Abstract Algebra Theory and Practice

Abstract Algebra
Theory and Applications
Abstract Algebra
Theory and Applications
Thomas W. Judson
Stephen F. Austin State University
Sage Exercises for Abstract Algebra

Robert A. Beezer
University of Puget Sound
August 12, 2015
19972015
Thomas W. Judson, Robert A. Beezer
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License,
Version 1.2 or any later version published by the Free Software
Foundation; with no Invariant Sections, no Front-Cover Texts, and
no Back-Cover Texts. A copy of the license is included in the appendix entitled GNU Free Documentation License.
Acknowledgements
I would like to acknowledge the following reviewers for their helpful

comments and suggestions.
David Anderson, University of Tennessee, Knoxville
Robert Beezer, University of Puget Sound
Myron Hood, California Polytechnic State University
Herbert Kasube, Bradley University
John Kurtzke, University of Portland
Inessa Levi, University of Louisville
Geoffrey Mason, University of California, Santa Cruz
Bruce Mericle, Mankato State University
Kimmo Rosenthal, Union College
Mark Teply, University of Wisconsin
I would also like to thank Steve Quigley, Marnie Pommett,
Cathie Griffin, Kelle Karshick, and the rest of the staff at PWS
Publishing for their guidance throughout this project. It has been
a pleasure to work with them.
Robert Beezer encouraged me to make Abstract Algebra: Theory and Applications available as an open source textbook, a decision that I have never regretted. With his assistance, the book has
been rewritten in MathBook XML (http://mathbook.pugetsound.edu),
making it possible to quickly output print, web, PDF versions and
more from the same source. The open source version of this book
has received support from the National Science Foundation (Award
#DUE-1020957).
Preface
This text is intended for a one or two-semester undergraduate

course in abstract algebra. Traditionally, these courses have covered the theoretical aspects of groups, rings, and fields. However,
with the development of computing in the last several decades, applications that involve abstract algebra and discrete mathematics
have become increasingly important, and many science, engineering, and computer science students are now electing to minor in
mathematics. Though theory still occupies a central role in the
subject of abstract algebra and no student should go through such
a course without a good notion of what a proof is, the importance
of applications such as coding theory and cryptography has grown
significantly.
Until recently most abstract algebra texts included few if any
applications. However, one of the major problems in teaching an
abstract algebra course is that for many students it is their first
encounter with an environment that requires them to do rigorous
proofs. Such students often find it hard to see the use of learning to prove theorems and propositions; applied examples help the
instructor provide motivation.
This text contains more material than can possibly be covered
in a single semester. Certainly there is adequate material for a twosemester course, and perhaps more; however, for a one-semester
course it would be quite easy to omit selected chapters and still
have a useful text. The order of presentation of topics is standard:
groups, then rings, and finally fields. Emphasis can be placed either on theory or on applications. A typical one-semester course
might cover groups and rings while briefly touching on field theory,
using Chapters 1 through 6, 9, 10, 11, 13 (the first part), 16, 17,
18 (the first part), 20, and 21. Parts of these chapters could be
deleted and applications substituted according to the interests of
the students and the instructor. A two-semester course emphasizing theory might cover Chapters 1 through 6, 9, 10, 11, 13 through
18, 20, 21, 22 (the first part), and 23. On the other hand, if applications are to be emphasized, the course might cover Chapters 1
through 14, and 16 through 22. In an applied course, some of the
more theoretical results could be assumed or omitted. A chapter
vi
vii
dependency chart appears below. (A broken line indicates a partial
dependency.)
Chapters 16
Chapter 8
Chapter 9
Chapter 7
Chapter 10
Chapter 11
Chapter 13
Chapter 16
Chapter 12
Chapter 17
Chapter 18
Chapter 20
Chapter 14
Chapter 15
Chapter 19
Chapter 21
Chapter 22
Chapter 23
Though there are no specific prerequisites for a course in abstract algebra, students who have had other higher-level courses in
mathematics will generally be more prepared than those who have
not, because they will possess a bit more mathematical sophistication. Occasionally, we shall assume some basic linear algebra;
that is, we shall take for granted an elementary knowledge of matrices and determinants. This should present no great problem,
since most students taking a course in abstract algebra have been
introduced to matrices and determinants elsewhere in their career,
if they have not already taken a sophomore or junior-level course
in linear algebra.
Exercise sections are the heart of any mathematics text. An
exercise set appears at the end of each chapter. The nature of the
exercises ranges over several categories; computational, conceptual,
and theoretical problems are included. A section presenting hints
and solutions to many of the exercises appears at the end of the
text. Often in the solutions a proof is only sketched, and it is up to
the student to provide the details. The exercises range in difficulty
viii
from very easy to very challenging. Many of the more substantial
problems require careful thought, so the student should not be
discouraged if the solution is not forthcoming after a few minutes
of work.
There are additional exercises or computer projects at the ends
of many of the chapters. The computer projects usually require a
knowledge of programming. All of these exercises and projects are
more substantial in nature and allow the exploration of new results
and theory.
Sage (sagemath.org) is a free, open source, software system for
advanced mathematics, which is ideal for assisting with a study of
abstract algebra. Sage can be used either on your own computer, a
local server, or on SageMathCloud (https://cloud.sagemath.com).
Robert Beezer has written a comprehensive introduction to Sage
and a selection of relevant exercises that appear at the end of each
chapter, including live Sage cells in the web version of the book.
The Sage code has been tested for accuracy with the most recent
version available at this time: Sage Version 6.8 (released 2015-0726).
Thomas W. Judson
Nacogdoches, Texas 2015
Contents
Acknowledgements
Preface
vi
1 Preliminaries
1.1 A Short Note on Proofs . . . . . .
1.2 Sets and Equivalence Relations . .
1.3 Exercises . . . . . . . . . . . . . .
1.4 References and Suggested Readings
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
1
1
4
16
19
2 The
2.1
2.2
2.3
2.4
2.5
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
21
21
24
29
32
33
3 Groups
3.1 Integer Equivalence Classes and Symmetries
3.2 Definitions and Examples . . . . . . . . . .
3.3 Subgroups . . . . . . . . . . . . . . . . . . .
3.4 Exercises . . . . . . . . . . . . . . . . . . .
3.5 Additional Exercises: Detecting Errors . . .
3.6 References and Suggested Readings . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
34
34
39
45
48
52
54
.
.
.
.
.
.
55
55
59
63
65
69
69
Integers
Mathematical Induction . . . . . .
The Division Algorithm . . . . . .
Exercises . . . . . . . . . . . . . .
Programming Exercises . . . . . .
References and Suggested Readings
4 Cyclic Groups
4.1 Cyclic Subgroups . . . . . . . . . . . . . . .
4.2 Multiplicative Group of Complex Numbers
4.3 The Method of Repeated Squares . . . . . .
4.4 Exercises . . . . . . . . . . . . . . . . . . .
4.5 Programming Exercises . . . . . . . . . . .
4.6 References and Suggested Readings . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
5 Permutation Groups
71
5.1 Definitions and Notation . . . . . . . . . . . . . . . . 71
5.2 Dihedral Groups . . . . . . . . . . . . . . . . . . . . 79
5.3 Exercises . . . . . . . . . . . . . . . . . . . . . . . . 83
ix
CONTENTS
6 Cosets and Lagranges Theorem

6.1 Cosets . . . . . . . . . . . . . .
6.2 Lagranges Theorem . . . . . .
6.3 Fermats and Eulers Theorems
6.4 Exercises . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
87
87
89
91
93
7 Introduction to Cryptography
7.1 Private Key Cryptography . . . . . . . . . . .
7.2 Public Key Cryptography . . . . . . . . . . .
7.3 Exercises . . . . . . . . . . . . . . . . . . . .
7.4 Additional Exercises: Primality and Factoring
7.5 References and Suggested Readings . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
95
96
98
102
104
105
8 Algebraic Coding Theory

8.1 Error-Detecting and Correcting Codes
8.2 Linear Codes . . . . . . . . . . . . . .
8.3 Parity-Check and Generator Matrices
8.4 Efficient Decoding . . . . . . . . . . .
8.5 Exercises . . . . . . . . . . . . . . . .
8.6 Programming Exercises . . . . . . . .
8.7 References and Suggested Readings . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
107
107
115
119
125
128
133
134
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
9 Isomorphisms
9.1 Definition and Examples . . . . . . . . . . . . . . .
9.2 Direct Products . . . . . . . . . . . . . . . . . . . .
9.3 Exercises . . . . . . . . . . . . . . . . . . . . . . .
135
. 135
. 140
. 144
10 Normal Subgroups and Factor Groups

10.1 Factor Groups and Normal Subgroups . . . . . . .
10.2 The Simplicity of the Alternating Group . . . . . .
10.3 Exercises . . . . . . . . . . . . . . . . . . . . . . .
149
. 149
. 152
. 155
11 Homomorphisms
11.1 Group Homomorphisms . . . . . . . .
11.2 The Isomorphism Theorems . . . . . .
11.3 Exercises . . . . . . . . . . . . . . . .
11.4 Additional Exercises: Automorphisms
.
.
.
.
.
.
.
.
.
.
.
.
168
. 168
. 176
. 183
. 185
.
.
.
.
187
. 187
. 191
. 195
. 197
12 Matrix Groups and Symmetry

12.1 Matrix Groups . . . . . . . . . . .
12.2 Symmetry . . . . . . . . . . . . . .
12.3 Exercises . . . . . . . . . . . . . .
13 The
13.1
13.2
13.3
13.4
Structure of Groups
Finite Abelian Groups .
Solvable Groups . . . .
Exercises . . . . . . . .
Programming Exercises
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
158
158
161
164
166
CONTENTS
xi
13.5 References and Suggested Readings . . . . . . . . . . 197

