), ... , L 2 (e r ) and also L1(ed, ... , LI (e r ) are IR-linearly independent. To prove the second statement of the lemma it suffices to show that the vector (c I' ... , CS + IYis IR-linearly independent from LI (e 1), ... , Ll (e r ). If it were not, there would bea presentation (c I, .. "CS+1t = Ll= I tjLI(ej)(tjEIR, 1 ~ i ~ r, max {Itj 111 ~ i ~ r} > 0). But then addition of the coordinates yields the contradiction s+t

s+2t=

s+t

r

L Cj= j=lj=1 L L tjcjlogleF)1 j=1

o Corollary 1 (6.4) Let U,(R) be a subgroup of U(R) of finite index. Then Lj(U,(R» is a free ~ -module of rank r (i = 1, 2). Corollary 2 Let U,(R) be a subgroup of U(R) of finite index. Then (U(R): U,(R» = d(L 2(U,(R»)/d(L 2(U(R»).

(6.5)

Proof (6.4) is obvious. For the proof of (6.5) we note that (L 2 (U(R»:L 2 (U,(R))) = (U(R): U.(R» follows from the homomorphism theorems of group theory. 0 Then chapter 3 (3.6) is applied. Definition (6.6) Let U,(R):= TU(R) x x ... x be a subgroup of U(R) offinite index. Then the mesh d(L 2(U,(R») is called the regulator Reg (Ut(R» of Ut(R). In case R = CI(~, .Q(R» the regulator of U(R) is also called the regulator of the field F = .Q(R). We denote it by Reg F , or in short by R F •

At the present state of our computations of U(R) we assume that we already calculated independent units e l , ... , er generating a subgroup Ut(R) of finite index up to roots of unity. Now we can calculate Reg(U,(R» from Reg (U.(R» = abs(det(cjlogleF)I)I';i,j.;r) and obtain an upper bound for the index

(U(R)' U (R» = Reg (U.(R» " Reg(U(R»

U nits in algebraic number fields

362

once we know a lower bound for Reg(U(R)). To derive such a lower bound is the goal of the rest of this section. We apply the tools of chapter 3, namely, following Remak [7] we consider n

L (logleUll)2 j~

(eEU(R)).

(6.7)

I

Representing e by fundamental units this becomes a positive definite quadratic form. The determinant of this quadratic form is essentially Reg (U(R)). Thus we get a lower bound for the regulator of U(R) by chapter 3 (3.34), as soon as we have derived a lower bound for (6.7). Let us fix a system of fundamental units E I , ... , E, of U(R). Each eE U(R) then has a (unique) representation by E I, ... , E, and some element of TU(R). Hence, for le(j)1 (1 ~j ~ n) we obtain

,

L xjlogIE/j)1

10gle(j)I=

Using the constants cj (1 n

s+t

j=1

j~1

(XjE~, 1 ~i~,., 1 ~j~n).

(6.8)

I

j=

~j~s+t)

of(6.1) we convert (6.7):

L (logle(j)1)2 = L cilogle(j)1)2 ,

=

L j.j~

(cs-+\cjcj+bijc)logle(i)llogle(j)1 I

,

-. L

"'V~ I

q"vx"xv'

This shows that (6.7) is indeed a quadratic form. It is positive definite since (6.7) is always non-negative and becomes zero only in case all conjugates of e are of absolute value 1. But then e is in TU(R) because of (2.5), hence (6.7) vanishes only in case of XI = ... = x, = O. The next step will be the computation of the determinant of the quadratic form. It is easily seen that the matrix equation (q"v)1 .;".\..;, =

(Ck

log IE~k) 1)1 .;".k.;,(dj.j)1 ';;j.;,(c,log IE~)I)I .;,.• .;,

is satisfied for 1: -1 d jj = cs-+,I + uijcj

(1

..

)

~ l,j ~,. .

The evaluation of the corresponding determinants yields det (qj) = Reg (U(R))22 -'n because ofLI=1 Cj=n-c s +" ni~~ Cj-I =2-' and exercise 1.

(6.9)

363

Regulator bounds and index estimates

In view of chapter 3 (3.34) it remains to give a lower bound for (6.7) in case BEU(R)\TU(R). This will be done by analytic methods. We set (6.1 0) and then minimize II

I. xJ

j~

(6.11a)

1

subject to suitable side conditions coming from the properties of B of U(R). Obviously, we can require (6.11 b) because of IN(B)I = 1. But then a criterion which excludes the solution = 0 is most important. The image of R under the mapping

XI = ... = XII

t/I: R -t 1R": Wf-+(w(1), ... ,w(S),

} 21 Rew(s+ 1), 21 Imw(s+1), ... ,21 Rew(s+/), 21 1m

W(S+/»)'

(6.12) is a lattice t/I(R) of mesh Id(R)I. For the lattice vectors t/I(w) the usual Euclidean norm in 1R" is (6.13)

It is no problem to compute the successive minima of t/I(R) with respect to II II by chapter 3 (3.36). Usually it suffices to calculate only M I ' M 2, M 3 which coincide with 1It/I(wdIl 2, II t/I(w 2 ) 11 2, 11t/I(w3)11 2 for a reduced basis t/I(w l ), ••• , t/I(w ll ) of t/I(R) (compare chapter 3 (3.32)). And a reduced basis for R was already used in the preceding section. It is easily seen that MI

=n

for t/I(1).

(6.14)

Namely, every wER, w #- 0, satisfies IN(w)1 ~ 1, hence T 2(w) ~ n by the inequality between arithmetic and geometric means. The same argument yields

II t/I(w) II = n1¢>wETU(R).

(6.15)

This implies that a basis of R consisting of roots of unity WI' •.• , WII satisfies I t/I(w j ) 112 = M j = n (1 ~ i ~ n). And this happens in all cyclotomic fields. On the other hand, for TU(R) = {± I} we get M 2 > n and for n = s we even have M 2 ~ (3j2)n [8] (note that T 2 (w) = Tr (W 2)EZ in this case).

Remark (6.16) For BE U(R)\ TU(R) we always have II t/I(B) 112 ~ M 2. However, in case (1 + 51)j2E U(R), for example, M 2 ~ 3(nj2) independently of the discriminant of R. Therefore, in case of .Q(R) having proper subfields, higher

364

Units in algebraic number fields

successive minima usually must be taken into consideration to obtain a good lower bound for (6.7).

Theorem Let M*:= min {T2(w)lwEU(R)\TU(R)} eE U(R)\ TU(R) satisfies

= Tz(w*).

Then

(6.17) M* > nand

Proof We set x/= log le(j) I (I ~j ~ n) and minimize. II

f(x):=

L1 xJ

j=

subject to 2,'1= 1 Xj = 0 and 2,'1= 1 e2xj ~ M*. A vector XEIR which satisfies both side conditions is called a feasible solution. Obviously, there are feasible solutions x, for example those corresponding to units eER\ TU(R). Now (6.15) implies M* > n. Hence, each feasible x must have positive and negative coordinates. Let YEIR" be feasible. Then each xEIR" withf(x) ~f(Y) necessarily satisfies - f(y)t ~ Xj ~f(y)t (I ~j ~ n). Hence, the existence of a global minimum is guaranteed. If the minimum is attained, let us say for the vector Z, the second side condition must be active, i.e. 2,'J= 1 e 2zJ = M*. Otherwise we could decrease the maximal coordinate of Z by a very small constant b and increase the minimal coordinate of z by b to obtain a new feasible solution Z6 with f(Z6) l) and obtain the equivalent problem: Minimize tns(n - s) (log y)2 subject to G(s, y):= sy" - M* yS + n - s = 0

°

for

(s,Y)E[nI2,n-l] x(l,oo).