14 Group Actions
14.1 Groups Acting on Sets . . . . . . .
14.2 The Class Equation . . . . . . . .
14.3 Burnsides Counting Theorem . . .
14.4 Exercises . . . . . . . . . . . . . .
14.5 Programming Exercise . . . . . . .
14.6 References and Suggested Reading
15 The
15.1
15.2
15.3
15.4
15.5
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
198
198
201
203
211
214
214
Sylow Theorems
The Sylow Theorems . . . . . . . .
Examples and Applications . . . .
Exercises . . . . . . . . . . . . . .
A Project . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
215
. 215
. 219
. 223
. 225
. 225
16 Rings
16.1 Rings . . . . . . . . . . . . . . . .
16.2 Integral Domains and Fields . . . .
16.3 Ring Homomorphisms and Ideals .
16.4 Maximal and Prime Ideals . . . . .
16.5 An Application to Software Design
16.6 Exercises . . . . . . . . . . . . . .
16.7 Programming Exercise . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
227
227
231
233
237
240
244
249
249
.
.
.
.
251
251
255
259
265
17 Polynomials
17.1 Polynomial Rings . . . . . . . . . . . . . . . . . . .
17.2 The Division Algorithm . . . . . . . . . . . . . . .
17.3 Irreducible Polynomials . . . . . . . . . . . . . . .
17.4 Exercises . . . . . . . . . . . . . . . . . . . . . . .
17.5 Additional Exercises: Solving the Cubic and Quartic
Equations . . . . . . . . . . . . . . . . . . . . . . .
18 Integral Domains
18.1 Fields of Fractions . . . . . . . . .
18.2 Factorization in Integral Domains .
18.3 Exercises . . . . . . . . . . . . . .
19 Lattices and Boolean Algebras
19.1 Lattices . . . . . . . . . . . . . . .
19.2 Boolean Algebras . . . . . . . . . .
19.3 The Algebra of Electrical Circuits .
19.4 Exercises . . . . . . . . . . . . . .
19.5 Programming Exercises . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 268
271
271
275
284
287
.
.
.
.
.
.
.
.
.
.
.
.
.
.
288
. 288
. 292
. 298
. 301
. 303
. 304
xii
CONTENTS
20 Vector Spaces
20.1 Definitions and Examples . . . . .
20.2 Subspaces . . . . . . . . . . . . . .
20.3 Linear Independence . . . . . . . .
20.4 Exercises . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
305
305
307
308
310
313
21 Fields
21.1 Extension Fields . . . . . . . . . .
21.2 Splitting Fields . . . . . . . . . . .
21.3 Geometric Constructions . . . . . .
21.4 Exercises . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
315
315
326
328
334
337
22 Finite Fields
338
22.1 Structure of a Finite Field . . . . . . . . . . . . . . . 338
22.2 Polynomial Codes . . . . . . . . . . . . . . . . . . . 342
22.3 Exercises . . . . . . . . . . . . . . . . . . . . . . . . 351
22.4 Additional Exercises: Error Correction for BCH Codes353
22.5 References and Suggested Readings . . . . . . . . . . 354
23 Galois Theory
23.1 Field Automorphisms . . . . . . .
23.2 The Fundamental Theorem . . . .
23.3 Applications . . . . . . . . . . . . .
23.4 Exercises . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
356
356
361
369
375
377
A GNU Free Documentation License
379
Hints and Solutions to Selected Exercises
389
Notation
404
1
Preliminaries
A certain amount of mathematical maturity is necessary to find

and study applications of abstract algebra. A basic knowledge
of set theory, mathematical induction, equivalence relations, and
matrices is a must. Even more important is the ability to read and
understand mathematical proofs. In this chapter we will outline
the background needed for a course in abstract algebra.
1.1
A Short Note on Proofs
Abstract mathematics is different from other sciences. In laboratory sciences such as chemistry and physics, scientists perform experiments to discover new principles and verify theories. Although
mathematics is often motivated by physical experimentation or by
computer simulations, it is made rigorous through the use of logical arguments. In studying abstract mathematics, we take what is
called an axiomatic approach; that is, we take a collection of objects S and assume some rules about their structure. These rules
are called axioms. Using the axioms for S, we wish to derive other
information about S by using logical arguments. We require that
our axioms be consistent; that is, they should not contradict one
another. We also demand that there not be too many axioms. If
a system of axioms is too restrictive, there will be few examples of
the mathematical structure.
A statement in logic or mathematics is an assertion that is
either true or false. Consider the following examples:
3 + 56 13 + 8/2.
All cats are black.
2 + 3 = 5.
2x = 6 exactly when x = 4.
If ax2 + bx + c = 0 and a = 0, then
b b2 4ac
x=
.
2a
1
CHAPTER 1. PRELIMINARIES
x3 4x2 + 5x 6.
All but the first and last examples are statements, and must be
either true or false.
A mathematical proof is nothing more than a convincing
argument about the accuracy of a statement. Such an argument
should contain enough detail to convince the audience; for instance,
we can see that the statement 2x = 6 exactly when x = 4 is false
by evaluating 2 4 and noting that 6 = 8, an argument that would
satisfy anyone. Of course, audiences may vary widely: proofs can
be addressed to another student, to a professor, or to the reader of
a text. If more detail than needed is presented in the proof, then
the explanation will be either long-winded or poorly written. If
too much detail is omitted, then the proof may not be convincing.
Again it is important to keep the audience in mind. High school
students require much more detail than do graduate students. A
good rule of thumb for an argument in an introductory abstract
algebra course is that it should be written to convince ones peers,
whether those peers be other students or other readers of the text.
Let us examine different types of statements. A statement could
be as simple as 10/5 = 2; however, mathematicians are usually
interested in more complex statements such as If p, then q, where
p and q are both statements. If certain statements are known or
assumed to be true, we wish to know what we can say about other
statements. Here p is called the hypothesis and q is known as the
conclusion. Consider the following statement: If ax2 + bx + c = 0
and a = 0, then
x=
b2 4ac
.
2a
The hypothesis is ax2 + bx + c = 0 and a = 0; the conclusion is
x=
b2 4ac
.
2a
Notice that the statement says nothing about whether or not the
hypothesis is true. However, if this entire statement is true and
we can show that ax2 + bx + c = 0 with a = 0 is true, then the
conclusion must be true. A proof of this statement might simply
1.1. A SHORT NOTE ON PROOFS
be a series of equations:
ax2 + bx + c = 0
b
c
x2 + x =
a
a
( )2 ( )2
b
b
c
b
=
x2 + x +
a
2a
2a
a
(
)2
2
b
b 4ac
x+
=
2a
4a2
b
b2 4ac
x+
=
2a
2a
b b2 4ac
x=
.
2a
If we can prove a statement true, then that statement is called
a proposition. A proposition of major importance is called a
theorem. Sometimes instead of proving a theorem or proposition
all at once, we break the proof down into modules; that is, we
prove several supporting propositions, which are called lemmas,
and use the results of these propositions to prove the main result.
If we can prove a proposition or a theorem, we will often, with
very little effort, be able to derive other related propositions called
corollaries.
Some Cautions and Suggestions

There are several different strategies for proving propositions. In
addition to using different methods of proof, students often make
some common mistakes when they are first learning how to prove
theorems. To aid students who are studying abstract mathematics
for the first time, we list here some of the difficulties that they may
encounter and some of the strategies of proof available to them.
It is a good idea to keep referring back to this list as a reminder.
(Other techniques of proof will become apparent throughout this
chapter and the remainder of the text.)
A theorem cannot be proved by example; however, the standard way to show that a statement is not a theorem is to
provide a counterexample.
Quantifiers are important. Words and phrases such as only,
for all, for every, and for some possess different meanings.
Never assume any hypothesis that is not explicitly stated in
the theorem. You cannot take things for granted.
Suppose you wish to show that an object exists and is unique.
First show that there actually is such an object. To show that
it is unique, assume that there are two such objects, say r and
s, and then show that r = s.
Sometimes it is easier to prove the contrapositive of a statement. Proving the statement If p, then q is exactly the
same as proving the statement If not q, then not p.
Although it is usually better to find a direct proof of a theorem, this task can sometimes be difficult. It may be easier
to assume that the theorem that you are trying to prove is
false, and to hope that in the course of your argument you
are forced to make some statement that cannot possibly be
true.
Remember that one of the main objectives of higher mathematics is proving theorems. Theorems are tools that make new and
productive applications of mathematics possible. We use examples
to give insight into existing theorems and to foster intuitions as to
what new theorems might be true. Applications, examples, and
proofs are tightly interconnectedmuch more so than they may
seem at first appearance.
1.2
Sets and Equivalence Relations
Set Theory
A set is a well-defined collection of objects; that is, it is defined
in such a manner that we can determine for any given object x
whether or not x belongs to the set. The objects that belong to a
set are called its elements or members. We will denote sets by
capital letters, such as A or X; if a is an element of the set A, we
write a A.
A set is usually specified either by listing all of its elements
inside a pair of braces or by stating the property that determines
whether or not an object x belongs to the set. We might write
X = {x1 , x2 , . . . , xn }
for a set containing elements x1 , x2 , . . . , xn or
X = {x : x satisfies P}
if each x in X satisfies a certain property P. For example, if E
is the set of even positive integers, we can describe E by writing
either
E = {2, 4, 6, . . .} or
E = {x : x is an even integer and x > 0}.
We write 2 E when we want to say that 2 is in the set E, and

3
/ E to say that 3 is not in the set E.
1.2. SETS AND EQUIVALENCE RELATIONS
Some of the more important sets that we will consider are the
following:
N = {n : n is a natural number} = {1, 2, 3, . . .};
Z = {n : n is an integer} = {. . . , 1, 0, 1, 2, . . .};
Q = {r : r is a rational number} = {p/q : p, q Z where q = 0};
R = {x : x is a real number};
C = {z : z is a complex number}.
We can find various relations between sets as well as perform
operations on sets. A set A is a subset of B, written A B or
B A, if every element of A is also an element of B. For example,
{4, 5, 8} {2, 3, 4, 5, 6, 7, 8, 9}
and
N Z Q R C.
Trivially, every set is a subset of itself. A set B is a proper subset
of a set A if B A but B = A. If A is not a subset of B, we write
A B; for example, {4, 7, 9} {2, 4, 5, 8, 9}. Two sets are equal,
written A = B, if we can show that A B and B A.
It is convenient to have a set with no elements in it. This set
is called the empty set and is denoted by . Note that the empty
set is a subset of every set.
To construct new sets out of old sets, we can perform certain
operations: the union A B of two sets A and B is defined as
A B = {x : x A or x B};
the intersection of A and B is defined by
A B = {x : x A and x B}.
If A = {1, 3, 5} and B = {1, 2, 3, 9}, then
A B = {1, 2, 3, 5, 9}
and A B = {1, 3}.
We can consider the union and the intersection of more than two
sets. In this case we write
n
Ai = A1 . . . An
i=1
and
Ai = A1 . . . An
i=1
for the union and intersection, respectively, of the sets A1 , . . . , An .
When two sets have no elements in common, they are said to

be disjoint; for example, if E is the set of even integers and O is
the set of odd integers, then E and O are disjoint. Two sets A and
B are disjoint exactly when A B = .
Sometimes we will work within one fixed set U , called the universal set. For any set A U , we define the complement of A,
denoted by A , to be the set
A = {x : x U and x
/ A}.
We define the difference of two sets A and B to be
A \ B = A B = {x : x A and x
/ B}.
Example 1.1. Let R be the universal set and suppose that
A = {x R : 0 < x 3} and
B = {x R : 2 x < 4}.
Then
A B = {x R : 2 x 3}
A B = {x R : 0 < x < 4}
A \ B = {x R : 0 < x < 2}
A = {x R : x 0 or x > 3}.
Proposition 1.2. Let A, B, and C be sets. Then
1. A A = A, A A = A, and A \ A = ;
2. A = A and A = ;
3. A (B C) = (A B) C and A (B C) = (A B) C;
4. A B = B A and A B = B A;
5. A (B C) = (A B) (A C);
6. A (B C) = (A B) (A C).
Proof. We will prove (1) and (3) and leave the remaining results
to be proven in the exercises.
(1) Observe that
A A = {x : x A or x A}
= {x : x A}
=A
and
A A = {x : x A and x A}
= {x : x A}
= A.
Also, A \ A = A A = .
(3) For sets A, B, and C,
A (B C) = A {x : x B or x C}
= {x : x A or x B, or x C}
= {x : x A or x B} C
= (A B) C.
A similar argument proves that A (B C) = (A B) C.
Theorem 1.3 (De Morgans Laws). Let A and B be sets. Then
1. (A B) = A B ;
2. (A B) = A B .
Proof. (1) We must show that (A B) A B and (A B)
A B . Let x (A B) . Then x
/ A B. So x is neither in A
nor in B, by the definition of the union of sets. By the definition
of the complement, x A and x B . Therefore, x A B and
we have (A B) A B .
To show the reverse inclusion, suppose that x A B . Then
x A and x B , and so x
/ A and x
/ B. Thus x
/ A B and
so x (AB) . Hence, (AB) A B and so (AB) = A B .
The proof of (2) is left as an exercise.
Example 1.4. Other relations between sets often hold true. For
example,
(A \ B) (B \ A) = .
To see that this is true, observe that
(A \ B) (B \ A) = (A B ) (B A )
= A A B B
= .
Cartesian Products and Mappings

Given sets A and B, we can define a new set A B, called the
Cartesian product of A and B, as a set of ordered pairs. That
is,
A B = {(a, b) : a A and b B}.
Example 1.5. If A = {x, y}, B = {1, 2, 3}, and C = , then AB
is the set
{(x, 1), (x, 2), (x, 3), (y, 1), (y, 2), (y, 3)}
and
A C = .
We define the Cartesian product of n sets to be
A1 An = {(a1 , . . . , an ) : ai Ai for i = 1, . . . , n}.
If A = A1 = A2 = = An , we often write An for A A

(where A would be written n times). For example, the set R3
consists of all of 3-tuples of real numbers.
Subsets of A B are called relations. We will define a mapping or function f A B from a set A to a set B to be the
special type of relation where (a, b) f if for every element a A
there exists a unique element b B. Another way of saying this
is that for every element in A, f assigns a unique element in B.
f
We usually write f : A B or A B. Instead of writing down

ordered pairs (a, b) A B, we write f (a) = b or f : a 7 b. The
set A is called the domain of f and
f (A) = {f (a) : a A} B
is called the range or image of f . We can think of the elements
in the functions domain as input values and the elements in the
functions range as output values.
A
B
1
Figure 1.6: Mappings and relations

Example 1.7. Suppose A = {1, 2, 3} and B = {a, b, c}. In Figure 1.6 we define relations f and g from A to B. The relation f is
a mapping, but g is not because 1 A is not assigned to a unique
element in B; that is, g(1) = a and g(1) = b.
Given a function f : A B, it is often possible to write a
list describing what the function does to each specific element in
the domain. However, not all functions can be described in this
manner. For example, the function f : R R that sends each real
number to its cube is a mapping that must be described by writing

f (x) = x3 or f : x 7 x3 .
Consider the relation f : Q Z given by f (p/q) = p. We know
that 1/2 = 2/4, but is f (1/2) = 1 or 2? This relation cannot be a
mapping because it is not well-defined. A relation is well-defined
if each element in the domain is assigned to a unique element in
the range.
If f : A B is a map and the image of f is B, i.e., f (A) = B,
then f is said to be onto or surjective. In other words, if there
exists an a A for each b B such that f (a) = b, then f is onto. A
map is one-to-one or injective if a1 = a2 implies f (a1 ) = f (a2 ).
Equivalently, a function is one-to-one if f (a1 ) = f (a2 ) implies a1 =
a2 . A map that is both one-to-one and onto is called bijective.
Example 1.8. Let f : Z Q be defined by f (n) = n/1. Then
f is one-to-one but not onto. Define g : Q Z by g(p/q) = p
where p/q is a rational number expressed in its lowest terms with
a positive denominator. The function g is onto but not one-to-one.
Given two functions, we can construct a new function by using
the range of the first function as the domain of the second function.
Let f : A B and g : B C be mappings. Define a new map,
the composition of f and g from A to C, by (g f )(x) = g(f (x)).
A
B
f
C
g
gf
Figure 1.9: Composition of maps

Example 1.10. Consider the functions f : A B and g : B C
that are defined in Figure 1.9 (top). The composition of these
functions, g f : A C, is defined in Figure 1.9 (bottom).
Example 1.11. Let f (x) = x2 and g(x) = 2x + 5. Then
(f g)(x) = f (g(x)) = (2x + 5)2 = 4x2 + 20x + 25
10
and
(g f )(x) = g(f (x)) = 2x2 + 5.
In general, order makes a difference; that is, in most cases f g =
g f.
Example 1.12. Sometimes it is the case that f g = g f . Let
f (x) = x3 and g(x) = 3 x. Then
(f g)(x) = f (g(x)) = f ( 3 x ) = ( 3 x )3 = x
and
(g f )(x) = g(f (x)) = g(x3 ) =
x3 = x.
Example 1.13. Given a 2 2 matrix

(
)
a b
A=
,
c d
we can define a map TA : R2 R2 by
TA (x, y) = (ax + by, cx + dy)
for (x, y) in R2 . This is actually matrix multiplication; that is,
(
)( ) (
)
a b
x
ax + by
=
.
c d
y
cx + dy
Maps from Rn to Rm given by matrices are called linear maps or
linear transformations.
Example 1.14. Suppose that S = {1, 2, 3}. Define a map : S
S by
(1) = 2,
(2) = 1,
(3) = 3.
This is a bijective map. An alternative way to write is
(
) (
)
1
2
3
1 2 3
=
.
(1) (2) (3)
2 1 3
For any set S, a one-to-one and onto mapping : S S is called
a permutation of S.
Theorem 1.15. Let f : A B, g : B C, and h : C D.
Then
1. The composition of mappings is associative; that is, (h g)
f = h (g f );
2. If f and g are both one-to-one, then the mapping g f is
one-to-one;
3. If f and g are both onto, then the mapping g f is onto;
11
4. If f and g are bijective, then so is g f .

Proof. We will prove (1) and (3). Part (2) is left as an exercise.
Part (4) follows directly from (2) and (3).
(1) We must show that
h (g f ) = (h g) f.
For a A we have
(h (g f ))(a) = h((g f )(a))
= h(g(f (a)))
= (h g)(f (a))
= ((h g) f )(a).
(3) Assume that f and g are both onto functions. Given c C,
we must show that there exists an a A such that (g f )(a) =
g(f (a)) = c. However, since g is onto, there is an element b B
such that g(b) = c. Similarly, there is an a A such that f (a) = b.
Accordingly,
(g f )(a) = g(f (a)) = g(b) = c.
If S is any set, we will use idS or id to denote the identity

mapping from S to itself. Define this map by id(s) = s for all
s S. A map g : B A is an inverse mapping of f : A B if
g f = idA and f g = idB ; in other words, the inverse function
of a function simply undoes the function. A map is said to be
invertible if it has an inverse. We usually write f 1 for the inverse
of f .
Example 1.16. The function f (x) = x3 has inverse f 1 (x) = 3 x

by Example 1.12.
Example 1.17. The natural logarithm and the exponential functions, f (x) = ln x and f 1 (x) = ex , are inverses of each other
provided that we are careful about choosing domains. Observe
that
f (f 1 (x)) = f (ex ) = ln ex = x
and
f 1 (f (x)) = f 1 (ln x) = eln x = x
whenever composition makes sense.