Because

of

Gy(s'Y)=>(Syll-~SM*Ys)

the function G(s, y) has exactly one minimum for fixed s. Hence, G(s, 1) = n - M* < yields exactly one solution y:= h(s) of G(s, y) = for fixed

°

°

Regulator bounds and index estimates

s. We shall prove that F(s):= s(n - s) (Iogy)2 increasing in s. Namely,

= s(n -

365

s) (Iogh(S))2 is strictly

F'(s) = (log h(s))2(n - 2s) + s(n - s)2 10g h(s) h'(s) h(s)

= log h(S)((n _ 2s) log h(s) + 2s(n -

h(s)

s) (_ Gis, y))) Gy(s, y)

I (( n- 2s)1 ogy- 2(n - s)(y"- I -IOgYM*YS) . =ogy ny" - M*yS Because of y > I, G(s, y) = 0 and the denominator in the last term being positive we obtain the following chain of equivalent inequalities F'(s) > 0,

(n - 2s) log y(ny" - M*yS) > 2(n - s)(y" - I -logyM*y'), logy(n(n - 2s)y" + nM*yS) > 2(n - s)(y" - I), log y,,/2 > (y"- 1)/(y" + I). Setting z = y" we need to prove t log z > (z - 1)/(z + I) for z > I. But this last inequality follows from 1/(2t) > 2/(1 + t)2 (t> I) by integrating both sides from 1 to z. Thus we have shown that (n/4)s(n - s) (log h(S))2 is strongly increasing (even for 1 ~ s ~ n - 1 (!)). Because of our assumption s ~ n/2 the minimum is attained for s = n/2. But then G(s, y) = 0 implies 2 y" _ -- M* y,,/2 + 1 = 0, n i.e. M* (M*2 )1/2 y"/2 =--+ - 2 - - 1 , n n

o

and the theorem is proved.

Remarks

(6.18)

(i) M* can be easily calculated by chapter 3 (3.15). (ii) In case n is odd the estimate of (6.17) can be slightly improved by computing y> I from G((n+ 1)/2,y)=0 and then (n/4)F((n+ 1)/2) as a lower bound for Ii=1 (Iogle(jlI)2. (iii) It seems somewhat puzzling that we can stipulate s = n/2 even though F(s) is strictly increasing in [I, n - I]. The reason for this is that e and e- 1 yield the same value Ii = 1 (log Ie(jl If but I tjJ(e) II and II tjJ(e - I) II can differ substantially. Corollary The regulator Reg(U(R)) of R satisfies the inequality

Reg (U(R))

~

(MoYr-r2'n-I)I/2.

(6.19)

Units in algebraic number fields

366

Proof By (6.7), (6.9), chapter 3 (3.34), (6.17).

o (6.20)

Examples

(i) Let R = £'[p], p a zero of t 3 + (2 - 2t - I = O. The conjugates of p are p = p(I) = 1.247,p(2) = -0.445, p(3) = -1.802 and the discriminant of R is dR = 49. A reduced basis is WI = I, W2 = p, W3 = p2 - 2 yielding the successive minima M I = 3, M 2 = M 3 = 5. These data yield a lower regulator bound Reg (U(R)) ~ 0.45 which is very close to the real value Reg(U(R)) = 0.53. (ii) Let R = £'[p], p a zero of t 4 - 2t 2 - I = O. A reduced basis of R is WI = I, W2 = p, W3 = p3 - 2p, W4 = p2 - I providing M 1= 4, M 2 = M 3 = 4(2)t, M 4 = 8. Hence, we obtain 0.48 as a lower regulator bound whereas Reg(U(R)) = 1.35. If O(R) contains proper subfields then the estimate (6.19) for Reg (U(R)) may be too weak. In that case we need to take into consideration higher successive minima of (6.7). Let M1EIR>o be minimal such that there are independent units el, ... ,e; in U(R) satisfying lIej112::;;M1 (I ::;;j::;;i) for some natural number i. As in (6.17) we set Mo;:=(n/4)(log((MNn)+((M12/n2)-1)1/2))2 and obtain

(6.21)

Theorem

The proof hinges essentially on chapter 3 (3.34) and is left as an easy exercise to the reader. Though (6.21) yields the best lower bound for Reg(U(R)) which we know so far we also present some other explicit bounds at the end of this section. From the results of [3], [4] we excerpt Reg(U(R))

~

((

3(1og(ld(R)l/n"))2 (n - I)n(n + I) - 6t

)r -2'

ny~

)1/2

(6.22)

in case O(R) is primitive over iQ and Id(R)1 > n°. Moreover, for t = 0 and n::;; II the constant n" in (6.22) can be replaced by 41"/21. If R contains proper subrings, the units of those subrings must be taken into consideration (compare Satz XII of [3]). The results in [3], [4] were stated only for maximal orders R but the methods also apply to non-maximal orders. Lower regulator bounds can also be obtained by means of Analytic Number Theory. The best known result is due to Zimmert [14]. Satz 3 of

Computation of fundamental units

367

his paper states for arbitrary l' > 0 and a maximal order R of a field F of degree n = s + 2t: Re g (U(R)):>-(I+1')(1+2 1' )r(I+ )'+'r(~+ )'2- S - ' -,/2 # TU(R) 7 2 l' 2 l' n

(I

r' -2+ 1') +ty r' ( xexp ( (-1-1') ( (s+t)r

2 1)).

1+21') +:Y+l+1'

(6.23)

This estimate yields good results for n ~ 6 and small discriminants. Optimal values for l' are in the interval (0, I). Unfortunately Zimmert's result does not depend on specific data of the field F, e.g. its discriminant. We close this section by presenting also an upper estimate for the regulator of a field F of degree n = s + 2t and discriminant dF • Using an idea of Landau Siegel [9] proved by analytic methods

< 2 -S4(2n)-,(be log IdFI)n-lldFI-l:

Reg F for b = (I

(6.24)

n-l

#TU(F)

+ log nl2 + (tin) log 2) - I. Exercises

I. Let IX, (J I' ... ,firE fR and

n~ ~

I

Pi # o.

2. Let R be totally real. Then for all

Prove

eE U(R)\ TU(R)

L (log le(})lf ~ 11 n

j~1

(

we have

1+ 5 log-t

2

)2 .

(This result is obtained in [4] in a completely different way.) 3. Let p be a zero of t4 + t 3 - 3t 2 - t + 1 = o. Show that p, p + 1, p - 1 are a system offundamental units in l'[p]. (On the other hand, the iQ-rank of "'(1), "'(p), "'(p + I), "'(p - 1) is only two.) 4. Compute a lower regulator bound for R = l'[PJ, p a zero of t 4 + 2t 2 + 2 = 0, and compare it to Reg(U(R)). 5. Show II "'(ek ) II :S.:; 1I!/J(eH')1I for eEU(R) and kEl'''o.

6. Prove (6.21) and apply it to example (6.20) (ii) for i = 2.

5.7. Computation of fundamental units From the two previous sections we assume that we can determine as many units EE U(R) as will be needed and that we know a lower regulator bound for Reg(U(R)). The computation of fundamental units will then be carried out in three steps. In step I we produce r independent units 'It, ... , fir of R.

368

Units in algebraic number lields

In step II we use additional units for a potential enlarging of the subgroup V~:= TV(R) x ('II) x ... x ('1r) of V(R). Finally, in step III we determine V(R) from V,,. Because of step II the last step will usually be a verification of V(R) = V~. In extensive calculations of fundamental units the groups V" and V(R) turned out to be different after step II only in about 3% of all cases.

Step I: construction of r independent units

°

assume that we know already ~ m < ,. independent units '1j(1 ~ i ~ m; mEZ"o), hence also b j := L 2 ('1j) and the corresponding orthogonal vectors bt (compare (6.1), chapter 3 (3.24». Each time a new unit 'IE V(R)\ TV(R) is found by (5.25) we set bm + 1= L 2 ('1) and compute b!+ I' In case ofb!+ 1= 0 we increase m by 1. In this way we proceed until m = ,. is obtained. Then we

We

easily calculate r

Reg(V~(R»=

n IIbtll

j=

I

for V~(R)= (TV(R),IJI,""'1,).

We note that it can be difficult to check whether the (floating point) vector b!+ I is zero. Because of n~= III bt II ;:;, Reg(V(R» (for which we know a positive lower bound) the II bt II cannot be too small in general. If we must assume a linear dependence, however, we either search for another unit IJ or we proceed as in step II.

Step II: enla,.ging of Vq(R) After the computation of a subgroup V,,(R) = (TV(R), '11, ... ,llr) of V(R) of finite index we try to enlarge this subgroup by additional units '1r+ I in case the quotient of Reg(V~(R» and of a lower bound for Reg(V(R» obtained by the methods of section 6 is still ~ 2. Applying chapter 3 (3.48) to L 2 (lJj) (\ ~ i ~,. + \) we get integers m l , ... , mr+ I subject to L~;!": Imd > 0, L~;!": "jL 2 (1J;) = 0 and units iii"'" iir such that V,lR) = (TV(R), iii"'" iir)3lJj (\ ~ i ~ r + \). If V q is not enlarged for - let us say - five more units we assume V q (R) = V(R) and proceed to step III.