Example 1.18. Suppose that
A=
(
)
3 1
.
5 2
12
Then A defines a map from R2 to R2 by

TA (x, y) = (3x + y, 5x + 2y).
We can find an inverse map of TA by simply inverting the matrix
A; that is, TA1 = TA1 . In this example,
1
(
=
)
2 1
;
5 3
hence, the inverse map is given by

TA1 (x, y) = (2x y, 5x + 3y).
It is easy to check that
TA1 TA (x, y) = TA TA1 (x, y) = (x, y).
Not every map has an inverse. If we consider the map
TB (x, y) = (3x, 0)
given by the matrix
(
)
3 0
B=
,
0 0
then an inverse map would have to be of the form

TB1 (x, y) = (ax + by, cx + dy)
and
(x, y) = T TB1 (x, y) = (3ax + 3by, 0)
for all x and y. Clearly this is impossible because y might not be
0.
Example 1.19. Given the permutation
(
)
1 2 3
=
2 3 1
on S = {1, 2, 3}, it is easy to see that the permutation defined by
(
)
1 2 3
=
3 1 2
is the inverse of . In fact, any bijective mapping possesses an

inverse, as we will see in the next theorem.
Theorem 1.20. A mapping is invertible if and only if it is both
one-to-one and onto.
13
Proof. Suppose first that f : A B is invertible with inverse g :

B A. Then g f = idA is the identity map; that is, g(f (a)) = a.
If a1 , a2 A with f (a1 ) = f (a2 ), then a1 = g(f (a1 )) = g(f (a2 )) =
a2 . Consequently, f is one-to-one. Now suppose that b B. To
show that f is onto, it is necessary to find an a A such that
f (a) = b, but f (g(b)) = b with g(b) A. Let a = g(b).
Conversely, let f be bijective and let b B. Since f is onto,
there exists an a A such that f (a) = b. Because f is one-to-one,
a must be unique. Define g by letting g(b) = a. We have now
constructed the inverse of f .
Equivalence Relations and Partitions

A fundamental notion in mathematics is that of equality. We
can generalize equality with equivalence relations and equivalence
classes. An equivalence relation on a set X is a relation R
X X such that
(x, x) R for all x X (reflexive property);
(x, y) R implies (y, x) R (symmetric property);
(x, y) and (y, z) R imply (x, z) R (transitive property).
Given an equivalence relation R on a set X, we usually write x y
instead of (x, y) R. If the equivalence relation already has an
associated notation such as =, , or
=, we will use that notation.
Example 1.21. Let p, q, r, and s be integers, where q and s
are nonzero. Define p/q r/s if ps = qr. Clearly is reflexive
and symmetric. To show that it is also transitive, suppose that
p/q r/s and r/s t/u, with q, s, and u all nonzero. Then
ps = qr and ru = st. Therefore,
psu = qru = qst.
Since s = 0, pu = qt. Consequently, p/q t/u.
Example 1.22. Suppose that f and g are differentiable functions
on R. We can define an equivalence relation on such functions
by letting f (x) g(x) if f (x) = g (x). It is clear that is both
reflexive and symmetric. To demonstrate transitivity, suppose that
f (x) g(x) and g(x) h(x). From calculus we know that f (x)
g(x) = c1 and g(x)h(x) = c2 , where c1 and c2 are both constants.
Hence,
f (x) h(x) = (f (x) g(x)) + (g(x) h(x)) = c1 c2
and f (x) h (x) = 0. Therefore, f (x) h(x).
14
Example 1.23. For (x1 , y1 ) and (x2 , y2 ) in R2 , define (x1 , y1 )

(x2 , y2 ) if x21 + y12 = x22 + y22 . Then is an equivalence relation on
R2 .
Example 1.24. Let A and B be 2 2 matrices with entries in the
real numbers. We can define an equivalence relation on the set of
2 2 matrices, by saying A B if there exists an invertible matrix
P such that P AP 1 = B. For example, if
(
A=
1 2
1 1
(
)
18 33
and B =
,
11 20
then A B since P AP 1 = B for

(
)
2 5
P =
.
1 3
Let I be the 2 2 identity matrix; that is,
I=
(
)
1 0
.
0 1
Then IAI 1 = IAI = A; therefore, the relation is reflexive. To

show symmetry, suppose that A B. Then there exists an invertible matrix P such that P AP 1 = B. So
A = P 1 BP = P 1 B(P 1 )1 .
Finally, suppose that A B and B C. Then there exist invertible matrices P and Q such that P AP 1 = B and QBQ1 = C.
Since
C = QBQ1 = QP AP 1 Q1 = (QP )A(QP )1 ,
the relation is transitive. Two matrices that are equivalent in this
manner are said to be similar.
A partition P of a set X is a collection of nonempty sets
X1 , X2 , . . . such that Xi Xj = for i = j and k Xk = X. Let
be an equivalence relation on a set X and let x X. Then
[x] = {y X : y x} is called the equivalence class of x. We
will see that an equivalence relation gives rise to a partition via
equivalence classes. Also, whenever a partition of a set exists, there
is some natural underlying equivalence relation, as the following
theorem demonstrates.
Theorem 1.25. Given an equivalence relation on a set X, the
equivalence classes of X form a partition of X. Conversely, if
P = {Xi } is a partition of a set X, then there is an equivalence
relation on X with equivalence classes Xi .
15
Proof. Suppose there exists an equivalence relation on the set

X. For any x X, the reflexive property
shows that x [x] and
so [x] is nonempty. Clearly X = xX [x]. Now let x, y X. We

need to show that either [x] = [y] or [x] [y] = . Suppose that the
intersection of [x] and [y] is not empty and that z [x] [y]. Then
z x and z y. By symmetry and transitivity x y; hence,
[x] [y]. Similarly, [y] [x] and so [x] = [y]. Therefore, any two
equivalence classes are either disjoint or exactly the same.
Conversely, suppose that P = {Xi } is a partition of a set X.
Let two elements be equivalent if they are in the same partition.
Clearly, the relation is reflexive. If x is in the same partition as
y, then y is in the same partition as x, so x y implies y x.
Finally, if x is in the same partition as y and y is in the same
partition as z, then x must be in the same partition as z, and
transitivity holds.
Corollary 1.26. Two equivalence classes of an equivalence relation
are either disjoint or equal.
Let us examine some of the partitions given by the equivalence
classes in the last set of examples.
Example 1.27. In the equivalence relation in Example 1.21, two
pairs of integers, (p, q) and (r, s), are in the same equivalence class
when they reduce to the same fraction in its lowest terms.
Example 1.28. In the equivalence relation in Example 1.22, two
functions f (x) and g(x) are in the same partition when they differ
by a constant.
Example 1.29. We defined an equivalence class on R2 by (x1 , y1 )
(x2 , y2 ) if x21 + y12 = x22 + y22 . Two pairs of real numbers are in the
same partition when they lie on the same circle about the origin.
Example 1.30. Let r and s be two integers and suppose that
n N. We say that r is congruent to s modulo n, or r is
congruent to s mod n, if r s is evenly divisible by n; that is,
r s = nk for some k Z. In this case we write r s (mod n).
For example, 41 17 (mod 8) since 41 17 = 24 is divisible by 8.
We claim that congruence modulo n forms an equivalence relation
of Z. Certainly any integer r is equivalent to itself since r r = 0
is divisible by n. We will now show that the relation is symmetric.
If r s (mod n), then r s = (s r) is divisible by n. So
s r is divisible by n and s r (mod n). Now suppose that r s
(mod n) and s t (mod n). Then there exist integers k and l such
that r s = kn and s t = ln. To show transitivity, it is necessary
to prove that r t is divisible by n. However,
r t = r s + s t = kn + ln = (k + l)n,
16
and so r t is divisible by n.
If we consider the equivalence relation established by the integers modulo 3, then
[0] = {. . . , 3, 0, 3, 6, . . .},
[1] = {. . . , 2, 1, 4, 7, . . .},
[2] = {. . . , 1, 2, 5, 8, . . .}.
Notice that [0] [1] [2] = Z and also that the sets are disjoint.
The sets [0], [1], and [2] form a partition of the integers.
The integers modulo n are a very important example in the
study of abstract algebra and will become quite useful in our investigation of various algebraic structures such as groups and rings. In
our discussion of the integers modulo n we have actually assumed
a result known as the division algorithm, which will be stated and
proved in Chapter 2.
1.3
Exercises
1. Suppose that
A = {x : x N and x is even},
B = {x : x N and x is prime},
C = {x : x N and x is a multiple of 5}.
Describe each of the following sets.
(a) A B
(c) A B
(b) B C
(d) A (B C)
2. If A = {a, b, c}, B = {1, 2, 3}, C = {x}, and D = , list all of

the elements in each of the following sets.
(a) A B
(c) A B C
(b) B A
(d) A D
3. Find an example of two nonempty sets A and B for which A

B = B A is true.
4. Prove A = A and A = .
5. Prove A B = B A and A B = B A.
6. Prove A (B C) = (A B) (A C).
1.3. EXERCISES
17
7. Prove A (B C) = (A B) (A C).
8. Prove A B if and only if A B = A.
9. Prove (A B) = A B .
10. Prove A B = (A B) (A \ B) (B \ A).
11. Prove (A B) C = (A C) (B C).
12. Prove (A B) \ B = .
13. Prove (A B) \ B = A \ B.
14. Prove A \ (B C) = (A \ B) (A \ C).
15. Prove A (B \ C) = (A B) \ (A C).
16. Prove (A \ B) (B \ A) = (A B) \ (A B).
17. Which of the following relations f : Q Q define a mapping?
In each case, supply a reason why f is or is not a mapping.
p+1
p2
3p
(b) f (p/q) =
3q
(a) f (p/q) =
(c) f (p/q) =
p+q
q2
(d) f (p/q) =
3p2 p
7q 2
q
18. Determine which of the following functions are one-to-one and

which are onto. If the function is not onto, determine its range.
(a) f : R R defined by f (x) = ex
(b) f : Z Z defined by f (n) = n2 + 3
(c) f : R R defined by f (x) = sin x
(d) f : Z Z defined by f (x) = x2
19. Let f : A B and g : B C be invertible mappings; that
is, mappings such that f 1 and g 1 exist. Show that (g f )1 =
f 1 g 1 .
20. (a) Define a function f : N N that is one-to-one but not
onto.
(b) Define a function f : N N that is onto but not one-to-one.
21. Prove the relation defined on R2 by (x1 , y1 ) (x2 , y2 ) if x21 +
y12 = x22 + y22 is an equivalence relation.
22. Let f : A B and g : B C be maps.
18
(a) If f and g are both one-to-one functions, show that g f is

one-to-one.
(b) If g f is onto, show that g is onto.
(c) If g f is one-to-one, show that f is one-to-one.
(d) If g f is one-to-one and f is onto, show that g is one-to-one.
(e) If g f is onto and g is one-to-one, show that f is onto.
23. Define a function on the real numbers by
f (x) =
x+1
.
x1
What are the domain and range of f ? What is the inverse of f ?

Compute f f 1 and f 1 f .
24. Let f : X Y be a map with A1 , A2 X and B1 , B2 Y .
(a) Prove f (A1 A2 ) = f (A1 ) f (A2 ).
(b) Prove f (A1 A2 ) f (A1 ) f (A2 ). Give an example in which
equality fails.
(c) Prove f 1 (B1 B2 ) = f 1 (B1 ) f 1 (B2 ), where
f 1 (B) = {x X : f (x) B}.
(d) Prove f 1 (B1 B2 ) = f 1 (B1 ) f 1 (B2 ).
(e) Prove f 1 (Y \ B1 ) = X \ f 1 (B1 ).
25. Determine whether or not the following relations are equivalence relations on the given set. If the relation is an equivalence
relation, describe the partition given by it. If the relation is not an
equivalence relation, state why it fails to be one.
(a) x y in R if x y
(b) m n in Z if mn > 0
(c) x y in R if |x y| 4
(d) m n in Z if m n
(mod 6)
26. Define a relation on R2 by stating that (a, b) (c, d) if and

only if a2 + b2 c2 + d2 . Show that is reflexive and transitive
but not symmetric.
27. Show that an m n matrix gives rise to a well-defined map
from Rn to Rm .
28. Find the error in the following argument by providing a counterexample. The reflexive property is redundant in the axioms
for an equivalence relation. If x y, then y x by the symmetric property. Using the transitive property, we can deduce that
x x.
1.4. REFERENCES AND SUGGESTED READINGS
19
29. (Projective Real Line) Define a relation on R2 \{(0, 0)} by letting (x1 , y1 ) (x2 , y2 ) if there exists a nonzero real number such
that (x1 , y1 ) = (x2 , y2 ). Prove that defines an equivalence
relation on R2 \ (0, 0). What are the corresponding equivalence
classes? This equivalence relation defines the projective line, denoted by P(R), which is very important in geometry.
1.4
[1]
Artin, M. Abstract Algebra. 2nd ed. Pearson, Upper Saddle

River, NJ, 2011.
[2]
Childs, L. A Concrete Introduction to Higher Algebra. 2nd

ed. Springer-Verlag, New York, 1995.
[3]
Dummit, D. and Foote, R. Abstract Algebra. 3rd ed. Wiley,

New York, 2003.
[4]
Ehrlich, G. Fundamental Concepts of Algebra. PWS-KENT,

Boston, 1991.
[5]
Fraleigh, J. B. A First Course in Abstract Algebra. 7th ed.

Pearson, Upper Saddle River, NJ, 2003.
[6]
Gallian, J. A. Contemporary Abstract Algebra. 7th ed. Brooks/Cole, Belmont, CA, 2009.
[7]
Halmos, P. Naive Set Theory. Springer, New York, 1991.

One of the best references for set theory.
[8]
Herstein, I. N. Abstract Algebra. 3rd ed. Wiley, New York,

1996.
[9]
Hungerford, T. W. Algebra. Springer, New York, 1974. One

of the standard graduate algebra texts.
[10] Lang, S. Algebra. 3rd ed. Springer, New York, 2002. Another
standard graduate text.
[11] Lidl, R. and Pilz, G. Applied Abstract Algebra.
Springer, New York, 1998.
2nd ed.
20
[12] Mackiw, G. Applications of Abstract Algebra. Wiley, New

York, 1985.
[13] Nickelson, W. K. Introduction to Abstract Algebra. 3rd ed.
Wiley, New York, 2006.
[14] Solow, D. How to Read and Do Proofs. 5th ed. Wiley, New
York, 2009.
[15] van der Waerden, B. L. A History of Algebra. SpringerVerlag, New York, 1985. An account of the historical development of algebra.
2
The Integers
The integers are the building blocks of mathematics. In this chapter we will investigate the fundamental properties of the integers,
including mathematical induction, the division algorithm, and the
Fundamental Theorem of Arithmetic.
2.1
Mathematical Induction
Suppose we wish to show that

1 + 2 + + n =
n(n + 1)
2
for any natural number n. This formula is easily verified for small
numbers such as n = 1, 2, 3, or 4, but it is impossible to verify for
all natural numbers on a case-by-case basis. To prove the formula
true in general, a more generic method is required.
Suppose we have verified the equation for the first n cases. We
will attempt to show that we can generate the formula for the
(n + 1)th case from this knowledge. The formula is true for n = 1
since
1(1 + 1)
.
1=
2
If we have verified the first n cases, then
n(n + 1)
+n+1
2
n2 + 3n + 2
=
2
(n + 1)[(n + 1) + 1]
=
.
2
1 + 2 + + n + (n + 1) =
This is exactly the formula for the (n + 1)th case.

This method of proof is known as mathematical induction.
Instead of attempting to verify a statement about some subset S
of the positive integers N on a case-by-case basis, an impossible
task if S is an infinite set, we give a specific proof for the smallest
integer being considered, followed by a generic argument showing
21
22
CHAPTER 2. THE INTEGERS
that if the statement holds for a given case, then it must also hold
for the next case in the sequence. We summarize mathematical
induction in the following axiom.
Principle 2.1 (First Principle of Mathematical Induction). Let
S(n) be a statement about integers for n N and suppose S(n0 ) is
true for some integer n0 . If for all integers k with k n0 , S(k)
implies that S(k + 1) is true, then S(n) is true for all integers n
greater than or equal to n0 .
Example 2.2. For all integers n 3, 2n > n + 4. Since
8 = 23 > 3 + 4 = 7,
the statement is true for n0 = 3. Assume that 2k > k + 4 for k 3.
Then 2k+1 = 2 2k > 2(k + 4). But
2(k + 4) = 2k + 8 > k + 5 = (k + 1) + 4
since k is positive. Hence, by induction, the statement holds for all
integers n 3.
Example 2.3. Every integer 10n+1 + 3 10n + 5 is divisible by 9
for n N. For n = 1,
101+1 + 3 10 + 5 = 135 = 9 15
is divisible by 9. Suppose that 10k+1 + 3 10k + 5 is divisible by 9
for k 1. Then
10(k+1)+1 + 3 10k+1 + 5 = 10k+2 + 3 10k+1 + 50 45
= 10(10k+1 + 3 10k + 5) 45
is divisible by 9.
Example 2.4. We will prove the binomial theorem using mathematical induction; that is,
n ( )
n k nk
a b
,
(a + b) =
k
n
k=0
where a and b are real numbers, n N, and

( )
n
n!
=
k
k!(n k)!
is the binomial coefficient. We first show that
(
) ( ) (
)
n+1
n
n
=
+
.
k
k
k1
2.1. MATHEMATICAL INDUCTION
23
This result follows from

( ) (
)
n
n
n!
n!
+
=
+
k
k1
k!(n k)! (k 1)!(n k + 1)!
(n + 1)!
=
k!(n + 1 k)!
(
)
n+1
=
.
k
If n = 1, the binomial theorem is easy to verify. Now assume that
the result is true for n greater than or equal to 1. Then
(a + b)n+1 = (a + b)(a + b)n
( n ( )
)
n
= (a + b)
ak bnk
k
k=0
(
)
n
n ( )
n
n k n+1k
k+1 nk
=
a b
+
a b
k
k
k=0
k=0
)
n (
n ( )
n
n k n+1k
= an+1 +
ak bn+1k +
a b
+ bn+1
k1
k
k=1
k=1
) ( )]
n [(
n
n
= an+1 +
+
ak bn+1k + bn+1
k1
k
k=1
(
n+1
n + 1)
ak bn+1k .
=
k
k=0
We have an equivalent statement of the Principle of Mathematical Induction that is often very useful.
Principle 2.5 (Second Principle of Mathematical Induction). Let
S(n) be a statement about integers for n N and suppose S(n0 ) is
true for some integer n0 . If S(n0 ), S(n0 + 1), . . . , S(k) imply that
S(k + 1) for k n0 , then the statement S(n) is true for all integers
n n0 .
A nonempty subset S of Z is well-ordered if S contains a least
element. Notice that the set Z is not well-ordered since it does not
contain a smallest element. However, the natural numbers are wellordered.
Principle 2.6 (Principle of Well-Ordering). Every nonempty subset of the natural numbers is well-ordered.
The Principle of Well-Ordering is equivalent to the Principle of
Mathematical Induction.
Lemma 2.7. The Principle of Mathematical Induction implies that
1 is the least positive natural number.
24
Proof. Let S = {n N : n 1}. Then 1 S. Now assume