Step III: computation of a system of fundamental units As an easy consequence of the fundamental theorem on finitely generated abelian groups we obtain:

Theorem (7.\) Let '1 I"'" IJk (0 ~ k < ,.) be part of a system of fundamental units of R. Then IJk + I E V(R) also belongs to that system, if and only if the equation '1k+ I = ('IT'" ... '1J':"w m

((E TV(R); mj, mEZ, \ ~ i ~ k; WE R)

(7.2)

is unsolvable for Im I ;:;, 2. A proof is easily derived from the elementary divisor theorem and chapter

369

Computation of fundamental units

3 (2.9) (see exercise 1). We note that for k = 0 the theorem gives a criterion, whether '11 is a fundamental unit. The theorem will be suited for constructive purposes only if we can test the solvability of (7.2) in finitely many steps. If (7.2) is solvable, then W is clearly a unit. Therefore we can assume m > 0 without loss of generality. Next we can choose the mj to be non-positive and greater than - m by replacing the solution W by W

n '1/ m;/ml n '1/ mdm1 . k

k

j= I mi>O

mj .Q(R) and the polynomial t Pi - I] I ER[t] is irreducible (I Do: OM OliO. (ii) For oEDs lVe have S/o ~ 0/0 II o. (iii) Every ideal 0 (!f Do has ill 0 a unique presentation liS a product : R[p] -4 R[t]/ J(t)R[t]: h(p) f-+ h(t) +J(t)R[t], where h is an arbitrary polynomial of R[t]. We have to show that is a well-defined homomorphism, that ker = pR[p] and that is surjective. The latter is, of course, obvious as well as the fact that is a homomorphism. To show that is well defined we take hi, h2ER[t] such that hl(p) = h2(P). This implies in R[t]: hl(t) - h2(t) = q(t)f(t) + r(t) with deg(r) < deg(f) sincef was monic. The specialization tf-+ p yields r(p) = 0 and therefore r = 0 because of the irreducibility off. Applying - to the equation above we obtain in R[t]: hl(t) - h2(t) = q(t)J(t), hence (hl(p)) = (hAp)). To determine ker let h(p)ER[p] such that (h(p)) = O. This implies h(t) = ij(t)J(t) for some polynomial ij(t)E R[t], hence h(t) = q(t)f(t) + r(t) with r(t)EpR[t] in R[t]. The specialization t f-+ P then yields h(p) = r(p)EpR[p]. On the other hand, for h(p)EpR[p] we have h(t)EpR[t] and therefore h(t) = OER[t]. Because of (2.28a) it suffices to determine the prime ideals of R[t]/ J(t)R[t]. But R[t] is a principal ideal ring and the only irreducible elements of R[t] dividing J(t) are !I (t), .. . ,J,(t). Hence, /;(t)R[t] are the only prime ideals of R[t] lying over J(t)R[t] implying that /;(t)/ J(t)R(t) generate exactly the non-zero prime ideals of R[t]/ J(t)R[t] (\ ~ i ~ r). Let us denote the isomorphism of(2.28a) by . Then obviously - I (/;(t)/ J(t)R[t]) generate all non-zero prime ideals of R[p]/pR[p]; they are of the form fj(p)R[p ]/pR[p]' Hence, we obtain that all prime ideals of R[p] which contain p R[p] are fj(p)R[p] + pR[p] (I ~ i ~ r). Now our premise Sp + Ij = Sand (2.26) imply that all prime ideals of S lying over Sp are given by (2.28b) It remains to show

f(ll3;1 p) = deg (j~), e(Il3;1p) = ej (\

~; ~

(2.28c)

r).

(2.28d)

The proof of (2.28c) is as follows: N(p)f('llM

= IR/pl(s/'ll;R/p) = IS/ll3il = IR[p]/ll3jnR[p]1 (by (2.26)) =

I(R[p ]/pR[p ])/((ll3i n R[p] )/pR[p ])1

= I(R[t]/!(t)R[t])/(/;(t)R[t]/J(t)R[t])1 = 1R[t]//;(t)R[t] 1 = IR/pldegU;).

(by (2.28a))

The class group of algebraic number fields

392

For the proof of (2.28d) we show ei ~ e('l3ilp) at first. Namely, we have r

r

n 'l3f' = n (pS + fi(P)St' ~ pS + fl(p)e

i~

I

i~

of aOF + b - I POF (a, bEN, PEO F, Pi: 0) are

in I-I-correspondence. Using (3.15) we obtain the following chain of equivalences: b - 1 a:= aO F + b - 1 POF has P(ab)-normal presentation (a, b -I p)

¢>vp(P> - vp(b) = vp(b-'a):>( vp(a) ¢>vp(P} = vp(a):>( vp(a)

+ vp(b)

VpEP(ab)F

VpEP(ab)F

¢>a = aboF + POF has P(ab)-normal presentation (ab, Pl.

0

We note that the underlying set P of prime numbers - P(ab) in (3.21) - has

404

The class group of algebraic number fields

to be finite for the application of the Chinese remainder theorem. Hence, P-normal presentations in the generality of definition (3.14) need not always exist. Unfortunately the proof of (3.21) is not suitable for constructive purposes, either, since it makes use of prime ideal factorizations which are difficult to obtain in general. In the sequel we therefore develop other methods of determining normal presentations of ideals. A first step into this direction is the following criterion. (3.22) Lemma Let aE N, rxEO F, II. =1= 0, and a = aO F + rxo F. Then (a, 11.) is a P(a)-normal presentation of a, if and only if

gc

d(

min(rxoFIIN»)_ - 1. gcd(mm(rxoFII N), a)

a,.

(3.23)

Proof

We note that condition (3.23) means that for every prime number p which divides a and for which pk divides min (rxOF II N) also pk divides a, i.e. the exponent of p has to be larger for a than for min (rxOFII N). Using (1.11) we obtain for m:= min (rxo FII N): mO F

=

n

n

p"p(m)

pEP(a)f'

q"q(m),

(3.24)

qE(P\P(a))F

with vp(m)

~

vp(rx),

vq(m) ~ vq(rx) ~ O.

Hence, if (3.23) is satisfied, we have 0= min (vp(a), vp(m) - min (vp(m), vp(a»)

for all pEP(a)

and therefore vp(m):S;; vp(a) because of vp(a) > 0 for all pEP(a)F' This yields vp(rx):s;; vp(a) for all pEP(a)F' and (a, 11.) is a P(a)-normal presentation of a. On the other hand, let (a, 11.) be a P(a)-normal presentation of a and let us again assume (3.24). For qE(p\P(a»F clearly via) = 0, hence min (vq(a), vq(m) - min (vq(m), vq(a») = O. To establish (3.23) it therefore remains to show that min (vp(m), vp(a» = vp(m) for all pEP(a)F' For this purpose we factorize minto m = bd such that

bOF --

n

p"p(m) ,

dO F

np

pEP(a)F

q"q(m), I

qE(P\p(a))F

and gcd(b, d) = 1. Then we obtain ado F =

n

=

pEP(a)F

"p(a)

n

q "q(m) £; 11.0 F

qE{P\P(a))F

because of vp(a) ~ vp(rx), vq(m) ~ Vq(rx). But m = min (rxo F II N) implies mlad (otherwise ad = Q(ad,m)m + R(ad,m) and R(ad,m) would be a smaller natural

Ideal calculus

405

number than m in OW F). This of course yields bla and therefore vp(m)::::; vp(a) for all pEP(a)F· 0 This criterion is very useful for a normalization procedure. Because of the second part of the proof of (3.21) it suffices to develop such a procedure for integral ideals a = aO F + (X0F (aE N, (xEO F, (X i= 0). We remark that the trivial cases a = 0 or (X = 0 have obvious normalizations: a = aOf" has the P(a)-normal presentation (a, a); a

= (x0f"

has the P(I N((X) I)-normal presentation

(3.25a)

(I N((X)I, (X).