that n S; that is, n 1. Since n + 1 1, n + 1 S; hence, by
induction, every natural number is greater than or equal to 1.
Theorem 2.8. The Principle of Mathematical Induction implies
the Principle of Well-Ordering. That is, every nonempty subset of
N contains a least element.
Proof. We must show that if S is a nonempty subset of the natural numbers, then S contains a least element. If S contains 1, then
the theorem is true by Lemma 2.7. Assume that if S contains an
integer k such that 1 k n, then S contains a least element. We
will show that if a set S contains an integer less than or equal to
n + 1, then S has a least element. If S does not contain an integer
less than n + 1, then n + 1 is the smallest integer in S. Otherwise,
since S is nonempty, S must contain an integer less than or equal
to n. In this case, by induction, S contains a least element.
Induction can also be very useful in formulating definitions. For
instance, there are two ways to define n!, the factorial of a positive
integer n.
The explicit definition: n! = 1 2 3 (n 1) n.
The inductive or recursive definition: 1! = 1 and n! = n(n
1)! for n > 1.
Every good mathematician or computer scientist knows that looking at problems recursively, as opposed to explicitly, often results
in better understanding of complex issues.
2.2
The Division Algorithm
An application of the Principle of Well-Ordering that we will use

often is the division algorithm.
Theorem 2.9 (Division Algorithm). Let a and b be integers, with
b > 0. Then there exist unique integers q and r such that
a = bq + r
where 0 r < b.
Proof. This is a perfect example of the existence-and-uniqueness
type of proof. We must first prove that the numbers q and r actually exist. Then we must show that if q and r are two other such
numbers, then q = q and r = r .
2.2. THE DIVISION ALGORITHM
25
Existence of q and r. Let

S = {a bk : k Z and a bk 0}.
If 0 S, then b divides a, and we can let q = a/b and r = 0.
If 0
/ S, we can use the Well-Ordering Principle. We must first
show that S is nonempty. If a > 0, then a b 0 S. If a < 0,
then a b(2a) = a(1 2b) S. In either case S = . By the WellOrdering Principle, S must have a smallest member, say r = abq.
Therefore, a = bq + r, r 0. We now show that r < b. Suppose
that r > b. Then
a b(q + 1) = a bq b = r b > 0.
In this case we would have a b(q + 1) in the set S. But then
ab(q +1) < abq, which would contradict the fact that r = abq
is the smallest member of S. So r b. Since 0
/ S, r = b and so
r < b.
Uniqueness of q and r. Suppose there exist integers r, r , q,
and q such that
a = bq + r, 0 r < b
and a = bq + r , 0 r < b.
Then bq + r = bq + r . Assume that r r. From the last equation

we have b(q q ) = r r; therefore, b must divide r r and
0 r r r < b. This is possible only if r r = 0. Hence,
r = r and q = q .
Let a and b be integers. If b = ak for some integer k, we write
a | b. An integer d is called a common divisor of a and b if
d | a and d | b. The greatest common divisor of integers a
and b is a positive integer d such that d is a common divisor of
a and b and if d is any other common divisor of a and b, then
d | d. We write d = gcd(a, b); for example, gcd(24, 36) = 12 and
gcd(120, 102) = 6. We say that two integers a and b are relatively
prime if gcd(a, b) = 1.
Theorem 2.10. Let a and b be nonzero integers. Then there exist
integers r and s such that
gcd(a, b) = ar + bs.
Furthermore, the greatest common divisor of a and b is unique.
Proof. Let
S = {am + bn : m, n Z and am + bn > 0}.
Clearly, the set S is nonempty; hence, by the Well-Ordering Principle S must have a smallest member, say d = ar + bs. We claim
26
that d = gcd(a, b). Write a = dq + r where 0 r < d. If r > 0,

then
r = a dq
= a (ar + bs)q
= a arq bsq
= a(1 rq) + b(sq),
which is in S. But this would contradict the fact that d is the
smallest member of S. Hence, r = 0 and d divides a. A similar
argument shows that d divides b. Therefore, d is a common divisor
of a and b.
Suppose that d is another common divisor of a and b, and we
want to show that d | d. If we let a = d h and b = d k, then
d = ar + bs = d hr + d ks = d (hr + ks).
So d must divide d. Hence, d must be the unique greatest common
divisor of a and b.
Corollary 2.11. Let a and b be two integers that are relatively
prime. Then there exist integers r and s such that ar + bs = 1.
The Euclidean Algorithm

Among other things, Theorem 2.10 allows us to compute the greatest common divisor of two integers.
Example 2.12. Let us compute the greatest common divisor of
945 and 2415. First observe that
2415 = 945 2 + 525
945 = 525 1 + 420
525 = 420 1 + 105
420 = 105 4 + 0.
Reversing our steps, 105 divides 420, 105 divides 525, 105 divides
945, and 105 divides 2415. Hence, 105 divides both 945 and 2415.
If d were another common divisor of 945 and 2415, then d would
also have to divide 105. Therefore, gcd(945, 2415) = 105.
If we work backward through the above sequence of equations,
we can also obtain numbers r and s such that 945r + 2415s = 105.
Observe that
105 = 525 + (1) 420
= 525 + (1) [945 + (1) 525]
= 2 525 + (1) 945
= 2 [2415 + (2) 945] + (1) 945
= 2 2415 + (5) 945.
27
So r = 5 and s = 2. Notice that r and s are not unique, since

r = 41 and s = 16 would also work.
To compute gcd(a, b) = d, we are using repeated divisions to
obtain a decreasing sequence of positive integers r1 > r2 > >
rn = d; that is,
b = aq1 + r1
a = r 1 q2 + r 2
r 1 = r 2 q3 + r 3
..
.
rn2 = rn1 qn + rn
rn1 = rn qn+1 .
To find r and s such that ar + bs = d, we begin with this last equation and substitute results obtained from the previous equations:
d = rn
= rn2 rn1 qn
= rn2 qn (rn3 qn1 rn2 )
= qn rn3 + (1 + qn qn1 )rn2
..
.
= ra + sb.
The algorithm that we have just used to find the greatest common divisor d of two integers a and b and to write d as the linear
combination of a and b is known as the Euclidean algorithm.
Prime Numbers
Let p be an integer such that p > 1. We say that p is a prime
number, or simply p is prime, if the only positive numbers that
divide p are 1 and p itself. An integer n > 1 that is not prime is
said to be composite.
Lemma 2.13 (Euclid). Let a and b be integers and p be a prime
number. If p | ab, then either p | a or p | b.
Proof. Suppose that p does not divide a. We must show that
p | b. Since gcd(a, p) = 1, there exist integers r and s such that
ar + ps = 1. So
b = b(ar + ps) = (ab)r + p(bs).
Since p divides both ab and itself, p must divide b = (ab)r + p(bs).
28
Theorem 2.14 (Euclid). There exist an infinite number of primes.

Proof. We will prove this theorem by contradiction. Suppose
that there are only a finite number of primes, say p1 , p2 , . . . , pn .
Let P = p1 p2 pn + 1. Then P must be divisible by some pi
for 1 i n. In this case, pi must divide P p1 p2 pn = 1,
which is a contradiction. Hence, either P is prime or there exists
an additional prime number p = pi that divides P .
Theorem 2.15 (Fundamental Theorem of Arithmetic). Let n be
an integer such that n > 1. Then
n = p1 p2 pk ,
where p1 , . . . , pk are primes (not necessarily distinct). Furthermore,
this factorization is unique; that is, if
n = q1 q2 ql ,
then k = l and the qi s are just the pi s rearranged.
Proof. Uniqueness. To show uniqueness we will use induction on
n. The theorem is certainly true for n = 2 since in this case n is
prime. Now assume that the result holds for all integers m such
that 1 m < n, and
n = p 1 p 2 p k = q1 q2 ql ,
where p1 p2 pk and q1 q2 ql . By Lemma 2.13,
p1 | qi for some i = 1, . . . , l and q1 | pj for some j = 1, . . . , k. Since
all of the pi s and qi s are prime, p1 = qi and q1 = pj . Hence,
p1 = q1 since p1 pj = q1 qi = p1 . By the induction hypothesis,
n = p 2 p k = q2 ql
has a unique factorization. Hence, k = l and qi = pi for i =
1, . . . , k.
Existence. To show existence, suppose that there is some integer that cannot be written as the product of primes. Let S be the
set of all such numbers. By the Principle of Well-Ordering, S has
a smallest number, say a. If the only positive factors of a are a
and 1, then a is prime, which is a contradiction. Hence, a = a1 a2
where 1 < a1 < a and 1 < a2 < a. Neither a1 S nor a2 S,
since a is the smallest element in S. So
a1 = p1 pr
a2 = q1 qs .
Therefore,
a = a 1 a 2 = p 1 p r q1 qs .
So a
/ S, which is a contradiction.
2.3. EXERCISES
29
Historical Note
Prime numbers were first studied by the ancient Greeks. Two

important results from antiquity are Euclids proof that an infinite
number of primes exist and the Sieve of Eratosthenes, a method
of computing all of the prime numbers less than a fixed positive
integer n. One problem in number theory is to find a function f
such that f (n) is prime for each integer n. Pierre Fermat (1601?
n
1665) conjectured that 22 + 1 was prime for all n, but later it was
shown by Leonhard Euler (17071783) that
5
22 + 1 = 4,294,967,297
is a composite number. One of the many unproven conjectures
about prime numbers is Goldbachs Conjecture. In a letter to Euler
in 1742, Christian Goldbach stated the conjecture that every even
integer with the exception of 2 seemed to be the sum of two primes:
4 = 2 + 2, 6 = 3 + 3, 8 = 3 + 5, . . .. Although the conjecture has
been verified for the numbers up through 4 1018 , it has yet to be
proven in general. Since prime numbers play an important role in
public key cryptography, there is currently a great deal of interest
in determining whether or not a large number is prime.
Sage Sages original purpose was to support research in number theory, so it is perfect for the types of computations with the
integers that we have in this chapter.
2.3 Exercises
1. Prove that
12 + 22 + + n2 =
n(n + 1)(2n + 1)
6
for n N.
2. Prove that
13 + 23 + + n3 =
n2 (n + 1)2
4
for n N.
3. Prove that n! > 2n for n 4.
4. Prove that
x + 4x + 7x + + (3n 2)x =
for n N.
n(3n 1)x
2
30
5. Prove that 10n+1 + 10n + 1 is divisible by 3 for n N.