(3.25b)

In the general case we know that a has a P(a)-normal presentation, i.e. only the generator (X must be changed appropriately. We already noted that the straightforward method of the proof of (3.21) is not to be recommended. Instead we use a probabilistic approach which turned out to be highly successful in actual calculations. To obtain an appropriate element (x' from (X such that (a, (X') is a P(a)-normal presentation of a = aOf" + (X0F it suffices to consider elements (3.26a)

e e

Hence, we just search for potential candidates among those elements of Of" whose coordinates in the given integral basis are small, i.e. we choose bounds SjEN (I::::; i::::; n) such that the coefficients of in (3.26b) satisfy

Ixd ::::; Sj

(I::::; i ::::; n).

(3.26c)

This yields the following 'heuristic' algorithm.

Algorithm for the computation of a normal presentation of an ideal

(3.27)

Input. An integral basis WI' .•• ' Wn of OF' (xEO F, aEN, bounds Sj (1 ~ i ::::; n). Output. Either a P(a)-normal presentation (a, (X') of a = ao f · + (x0f" or 'No normal presentation found'. Step 1. (Initialization). Set Vj~ - Sj - 1 (I ~ i ~ n). Step 2. (Change of v-coordinates). Set i ~ n. Step 3. (Increase vJ Set vj . - Vj + I. For vj > Sj go to 5. Step 4. (Construct (X'). Set (X' ~ (X + aI:7= I VjWj and check, whether (3.23) holds for (a, (X'). If this is the case, print solution (a, (X') and terminate. Else go to 2. Step 5. (Decrease i). For i = 1 print 'No normal presentation found' and terminate. Else set Vj ~ - Sj - I, i ~ i - I and go to 3. Remarks

The algorithm should be carried out only if (a, (X) is not yet a P(a)-normal

406

The class group of algebraic number fields

presentation. In case of (l/a)exEo F we obviously have the solution ex' = a (see (3.25a)) and should therefore not use the algorithm. The bounds Si should be less than a of course. Making use of the second part of the proof of (3.21) the algorithm can also be used to compute a normal presentation of a fractional ideal. Generally the computation of 2-element respectively 2-element-normal presentations of ideals in connection with class group computations is much easier. Namely, for those prime numbers p not dividing the index (OF:Z[P]) theorem (2.27) yields a 2-element presentation for those prime ideals p containing PDF in the form p = PDF + exo F, ex = g(p), where g(t)EZ[t] is a monic polynomial dividing the minimal polynomial of pin pZ[t]. Clearly, (p, g(p)) is a P(p)-normal presentation of p, if the ramification index e = ep of p is greater than one. For e = 1 it is still a P(p)-normal presentation in case of g(p)¢p2. The latter can be easily tested. Finally, for e = 1 and g(p)Ep2 a P(p)-normal presentation of p is given by (p, g(p) ± p). Prime numbers p subject to pl(OF:Z[P]) are somewhat more difficult to deal with. Similarly to (2.27) we obtain a factorization of PDF into ideals ai (1 ~ i ~ k) of the form ai

= PDF + fi(p)OF

(flt)EZ[t] monic and non-constant).

(3.28)

Then we need to test whether those ideals a i are prime ideals. Since the non-zero prime ideals of OF are maximal the following proposition is immediate.

Proposition For any non-zero proper ideal a of OF we have

(3.29)

(i) a is a prime ideal, if and only if a + xO F = OF for all XEO F\ a. (ii) All y, ZEO F subject to y - ZEa satisfy YOF + a = ZOF + a. (iii) YOF + a = - YOF + a for all YEO F. Because of (3.29) (ii) it suffices to check all x of a complete residue system of 0F/a in (i), whether XO F+ a = OF' and (iii) further restricts the number of elements x to be tested. A complete residue system of 0F/a is given by the elements of (compare (3.6a))

h..

-~
. .j:>.

V>

""" 0"""

6.1 (Contd.) discriminant dF

coeff. of gen. polyn. a(i), i = 1 , ... ,6

int. basis

five fund. units e(i), i = 1, ... ,6

703493

1, - 7, - 2,14, - 5, - 1

722000

1,- 6,-7,4,5,1

l,p, _2+p+p2, -3p + p2 + p3, 2 - 4p - 3p2 + 2p3 + p4, _ J + 5p - 5p2 _ 4p3 + 2p4 + p5 l,p, _ 2 + p2, -1-4p + p3, 2 - p - 5p2 + p4, 3 + 6p - 2p2 _ 6p3 + p5 J,p, _2+p+p2, _ 1 _ 3p + p2 + p3, _ 3p - 2p2 + 2p3 + p4, 2 +4p - 6p2 _4p3 + 2p4 + p5 l,p, _3+p+p2, _ J - 6p + p2 + p3, 3 + 4p - 8p2 + p4, #11- 36p - 39p2 + 2p3 + 7p4 + p5) l,p, _2+p2, 1_4p_p2+p3, 3 + p - 5p2 - p3 + p4, _ 2 + 7 p + 3p2 _ 6 p 3 _ p4 + p5 l,p, -2+p +p2, - 2 - 2p + 2p2 + p3 _ 5p _ p2 + 3p3 + p4, _ 1 + 5p - 3p2 _ 4p3 + 2p4 + p5

0,1,0,0,0,0 1, - 1,0,0,0,0 0,1, - 1,0,0,0 1,0, - 1,0,0,0 0,0,1,0,0,0 0,1,0,0,0,0 1, - 1,0,0,0,0 1,1,0,0,0,0 1,1,0, - 1,0,0 0,1,1,0,0,0 0,1,0,0,0,0 1, - 1,0,0,0,0 1,1,0,0,0,0 0,1,0, - 1,0,0 0,0,1,0,0,0 0,1,0,0,0,0 1, - 1,0,0,0,0 23, - 23,7,28,17, - 50 -16,13, - 5, - 9, - 6,19 1,1,0,0,0, -1 0,1,0,0,0,0 1, - 1,0,0,0,0 1,1,0,0,0,0 1,1, - 1,0,0,0 1,1,1,0,0,0 0,1,0,0,0,0 1, - 1,0,0,0,0 1,1,0,0,0,0 0,1, - 1,0,0,0 1,0, - 1,0,0,0

810448

820125

3,- 2, - 9,0,5,1

0, -9,4,9,- 3,-1

905177

1, -7, -9,7,9,-1

966125

3,- 3,-10,3,8,-1

RF

5.71

6.41

»-

'0 '0

6.89

'"c.. = ~.

Z c: 3 ~

6.28

n' ~

;; a"

if 6.91

7.43

980125

0, - 9,9,4, - 3, - 1

1075648

6,8, - 8, - 13,6,1

1081856

1134389

1202933

0,-6,2,7,-2,-1

I, - 6, - 7,5,6,1

I, - 6, - 2,6,0,-1

l,p, -3 +p+p2, - 2 - 5p + 2p2 + p3, 1 + 3p _7p2 + p3 + p4, - 1 - 3p + 10p2 _ 8p3 + p5 l,p, -1 +2p+p2, -2+ 3p2 + p3, - 1 - 4p + 2p2 + 4p3 + p4, 1 - 5p - 5p2 + 5p3 + 5p4 + p5 l,p, _2+p2, _ 1 _ 3p + p2 + p3, 2 - 2p _ 4p2 + p3 + p4, 5p _ 2p2 _ 5p 3 + p4 + p5 l,p, _2+p2, _1_4p+p2+ p3, 4 + 3p - 5p2 - p3 + p4, 3 + 7 p - 2p2 _ 6p3 + p5 l,p, _2+p+p2, _1_4p+p2+p3, 2 - p - 5p2 + p3 + p4, 6p _ 2p2 _ 6p 3 + p" + p5

0,1,0,0,0,0 I, - 1,0,0,0,0 4,3,1,1,2,1 0,0,0,1,0,0 8,17,10, - 36,22,30 0,1,0,0,0,0 I, -1,0,0,0,0 1,1,-1,0,0,0 0,1,-1,0,0,0 1,0, - 1,0,0,0 0,1,0,0,0,0 I, - 1,0,0,0,0 1,1,0,0,0,0 I, - 1,1,0,0,0 1,0, - 1,0,0,0 0,1,0,0,0,0 I, - 1,0,0,0,0 1,1,0,0,0,0 1,1,1,0,0,0 I, - 1,1,0,0,0 0,1,0,0,0,0 I, - 1,0,0,0,0 1,1,0,0,0,0 1,0,1,0,0,0 0,1,1,0,0,0

7.12

7.70

>-

"0 "0

'"c..