6. Prove that 4 102n + 9 102n1 + 5 is divisible by 99 for n N.
7. Show that
1
n
a1 a2 an
ak .
n
n
k=1
8. Prove the Leibniz rule for f (n) (x), where f (n) is the nth derivative of f ; that is, show that
(f g)(n) (x) =
n ( )
n
k=0
f (k) (x)g (nk) (x).
9. Use induction to prove that 1 + 2 + 22 + + 2n = 2n+1 1 for

n N.
10. Prove that
1
n
1 1
+ + +
=
2 6
n(n + 1)
n+1
for n N.
11. If x is a nonnegative real number, then show that (1+x)n 1
nx for n = 0, 1, 2, . . ..
12. (Power Sets) Let X be a set. Define the power set of X,
denoted P(X), to be the set of all subsets of X. For example,
P({a, b}) = {, {a}, {b}, {a, b}}.
For every positive integer n, show that a set with exactly n elements
has a power set with exactly 2n elements.
13. Prove that the two principles of mathematical induction stated
in Section 2.1 are equivalent.
14. Show that the Principle of Well-Ordering for the natural numbers implies that 1 is the smallest natural number. Use this result
to show that the Principle of Well-Ordering implies the Principle
of Mathematical Induction; that is, show that if S N such that
1 S and n + 1 S whenever n S, then S = N.
15. For each of the following pairs of numbers a and b, calculate
gcd(a, b) and find integers r and s such that gcd(a, b) = ra + sb.
2.3. EXERCISES
31
(a) 14 and 39
(d) 471 and 562
(b) 234 and 165
(e) 23,771 and 19,945
(c) 1739 and 9923
(f) 4357 and 3754
16. Let a and b be nonzero integers. If there exist integers r and

s such that ar + bs = 1, show that a and b are relatively prime.
17. (Fibonacci Numbers) The Fibonacci numbers are
1, 1, 2, 3, 5, 8, 13, 21, . . . .
We can define them inductively by f1 = 1, f2 = 1, and fn+2 =
fn+1 + fn for n N.
(a)
(b)
(c)
(d)
(e)
Prove that fn < 2n .

Prove that fn+1 fn1 = fn2 + (1)n , n 2.
Prove that fn = [(1 + 5 )n (1 5 )n ]/2n 5.
Show that limn fn /fn+1 = ( 5 1)/2.

Prove that fn and fn+1 are relatively prime.
18. Let a and b be integers such that gcd(a, b) = 1. Let r and s

be integers such that ar + bs = 1. Prove that
gcd(a, s) = gcd(r, b) = gcd(r, s) = 1.
19. Let x, y N be relatively prime. If xy is a perfect square,
prove that x and y must both be perfect squares.
20. Using the division algorithm, show that every perfect square
is of the form 4k or 4k + 1 for some nonnegative integer k.
21. Suppose that a, b, r, s are pairwise relatively prime and that
a2 + b2 = r2
a2 b2 = s2 .
Prove that a, r, and s are odd and b is even.
22. Let n N. Use the division algorithm to prove that every integer is congruent mod n to precisely one of the integers 0, 1, . . . , n1.
Conclude that if r is an integer, then there is exactly one s in Z
such that 0 s < n and [r] = [s]. Hence, the integers are indeed
partitioned by congruence mod n.
23. Define the least common multiple of two nonzero integers a
and b, denoted by lcm(a, b), to be the nonnegative integer m such
that both a and b divide m, and if a and b divide any other integer
n, then m also divides n. Prove that any two integers a and b have
a unique least common multiple.
32
24. If d = gcd(a, b) and m = lcm(a, b), prove that dm = |ab|.

25. Show that lcm(a, b) = ab if and only if gcd(a, b) = 1.
26. Prove that gcd(a, c) = gcd(b, c) = 1 if and only if gcd(ab, c) = 1
for integers a, b, and c.
27. Let a, b, c Z. Prove that if gcd(a, b) = 1 and a | bc, then
a | c.
28. Let p 2. Prove that if 2p 1 is prime, then p must also be
prime.
29. Prove that there are an infinite number of primes of the form
6n + 5.
30. Prove that there are an infinite number of primes of the form
4n 1.
31. Using the fact that 2 is prime, show that there do not exist
integers
p and q such that p2 = 2q 2 . Demonstrate that therefore
2 cannot be a rational number.
2.4
1. (The Sieve of Eratosthenes) One method of computing all of the

prime numbers less than a certain fixed positive integer N is to list
all of the numbers n such that 1 < n < N . Begin by eliminating all
of the multiples of 2. Next eliminate all of the multiples of 3. Now
eliminate all of the multiples of 5. Notice that 4 has already been
crossed out. Continue in this manner, noticing
that we do not have
to go all the way to N ; it suffices to stop at N . Using this method,
compute all of the prime numbers less than N = 250. We can also
use this method to find all of the integers that are relatively prime
to an integer N . Simply eliminate the prime factors of N and all
of their multiples. Using this method, find all of the numbers that
are relatively prime to N = 120. Using the Sieve of Eratosthenes,
write a program that will compute all of the primes less than an
integer N .
2. Let N0 = N {0}. Ackermanns function is the function A :
N0 N0 N0 defined by the equations
A(0, y) = y + 1,
A(x + 1, 0) = A(x, 1),
A(x + 1, y + 1) = A(x, A(x + 1, y)).
33
Use this definition to compute A(3, 1). Write a program to evaluate

Ackermanns function. Modify the program to count the number
of statements executed in the program when Ackermanns function
is evaluated. How many statements are executed in the evaluation
of A(4, 1)? What about A(5, 1)?
3. Write a computer program that will implement the Euclidean
algorithm. The program should accept two positive integers a and
b as input and should output gcd(a, b) as well as integers r and s
such that
gcd(a, b) = ra + sb.
2.5
[1]
Brookshear, J. G. Theory of Computation: Formal Languages, Automata, and Complexity. Benjamin/Cummings,

Redwood City, CA, 1989. Shows the relationships of the
theoretical aspects of computer science to set theory and the
integers.
[2]
Hardy, G. H. and Wright, E. M. An Introduction to the Theory of Numbers. 6th ed. Oxford University Press, New York,
2008.
[3]
Niven, I. and Zuckerman, H. S. An Introduction to the Theory

of Numbers. 5th ed. Wiley, New York, 1991.
[4]
Vanden Eynden, C. Elementary Number Theory. 2nd ed.

Waveland Press, Long Grove IL, 2001.
3
Groups
We begin our study of algebraic structures by investigating sets associated with single operations that satisfy certain reasonable axioms; that is, we want to define an operation on a set in a way that
will generalize such familiar structures as the integers Z together
with the single operation of addition, or invertible 2 2 matrices
together with the single operation of matrix multiplication. The
integers and the 22 matrices, together with their respective single
operations, are examples of algebraic structures known as groups.
The theory of groups occupies a central position in mathematics. Modern group theory arose from an attempt to find the roots
of a polynomial in terms of its coefficients. Groups now play a central role in such areas as coding theory, counting, and the study
of symmetries; many areas of biology, chemistry, and physics have
benefited from group theory.
3.1
Integer Equivalence Classes and Symmetries
Let us now investigate some mathematical structures that can be

viewed as sets with single operations.
The Integers mod n

The integers mod n have become indispensable in the theory and
applications of algebra. In mathematics they are used in cryptography, coding theory, and the detection of errors in identification
codes.
We have already seen that two integers a and b are equivalent
mod n if n divides a b. The integers mod n also partition Z
into n different equivalence classes; we will denote the set of these
equivalence classes by Zn . Consider the integers modulo 12 and
34
3.1. INTEGER EQUIVALENCE CLASSES AND SYMMETRIES35

the corresponding partition of the integers:
[0] = {. . . , 12, 0, 12, 24, . . .},
[1] = {. . . , 11, 1, 13, 25, . . .},
..
.
[11] = {. . . , 1, 11, 23, 35, . . .}.
When no confusion can arise, we will use 0, 1, . . . , 11 to indicate the
equivalence classes [0], [1], . . . , [11] respectively. We can do arithmetic on Zn . For two integers a and b, define addition modulo n to
be (a + b) (mod n); that is, the remainder when a + b is divided by
n. Similarly, multiplication modulo n is defined as (ab) (mod n),
the remainder when ab is divided by n.
Example 3.1. The following examples illustrate integer arithmetic
modulo n:
7 + 4 1 (mod 5)
7 3 1 (mod 5)
3 + 5 0 (mod 8)
3 5 7 (mod 8)
3 + 4 7 (mod 12)
3 4 0 (mod 12)
In particular, notice that it is possible that the product of two

nonzero numbers modulo n can be equivalent to 0 modulo n.
Example 3.2. Most, but not all, of the usual laws of arithmetic
hold for addition and multiplication in Zn . For instance, it is not
necessarily true that there is a multiplicative inverse. Consider the
multiplication table for Z8 in Table 3.3. Notice that 2, 4, and 6 do
not have multiplicative inverses; that is, for n = 2, 4, or 6, there is
no integer k such that kn 1 (mod 8).
0
1
2
3
4
5
6
7
0
0
0
0
0
0
0
0
0
1
0
1
2
3
4
5
6
7
2
0
2
4
6
0
2
4
6
3
0
3
6
1
4
7
2
5
4
0
4
0
4
0
4
0
4
5
0
5
2
7
4
1
6
3
6
0
6
4
2
0
6
4
2
7
0
7
6
5
4
3
2
1
Table 3.3: Multiplication table for Z8

Proposition 3.4. Let Zn be the set of equivalence classes of the
integers mod n and a, b, c Zn .
36
CHAPTER 3. GROUPS
1. Addition and multiplication are commutative:
a+bb+a
(mod n)
ab ba (mod n).
2. Addition and multiplication are associative:
(a + b) + c a + (b + c)
(mod n)
(ab)c a(bc) (mod n).