::I

7.76

..;;.

Z c: 3 ~

('i.

2:-

7.82

0;; (J

if 8.74

t .....

448

Appendix: Numerical tables

6.1 Fundamental units of the sextic field with two complex conjugates and minimum discriminant coefT. or gen. polyn. a(i). i= 1•...• 6

-92779

1.-2.-3.-1.2.1

rour rund. units in!. basis

e(i). i= 1•...• 6

I.p. _I +p2. _ 2p + pl. _ 2p2 + p4. 2 + P _ p2 _ 3pl + p'

0.1.0.0.0.0 I. - 1.0.0,0,0 1.1.0.0.0,0 0,1, - 1,0.0,0

1.26

6.3 Fundamental units of the sextic field with four complex conjugates and minimum discriminant coefT. or gen. polyn.

28037

three rund. units

a(i), i= 1, ... ,6

int. basis

e(i), i= 1, ...• 6

Rf

2,0, - 3,0,2. - I

I.p. p+ p2. _ I + P + 2p2 + pl. _ P + p2 + 2pl + p4. I - 2p - 2p2 + 2pl + 3p4 + p'

1.0. -1.0.0.0 I. - 1,0,0,0,0 1.1.0.0,0.0

0.48

6.4 Fundamental units of totally complex sexticfields with Idfl < 13100 two rund. units

coefT. or gen. polyn.

Rf

discriminant df

a(i). i= 1, ... ,6

int. basis

e(i). i= 1•... ,6

-9747

0.1,1,-2.-1,1

0,0.0.0,0.1 1,1.-1.1.2.3

0.60

-10051

1.2.2,2,2.1

0,1.0.0,0.0 1.1,0.0,0,0

0.21

-10571

2.2.1.2,2.1

0.0,- 1.0.1,0 0.0,-1.0,1,1

0.21

-10816

2.0. - 2. - 1,0.1 1,-1,0,0,-1,1

0, I,0,0,0.0 1,1,0,0,0,0 0,1,0,0,0,0 I, - 1,0,0,0,0

0.43

-11691

I,p. p2. P + pl. _ I + p + 2p2 + p4. _ I _ 2p + p2 + pl +p' I.p, p2. p + p" p2 + p4. pl + p5 I.p, p2, p2 + pl, I + p2 + pl + p4, 1+ 2f + p4 + p' I,p.p. pl.p4,p' I,p, p+p2, p2 + pl, pl + p4, _ I + p2 + p4 + p'

0.69

(Contd.)

449

Appendix: Numerical tables

6.4 (Contd.) cocO'. of gcn. polyn. discriminant tiF

a(i). i= 1•...• 6

-12167

3.5.5.5.3.1

-14283

1.1.2.1.0.1

-14731

1.0.-1.-1.0.1

-16551

2.2.3.3.1.1

-16807

1.1.1.1.1.1

-18515

0.2.1.2.0.1

-19683

0.0.1.0.0.1

- 20627

1.1.2.2.1.1

-21168

I. - 2. -1,4. - 3.1

int. basis

I.p. 1+ P + p2. p+p2+p3. I + P + 2p2 + 2p3 +p4. 2p + 2p2 + 3p3 +2p4+p5 I.p. p2. 1+ p3, p+p\ p + p2 + p3 + p4 + p5 I.p. p2. p3. p3 + p4. _I _ P + p3 + p4 +p5 I.p. p+p2. 1+ p2 + p3. 2 + 2p + 2p2 + 2p3 +p4. _I + p + p2 + p4 +p5 I.p. p2. p3. p4. p5 I.p. 1+ p2. P +p3. 1+ p + p2 + p4. P + p2 + 2p3 + p5 I.p. p2. p3. p4. p5 I.p. p2. 1+ p3. p+p4. P + p2 + p4 + p5 I.p. -I +p +p2. -I + 2p2 + p3. 2 - 2p + 2p3 + p4. - 2 + 4p _ p2 _ 2p 3 + p4 + p5

two fund. units e(i). i= 1•...• 6

RF

0.1.0.-1.0.1 0.0.0.0.0.1

0.24

0.1.0.0.0.0 1.1.0.0.0.0

0.80

0.1.0.0.0.0 1.1.0.0.0.0

0.28

0.1.0.0.0.0 1.1.0.0.0.0

0.93

1.1.0.0.0.0 1.-1.1.0.0.0.

2.10

0.1.0.0.0.0 0.0.1.0.0.0

0.33

1.1.0.0.0.0 1.0.1.0.0.0

3.40

0.1.0.0.0.0 1.0.1.0.0.0

0.39

0.1.0.0.0.0 I. - 1.0.0.0.0

1.12

(Contd.)

450

Appendix: Numerical tables

6.4 (Contd.)

discriminant d,

coelT. of gen. polyn. a(i), i = 1, ... ,6

-21296

1,2,3,2,1,1

two fund. units in!. basis

e(i), i = 1, ... ,6

R,

I,p,

-1,-1,0,1,1,1 0,1,0,0,0,0

0.31

0,1,0,0,0,0 1,1,0,0,0,0

0.31

0,1,0,0,0,0 1,1,0,0,0,0

0.15

I,p, I +p2,

0,1,0,0,0,0 0,0,1,0,0,0

1.26

If'

I, - 1,1,0,0,0 1,1,0,0,0,0

0.39

0,1,0,0,0,0 1,0,1,0,0,0

1.19

p2, l+p+p3, p + p2 + p4, p2 + p3 + p5, - 22291

1,0,1,1,0,1

I,p,

p2, I +p3, 1+ p + p3 + p4, p+ p2 + p4 + p5 -22592

0, -1,0,2,2,1

I,p,

p2, _p2+p3, 1+ p- p3 + p4, 2+ 2p _ p3 + p5 -22101

1,4,4,5,3,1

2p + p3, 2 + p + 3p2 + p4, 1+ 2p + p2 + 3p3 + p5 -22141

1,0,2,1,-1,1

p, 1+ p2 + p3, -I +p+p4, - I +p+p2+ p4 +p5 -23031

0,1,1,1,2,1

I,p,

e

2,

p3, p+p4, 1+ p2 + p5

7.1 Fundamental units ofthe totally real seventh degreefield with minimum discriminant coelT. of gen. polyn. a(i),i= 1, ... ,1

20134393

in!. basis

I, - 6, - 5,8,5, - 2,-1

six fund. units e(i), i= 1, ... ,1 - 2, - 4,4,5, - I, - 1,0 - 2,1,8,- 4,- 6,1,1 -3,2,15,-4,-12,1,2 0, I,0,0,0,0,0 - 2,0,1,0,0,0,0 2,2, - 8, - 1,6,0, - I

R, 14.45

8 Integral bases We present two examples for the computation of the maximal order of an equation order by the embedding algorithm of chapter 4, section 6. 1. For Itt) = til + 10It i0 + 4151t 9 + 81851t B + 916826t 7 + 4621826t 6 - 5948614t 5 - 1131 11614t4 - I 2236299t 3 + 1119536201t 2 -1660153125t - 332150625

451

Appendix: Integral bases we obtain the reduced discriminant

d,(f) = 81025653391191575101440000 = 212 x 3 12 X 54 X 29 4 x 82231 and the discriminant

d(f) = 2 130

X

3 12

X

5 12

X

29 18

X

82231 6

The algorithm produces: p=2

idempolellls

-1421478951492431/256~IO +86970691 5501 33/32C +959425090967179f128~8 -140484061 157699/32C - 654028913747701/128~6 - 139900389254233/32~5 - 3264518827489/4~4 - 234oo5131717649/32~J - 650184017173519f256~2 + 33744914112585/4~ - 333711335100551/128

1421478951492431/256~1 0

- 86970691550133/32~9 - 959425090967179/128~8 + 140484061 157699/32C + 654028913747701/128~6 + 139900389254233/32~5 + 3264518827489f4~4 + 234oo5131717649/32~J + 650184017173519/256e - 33744914112585/4~ + 333711335100679/128

lire faclorization 17 + 8511627172651 6 + 143296653482851 5 + 23221573318851 4 + 1082290121011I J + 31967940825951 2 + 21006435379991 + 15204983818911. 14 + 167410233272521 J + 29829686280061 2 + 84805826600201 + 809919201793.

furllrer idempolellls 390730948745463/128~6 - 1974053779852231/64~5 - 746745761669899f128~4 -191811737241957/32~J - 1004454580604047/128~2 - 179581618641623/64~

- 433530700975229/128. - 390730948745463/128~6 + 197405377985231/64~5 + 746745761669899/128~4 + 191811737241957/32~J + 1004454580604047/128~2 + 179581618641623/64~ + 433530700975357/128.

a furllrer faclorizalion 16 + 51964051707341' + 141488314476671 4 + 161092285670281 J + 85079323537511 2 + 11870227502526/ + 10540983492437 1+ 13246943590947.

lire 2-minimai basis WII

WlO

= 1/2048~IO + 1/1024~9 + 1/2048~B + 1/256C + 1/1024~6 - 11/256~J - 99/2048~2 + 25/1024~ + 53/2048 = 1/512~9

+ 1/512~B -

3/256~' - 3/256~4 + 1/64~J

W9

= 1/256~B - 3/128~4 + 1/32~2 - 3/256

+ 1/128~6 +

= 1/128C

= 1/64~6 + 1/64~4 - 5/64~2 + 3/64

W6

= 1/32~' 1/16~4

+ 1/64~2 -

+ 1/32~4 + 1/16~J + + 1/8~2 - 3/16

1/16~2 - 3/32~ - 3/32

w4=1~~J+I~~2_1~~-I~ Wj

= 1/4~2 - 1/4

W2

= 1/2~ + 1/2

WI =

3/512~ - 3/512

1/128~' + 1/128~4 - 5/128~J - 5/128~2 + 3/128~ + 3/128

WB

W7

w, =

+ 7/512~5 + 21/1024~4

1.

p=3 faclors mod 3 16 +1' + 21 3 + 12 + 21 + 1 13 + 12 + I + 2 I.

452

Appendix: Numerical tables

factorizatioll mod 3 24 t 6 + 120783431803t' + 8973604878t 4 + 61904146670t 3 + 31825819645t 2 + 183824600885t + 30301271638 t 3 + 156274299151t 2 + 97643734609t + 173505680846 t 2 + 5371805628t + 22263657813, 3-millimal basis WI I

= 1/729~IO

+ 101/729~9 - 223/729~8 - 358/729C - 34/729~6 - 34/729~' - 34/729~4 - 34/729~3 - 34/nn 2 - 34/n9~

WIO

= ~9

W9 =

~8

W8=C W7

= ~6

W6

=~'

W,

= ~4

W4=~3 W3=e W2

= ~

w l =1

p=5 factors mod 5 t+4 t+I factorizatioll mod 58 t4 + 187926t 3 + 272826t 2 + 260801t + 308101 + 336550t 4 + 176650t 3 + 80725t 2 + 165425t + 246226 t 2 + 256875t + 161875,

I'

idempotellls - 52091/5~4 - 884924/5~J - 871611/5e + 16121/5~ + 278999/5 52091/5~4 + 884924/5~3 + 871611/5~2 - 16121/5~ - 278994/5,

factorizatioll t 4 + 309039t J + 157846/ 2 + 157544t + 347441 t + 27511, idempolelllS - 4543197/25~ - 49587 4543197/25~ + 49588,

factorizatioll 1+725 1+256150,

5-millimal basis WII

WIO

= 1/25~IO + 1/25~9 + 1/25~8 + 1/25C + 1/25~6 + 1/25~' + 1/25~4 + 1/25~3 + 1/25~2 + 1/25~ = 1/5~9

w9 = ~8 W8=C W 7 = ~6

+ 1/5C + 1/5~' + 1/5e + 1/5~

Appendix: Integral bases

(1)6

453

= ~s

Ws =

~4

(1)4

= ~3

(1)3

=~'

W, =~ W, =

I.

p=19

jactors mod 29 /4 + 27/ 3 + 9/' / +28 / + 12,

+ 10/ + 24

jac/oriza/ioll mod 29 8 /4 + 50605465738/ 3 + 52694279576/' + 495928586992/ + 216188927047 /3 + 179037728472/ 2 + 480036204243/ + 194325614858 /4

+ 270603218852/ 3 + 311400732346/ 2 + 383680458976/ + 294504268343,

idempo/elllS 170950383710294/84W - 124930383118041/841~ -170950383710294/841~2

+ 116845930821609/841

+ 124930383118041/841~ - 116845930820768/841,

jac/oriza/ioll /2

+ 235370557884/ + 112494502447

/ + 443913583549, idempo/ellls 3441901651958/29~

- 5081864234391/29, -

3441901651958/29~

+ 5081864234420/29,

jac/oriza/ioll

/ + 300710030106

/ + 434906940739 29-millil1lal has is

w,' =

1/24389~' 0 + 2/24389~9 + 9/24389~8 + 279/24389C + 325/24389~6 - 11199/24389~s - 11647/24389~4 + 9277/24389~3 + 1911/24389~2 + 1329/24389~ 9713/24389

+

w,o = 1/841~9 + 10/841 C - 11/841 ~6 - 153/841~ - 129/841 0)9

+ 90/841 ~s -

1/29~4

+ 379/841 ~3 - 158/841 ~2

- 9/841C + 4/841~6 + 330/841~s - 357/841~4 -- 383/841~3 + 259/841~2 + 5/841~ + 150/841

= 1/841~8

W8 =

1/29C + 10/29~s

tv7 = 1/29~6 W6

=~'

tv,

= ~4

w4

=C

+ 1O/29~4 - 11/29~3 - 3/29~2 + 11/29~ + 11/29 + 9/29~s + 4/29~4 - 12/29~3 - 3/29~2 - 1/29~ + 2/29

tv3 = ~2

tv, = ~

w, = I

llllegral hasis

(~ =

/If )

W,' = 1/910314547200~'0 -

85607/455157273600C + 1352801/910314547200~8 - 921683/1 137893 I 8400C - 84877487/455157273600~6 + 507753959/227578636800~' + 7760693413/455157273600~4 - 741690983/113789318400~J - 19749911299/910314547200~' + 40692408193/455157273600~ - 4064571/49948672

454

Appendix: Numerical tables

ill I0 = 1/2152960~9 + 1/430592~8 - 1/33640C + 7/26912~6 - 223/37120~' + 2533/215296~4 - 8863/269120~3 + 3963/53824~2 + 115901/2152960~ - 43283/430592 ill9 = 1/215296~s + 5/53824C + 1/53824~6 + 155/53824~' + 387/107648~4 - 1437/53824~3 + 5089/53824e 2 + 10173/53824~ - 56719/215296 Ws = 1/3712C + 1/3712e 6 - 39/3712e' - 15/3712e 4 - 197/3712e' + 139/3712~2 + 619/3712~ - 509/3712 ill7 = 1/1856~6 - 5/464~'

+ 1/32~4 +

+ 33/1856~4 + 13/232~3 + 171/1856~2 -109/464~ +

W6

= 1/32~'

W,

= 1/16~4 + 1/8e - 3/16

147/1856

1/16e + 1/16e - 3/32~ - 3/32

w4=1~~3+1~~2_1~~-I~ W3

= 1/4e - 1/4

W2

= 1/2~

+ 1/2

wl=1 The index of the equation order in its maximal order is 2'6 x 36 X 53 X 29 9,

2, For fIt) = d,(f) = = d(f) =

t" - 3080t + 3024 we obtain the reduced discriminant 9147600 24 x 33 X 52 X 7 X 112 and the discriminant 2216 X 3 162 X 5'6 X 7'4 X 11'6,

The algorithm produces:

p=2 idempotents 11/4C 4 + 111/2C 3 + 3~'2 + 14~'1 - 20e'o - 8~49 + 48~48 - 32~47 _ 64~46 + 128e4' - 235/4~36 - 69~35 + 73e 4 - 48C 3 + 8~32 - 96e'1 + 32C o + 64e 2S + 53/2~IS - 101~17 + 84~16 _ 8~I' - 88~14 + 48~13 _11/4~'4

_

111/2~53

_

3~'2

_

14~'1

+

+ 235/4e 6 + 69~35 -73C4 + 48e 33 -84~16+8~I'+88eI4-48~\3+

factorization mod

20~'o

+

8~32

8~49

_

48~4S

+ 96e 31 -

+ 32~47 + 64~46 + 128~4' 32Co - 64e 28 - 53/2~18 + 101e 17

I

28

148t 34 + 64t H + 160t 32 + 128t 31 + 128t 30 + 661 18 + 1881 17 + 16t l6 + 961 1' + 321 14 + 1921 13 + 4 t l9 + 1961 18 + 124t l7 + 961 16 + 481 1' + 641 14 + 641 13 + 1901 + 52,

t 36

+ 60t 35 +

idempotents 97/2~18 _17~17

-97/2~18

+

+ 4~16 -104~I' -

17~17 _4~16

+

104~I'

120~14

-

+ 120~14+

16~\3

16~13

+

+

128~12

128~12

factorizalion

liS + 158t l7 + 8t l6 + 48t l ' t + 38

+ 161 14 + 2241 13 +

Inlegral basis W"

= 1/8~'4

W'4 =

W'3

1/4~53

= 1/4~'2

ill37 = 1/4C 6 ill36 = 1/2~35 ill 3, = 1/~~34

190

+ I,

Appendix: Algorithms

CO IS CO l7

455

=e e

17

l6

=

CO 2 =

e

COl =

I

The index of the equation order in its maximal order is 2S7 Both examples were computed by R. Boffgen of Saarbriicken, who implemented an earlier version of the embedding algorithm on a Siemens 7560 computer. The CUP times were 73 and 1192 seconds. The first polynomial has Galois group M II the second ~ISS' The polynomials were found by B.H. Matzat of Karlsruhe. (References: R. Boffgen, Der Algorithmus von Ford/Zassenhaus zur Berechnung von Ganzheitsbasen in Polynomalgebren, Ann. Vniv. Saraviensis, Ser. Math., 1,3 (1987), 60--129; B. H. Matzat, Konstruktion von Zahl-und Funktionenkorpern mit vorgegebener Galoisgruppe, J. Reine AngelY. M~th. 399 (1984), 179-220).

Algorithms Berlekamp's Comparing elements of small absolute norm with stored ones Computation of class group normal presentation of an ideal resultants successive minima torsion subgroup TV(R) of the unit group VCR) vectors of bounded norm in a lattice all x, yeZ subject to - k ~ ax + by ~ k,lyl ~ k all x, yeZ~O salisfyingj ~ ax + by ~ k Diophant Divisor cascading Equal degree factorization in IF q[t] Embedding an equation order into its maximal order Enlarging sublattices Euclid's (in Z) with presentation of the greatest common divisor Gauss' determining a primitive root General reduction Hermite normal form Horner's LLL-reduction MLLL-reduction Quadratic supplement Symmetric functions

page

85 358 421 405 60

199 348 190 354 357 5 25 81 313 211 3

70 194 180 5

201 209 188 50

REFERENCES

Chapter 1 D.E. Knuth, The Art of Computer Programming, vol. 2, 2nd edn, AddisonWesley, 1981. 2 S. Lang, Algebra, Addison-Wesley, 1971.

Chapter 2 I JR. Bastida, Field extensions and Galois theory. Eneycl. of Math. 22, AddisonWesley, 1984. 2 D. Cantor & H. Zassenhaus, A new algorithm for factoring polynomials over finite fields, Math. Comp., 36 (1981), 58792. 3 N. TschebotarefT, Die Bestimmung der Dichtigkeit einer Menge von Primzahlen, welche zu einer gegebenen Substitutionsklasse gehoren, Math. Ann., 95 (1926), 191228. 4 E. Galois, Oeuvres, v-x and 1-61, Paris, 1897. 5 C.F. Gauss, Werke, vol. 1 (Disquisitiones Arithmeticae), vol. 2 (Seetio Oetava), Gouingen, 1876. 6 D. Hilbert, Gesammelte Abhandlungen, Band 2, 393-400, Springer Verlag, Berlin, 1933. 7 F. Klein, Vorlesungen iiber das Ikosaeder, Teubner Verlag, Leipzig, 1884. 8 D.E. Knuth, The Art of Computer Pro· gramming, vol. 2, sec. edn, Addison- Wesley 1981. 9 R. Land, Computation of P61ya polynomials of primitive permutation groups, Math. Comp., 36 (1981),267-78. 10 S. Lang, Algebra, Addison-Wesley, 1971.

II R. Lidl & H. Niederreiter. Finite Fields. Eneyc/. of Math. 20. Addison-Wesley. 1983. 12 H. Niederreiter. Quasi-Monte Carlo methods and pseudo-random numbers. Bull. of tile AMS, 84 (1978), 957-1041. 13 St. Schwarz, Contribution ala n:ductibilite des polynomes dans la theorie des congruences, Ceska Spolecniet Nauk Prague. Trida Mathematicka Prirodovedecka Vestnik (1939). 1-7. 14 St. Schwarz, Sur Ie nombre des racines et des facteurs irreductibles d'une congruence don nee, Casopis Pro Pestovani Matematiky A Fysiky, Prague V. 69 (1940). 128-45. 15 St. Schwarz, On the reducibility of polynomials over a finite field. Quart. J. Math. Oxford Ser. (2), 7 (1956). 110-24. 16 W. Trinks, Ein Beispiel eines Zahlkorpers mit der Galoisgruppe PSL(3, F 2) iiber C, Manuscript, Univ. Karlsruhe, WestGermany, 1968. 17 H. Wielandt. Finite Permllfation Groups, Academic Press, New York. London. 1964. 18 H. Zassenhaus, The Theory of Groups. sec. edn, Chelsea. 1958.

Chapter 3. I A. Bachem & R. Kannan, Lattices and the Basis Reduction Algorithm, Report 84, 6, Mathematisches Institut, Universitiit zu Koln,1984. 2 H.F. Blichfeldt. A new principle in the geometry of numbers. with some applications. Transa~tions Amer. Math. Soc .• 15 (1914).227-35.

References 3 J.W.S. Cassels, An IlIIroduction ro rhe Geomerry of Numbers, 2nd edn, Springer Verlag, Berlin, Heidelberg, New York, 1971. 4 U. Fincke & M. Pohst, Improved methods for calculating vectors of short length in a lallice, including a complexity analysis, Math. Comp., 44 (1985), 463-71. 5 O. Havas & L. Sterling, Integer matrices and abelian groups; p. 431-56 in Symbolic and Algebraic Compurarion. Lecrure Nores in Compurer Science. 72, Springer Verlag, Berlin, Heidelberg, New York, 1979. 6 R. Kannan & A. Bachem, Polynomial algorithms for computing the Smith and Hermite normal forms of an integer matrix, Siam J. Comput., 8 (1979), 499-507. 7 D.E. Knuth, The Art of Computer Programming. vol. 2, sec. edn, AddisonWesley, 1981. 8 S. Lang, Algebra, Addison-Wesley, 1971. 9 CO. Lekkerkerker, Geometry of Numbers, Wolters-Noordhoff Publishing, Oroningen, and North-Holland Publishing Company, Amsterdam, 1969. 10 A.K. Lenstra, H.W. Lenstra, Jr., & L. Lovasz, Factoring polynomials with rational coefficients, Math. Ann., 261 (1982), 515-34. II M. Mignolle, An inequality about factors. of polynomials, Math. Comp., 28 (1974), 1153-7. 12 D.R. Musser, Multivariate polynomial factorization, JACM, 22, no. 2 (1975), 291308. 13 M. Pohst, On computing isomorphisms of equation orders, Math. Compo 48 (1987), 309-14. 14 J. Renus, Gitterreduktionsverfahren mit Anwendungen auf lineare diophalllische Gleichungssysteme, Diplomarbeit, Universitiit Diisseldorf, 1986.

Chapter 4 I O.E. Collins, The calculation of multivariate polynomial resultants, JACM, 18 (1971),515-32. 2 E. Noether, Abstrakter Aufbau der Idealtheorie in algebraischen Zahl - und Funktionenkiirpern, Math. Ann., 96 (1927), 26-61. 3 M. Pohst, On the computation of number fields of small discriminants including the minimum discriminants of sixth degree fields, J. Number Theory, 14 (1982),99-117.

457

4 M. Pohst, P. Weiler & H. Zassenhaus, On effective computation offundamental units II, Math. Comp., 38 (1982),293-329. 5 H. Zassenhaus, On an embedding algorithm of an equation order into its maximal order for algebraic function fields. To appear in Monatshefte fiir Mathemarik.

ChapterS I U. Fincke, Ein Ellipsoidverfahren zur Liisung von Normgleichungen in algebraischen Zahlkiirpern, Thesis, Dusseldorf 1984. 2 K. Mahler, Inequalities for ideal bases in algebraic number fields, J. Austral. Marh. Soc., 4 (1964), 425-47. 3 M. Pohst, Regulatorabschiitzungen fUr total reelle algebraische Zahlkiirper, J. Number Theory, 9 (1977), 459-92. 4 M. Pohst, Eine Regulatorabschiitzung, Abh. Math. Sem. Univ. Hamburg, 47 (1978), 221-31. 5 M. Pohst & H. Zassenhaus, On effective computation of fundamental units I, Marh. Comp., 38 (1982), 275-91. 6 M. Pohst, P. Weiler & H. Zassenhaus, On effective computation offundamental units II, Marh. Comp., 38 (1982), 293-329. 7. R. Remak, Uber die Abschiitzung des absoluten Betrages des Regulators eines algebraischen Zahlkiirpers nach unten, J. Reine Angew. Marh., 167 (1932),360-78. 8 CL. Siegel, The trace of totally positive and real algebraic integers, Annals of Math., 46 (1945),302-12. 9 CL. Siegel, Abschiitzung von Einheiten, Nachr. Akad. Wiss. Gottingen Marh. Phys. KI. (1969), 71-86. 10 B.M. Trager, Algebraic Factoring and Rational Function Integration, Proc. of the 1976 ACM Symposium on Symbolic and Algebraic Compurarion rSYMSAC 76') pp.219-26. II N. Tschebotareff, Die Bestimmung der Dichtigkeit einer Menge von Primzahlen, we1che zu einer gegebenen Substitutionsklasse gehiiren, Marh. Ann., 9S (1926), 191228. 12 H. Zassenhaus, On Hensel Factorization I, J. Number Theory, I (1969), 291-311. 13 H. Zassenhaus, On the units of orders, J. Algebra, 20 (1972), 368-95. 14 R. Zimmert, Ideale kleiner Norm in Idealklassen und eine Regulatorabschiitzung, Invenr. Math., 62 (1981), 367-80.

458

References

Additional references 15 1. Buchmann, On the computation of units and class numbers by a generalization of Lagrange's algorithm, J. Numher Theor'y, 26 (1987), 8-30. 16 J. Buchmann, Generalized continued fractions and number theoretic computations, Bericht Nr. 269 der math.-stat. Sektion in der Forschllll{jsf/esellsc!wjt Joanneum, Graz, 1986. 17 B.N. Delone & D.K. Fadev, The theory of irrationalities of the third degree, Amer. Math. Soc. TrallSl. of Math. Monographs 10, 1964. 18 V. Ennola & R. Turunen, On totally real cubic fields, Math. Comp., 44 (1985), 495519. 19 E.L. Ince, Cycles of reduced ideals in quadratic fields, reissued by Cambridge University Press, London 1968. 20 H.W. Lenstra Jr., On the calculation of class numbers and regulators of quadratic fields, Lond. Math. Soc. Lect. Note Ser. 56 (1982), 123-50. 21 D. Shanks, The infrastructure of real quadratic fields and its applications, Proc.1972 Numh. Th. COIlf., Boulder (1972),217-24. 22 R.P. Steiner, On the units in algebraic number fields, Proc. 6th Manitoha CO'lf., Num. Math. (1976), 415-35.

23 H.C. Williams, Continued fractions and number theoretic computations, Rocky Mountain J. Math., 15 (1985), 621-55. 24 H.G. Zimmer, Computational problems, methods and results in algebraic number theory, Springer Lect. Notes ill Math. 262 (1972).

Chapter 6 I U. Fincke, Ein Ellipsoidverfahren zur Losung von Normgleichungen in algebraischen Zahlkorpern, Thesis, Diisseldorf 1984. 2 U. Fincke & M. Pohst, A procedure for determining algebraic integers of given norm, Proc. Eurosam 83, Sprillger Lecture Notes ill Computer Science 162 (1983), 194-202. 3 K. Mahler, Inequalities for ideal bases in algebraic number fields, J. Austral. Math. Soc., 4 (1964), 425-47. 4 D.A. Marcus, Number Fields, Universitext, Springer Verlag, New York, Heidelberg, Berlin, 1977. 5 M. Pohst & H. Zassenhaus, Ober die Berechnung von Klassenzahlen und Klassengruppen algebraischer Zahlkorper, J. Reine Angew. Math., 361 (1985), 50-72. 6 c.L. Siegel, Ober die Klassenzahl quadratischer Zahlkorper, Acta Arithmetica, 1 (1935), 83-6.

INDEX

Abel, N.H., 38 absolute valuation, 234 active (side condition), 364 aleatoric (construction of finite fields), 73 algebraic equation, I integers, 22, 246 number field, 327 numbers, I ordering, 232 of a group, 235 sum, 42 algebraically decomposed, 36 ordered group, 235 ring, 230 semiring, 232 algorithm, I amalgamation (of R-bases), 305 a-maximal, 304 antisymmetric see skew symmetric a-overorder, 303 archimedian ordered, 249 valuation, 231 arithmetic radical, 292 Artin, E., 87, 97 Artin-Schreier, 104 generators, 106 normal form, 39 theorem of, 79 associate, 20, 24, 330 automorphism, 16 Banach, St., 255 basic parallelotope, 351 symmetric functions, 30, 48, 50

basis, 9 normalized, 237 of a free module, 177 of a subset of a factorial monoid, 24 theorem for finite abelian groups, 285 Bastida, 1. R., 87 Berlekamp's method, 83-5 Bernstein, L., 329 bilinear form, 308 Blichfeldt, H.F., 199 blocks of imprimitivity, 144 Boifgen, R., 455 Bring-Jerrard normal form, 39 Buchmann, J., 329 Cantor, D., 83 Cayley matrix representation, 163 tebotarev see TschebotarefT ceiling, 411 principal, 412 central idempotent, 41 centralizer, 170 characteristic, 225 equation, 34 polynomial, 17, 34, 55 Chevalley's lemma, 241 theorem, 243 Chinese remainder theorem, 45 Cholesky, 188 decomposition, 189 class group, 287 matrix, 414 computation procedure, 421-3 number, 378, 380, 384 semigroup, 289 Collins, G.E., 319, 325, 347 comaximal, 306

460 common divisor, 27 inessential discriminant divisor, 318 multiple, 27 commutative ring, 6 constructively given, 6 companion matrix, 349 comparable, 248 complex quadratic field, 329 conductor, 388 conjugate, 19, 329 connecting R-module, 170 constant polynomial, 10 convex, 212 body theorem of Minkowski, 213 core algorithm, 323, 324 cyclic module, 309 cyclotomic . equation, 157 field, 159 polynomial, 159 units, 160 Dade, E.C., 291, 313 decomposed, 36 Dedekind, R., 221, 253, 273 criterion, 295 domain see ring ring, 221, 253, 265-278 test, 316, 317 decomposition of prime ideals, 390 in quadratic fields, 393, 394 degree of an algebraic number field, 327 of a polynomial, 10 of inertia, 386 theorem, 13 valuation, 248 .5-element, 322 .5-split, 320 .5-uniform, 321 dependent (units), 331 derivation (of a ring), 26,91-3 deterministic methods (for constructing finite fields), 77-80 Deuring, M., 171 dimension (of a lattice), 187 Diophantine analysis, 4 direct sum (of modules), 8 Dirichlet, P.G.L., 273, 377 (Unit) Theorem, 334 discrete valuation, 251 discriminant composition formula, 122 ideal, 121, 292 of an algebraic number field, 329 of a lattice, 187 of a module, 122 of a polynomial, 34,49,61, 62

Index of cyclotomic polynomials, 161 divisible group, 243 divisibility, 20, 23 division ring, 235 with remainder of integers, 2 of polynomials, 10, II divisor cascade, 24 domain of rationality, 29 dual basis, 281, 337 -index rule, 292 Eisenstein, G., 221, 258 extension, 260 polynomial, 258 element = .5-element, 322 elementary changes, 310 divisor, 184 form presentation, 284 ideal,284 normal form, 184 ideals, 282 matrices, 178 equal degree factorization, 81 equivalence, 20, 23 of matrix representations, 165 of permutation representations, 142 equivalent pseudo valuations, 235 Euclidean algorithm, 3, 4 ring, 21 Euler