3. There are both additive and multiplicative identities:
a + 0 a (mod n)
a 1 a (mod n).
4. Multiplication distributes over addition:
a(b + c) ab + ac
(mod n).
5. For every integer a there is an additive inverse a:

a + (a) 0
(mod n).
6. Let a be a nonzero integer. Then gcd(a, n) = 1 if and only if

there exists a multiplicative inverse b for a (mod n); that is,
a nonzero integer b such that
ab 1 (mod n).
Proof. We will prove (1) and (6) and leave the remaining properties to be proven in the exercises.
(1) Addition and multiplication are commutative modulo n
since the remainder of a + b divided by n is the same as the remainder of b + a divided by n.
(6) Suppose that gcd(a, n) = 1. Then there exist integers r and
s such that ar + ns = 1. Since ns = 1 ar, it must be the case that
ar 1 (mod n). Letting b be the equivalence class of r, ab 1
(mod n).
Conversely, suppose that there exists an integer b such that
ab 1 (mod n). Then n divides ab 1, so there is an integer k
such that ab nk = 1. Let d = gcd(a, n). Since d divides ab nk,
d must also divide 1; hence, d = 1.
3.1. INTEGER EQUIVALENCE CLASSES AND SYMMETRIES37
Symmetries
horizontal axis
C
A
identity
180
rotation
reflection
vertical axis
reflection
Figure 3.5: Rigid motions of a rectangle
A symmetry of a geometric figure is a rearrangement of the figure

preserving the arrangement of its sides and vertices as well as its
distances and angles. A map from the plane to itself preserving
the symmetry of an object is called a rigid motion. For example,
if we look at the rectangle in Figure 3.5, it is easy to see that a
rotation of 180 or 360 returns a rectangle in the plane with the
same orientation as the original rectangle and the same relationship among the vertices. A reflection of the rectangle across either
the vertical axis or the horizontal axis can also be seen to be a
symmetry. However, a 90 rotation in either direction cannot be a
symmetry unless the rectangle is a square.
38
CHAPTER 3. GROUPS
B
)
(
A B C
id =
A B C
identity
A
C
A
rotation
A
1 =
(
2 =
B
B
2 =
A B C
C B A
reflection
A
)
(
A B C
1 =
A C B
reflection
A
A B C
C A B
reflection
A
rotation
A
A B C
B C A
3 =
A B C
B A C
Figure 3.6: Symmetries of a triangle

Let us find the symmetries of the equilateral triangle ABC.
To find a symmetry of ABC, we must first examine the permutations of the vertices A, B, and C and then ask if a permutation
extends to a symmetry of the triangle. Recall that a permutation of a set S is a one-to-one and onto map : S S. The three
vertices have 3! = 6 permutations, so the triangle has at most six
symmetries. To see that there are six permutations, observe there
are three different possibilities for the first vertex, and two for the
second, and the remaining vertex is determined by the placement
of the first two. So we have 3 2 1 = 3! = 6 different arrangements.
To denote the permutation of the vertices of an equilateral triangle
that sends A to B, B to C, and C to A, we write the array
(
)
A B C
.
B C A
Notice that this particular permutation corresponds to the rigid
motion of rotating the triangle by 120 in a clockwise direction. In
fact, every permutation gives rise to a symmetry of the triangle.
All of these symmetries are shown in Figure 3.6.
3.2. DEFINITIONS AND EXAMPLES
39
A natural question to ask is what happens if one motion of the

triangle ABC is followed by another. Which symmetry is 1 1 ;
that is, what happens when we do the permutation 1 and then the
permutation 1 ? Remember that we are composing functions here.
Although we usually multiply left to right, we compose functions
right to left. We have
(1 1 )(A) = 1 (1 (A)) = 1 (B) = C
(1 1 )(B) = 1 (1 (B)) = 1 (C) = B
(1 1 )(C) = 1 (1 (C)) = 1 (A) = A.
This is the same symmetry as 2 . Suppose we do these motions
in the opposite order, 1 then 1 . It is easy to determine that
this is the same as the symmetry 3 ; hence, 1 1 = 1 1 . A
multiplication table for the symmetries of an equilateral triangle
ABC is given in Table 3.7.
Notice that in the multiplication table for the symmetries of
an equilateral triangle, for every motion of the triangle there is
another motion such that = id; that is, for every motion
there is another motion that takes the triangle back to its original
orientation.
id 1 2
id id 1 2
1 1 2 id
2 2 id 1
1 1 2 3
2 2 3 1
3 3 1 2
1
1
3
2
id
2
1
2
2
1
3
1
id
2
3
3
2
1
2
1
id
Table 3.7: Symmetries of an equilateral triangle
3.2
Definitions and Examples
The integers mod n and the symmetries of a triangle or a rectangle

are examples of groups. A binary operation or law of composition on a set G is a function G G G that assigns to each
pair (a, b) G G a unique element a b, or ab in G, called the
composition of a and b. A group (G, ) is a set G together with a
law of composition (a, b) 7 a b that satisfies the following axioms.
The law of composition is associative. That is,
(a b) c = a (b c)
for a, b, c G.
40
CHAPTER 3. GROUPS
There exists an element e G, called the identity element,
such that for any element a G
e a = a e = a.
For each element a G, there exists an inverse element in
G, denoted by a1 , such that
a a1 = a1 a = e.
A group G with the property that a b = b a for all a, b G

is called abelian or commutative. Groups not satisfying this
property are said to be nonabelian or noncommutative.
Example 3.8. The integers Z = {. . . , 1, 0, 1, 2, . . .} form a group
under the operation of addition. The binary operation on two integers m, n Z is just their sum. Since the integers under addition
already have a well-established notation, we will use the operator
+ instead of ; that is, we shall write m + n instead of m n. The
identity is 0, and the inverse of n Z is written as n instead of
n1 . Notice that the set of integers under addition have the additional property that m + n = n + m and therefore form an abelian
group.
Most of the time we will write ab instead of a b; however, if
the group already has a natural operation such as addition in the
integers, we will use that operation. That is, if we are adding two
integers, we still write m + n, n for the inverse, and 0 for the
identity as usual. We also write m n instead of m + (n).
It is often convenient to describe a group in terms of an addition
or multiplication table. Such a table is called a Cayley table.
Example 3.9. The integers mod n form a group under addition
modulo n. Consider Z5 , consisting of the equivalence classes of
the integers 0, 1, 2, 3, and 4. We define the group operation on
Z5 by modular addition. We write the binary operation on the
group additively; that is, we write m + n. The element 0 is the
identity of the group and each element in Z5 has an inverse. For
instance, 2 + 3 = 3 + 2 = 0. Table 3.10 is a Cayley table for Z5 . By
Proposition 3.4, Zn = {0, 1, . . . , n 1} is a group under the binary
operation of addition mod n.
+
0
1
2
3
4
0
0
1
2
3
4
1
1
2
3
4
0
2
2
3
4
0
1
3
3
4
0
1
2
4
4
0
1
2
3
Table 3.10: Cayley table for (Z5 , +)
41
Example 3.11. Not every set with a binary operation is a group.

For example, if we let modular multiplication be the binary operation on Zn , then Zn fails to be a group. The element 1 acts as
a group identity since 1 k = k 1 = k for any k Zn ; however,
a multiplicative inverse for 0 does not exist since 0 k = k 0 = 0
for every k in Zn . Even if we consider the set Zn \ {0}, we still
may not have a group. For instance, let 2 Z6 . Then 2 has no
multiplicative inverse since
02=0
12=2
22=4
32=0
42=2
5 2 = 4.
By Proposition 3.4, every nonzero k does have an inverse in Zn if k

is relatively prime to n. Denote the set of all such nonzero elements
in Zn by U (n). Then U (n) is a group called the group of units
of Zn . Table 3.12 is a Cayley table for the group U (8).
1
3
5
7
1
1
3
5
7
3
3
1
7
5
5
5
7
1
3
7
7
5
3
1
Table 3.12: Multiplication table for U (8)

Example 3.13. The symmetries of an equilateral triangle described in Section 3.1 form a nonabelian group. As we observed,
it is not necessarily true that = for two symmetries and
. Using Table 3.7, which is a Cayley table for this group, we can
easily check that the symmetries of an equilateral triangle are indeed a group. We will denote this group by either S3 or D3 , for
reasons that will be explained later.
Example 3.14. We use M2 (R) to denote the set of all 2 2 matrices. Let GL2 (R) be the subset of M2 (R) consisting of invertible
matrices; that is, a matrix
(
)
a b
A=
c d
is in GL2 (R) if there exists a matrix A1 such that AA1 =
A1 A = I, where I is the 2 2 identity matrix. For A to have
an inverse is equivalent to requiring that the determinant of A be
nonzero; that is, det A = adbc = 0. The set of invertible matrices
42
CHAPTER 3. GROUPS
forms a group called the general linear group. The identity of

the group is the identity matrix
)
(
1 0
I=
.
0 1
The inverse of A GL2 (R) is
A1 =
1
ad bc
)
d b
.
c a
The product of two invertible matrices is again invertible. Matrix

multiplication is associative, satisfying the other group axiom. For
matrices it is not true in general that AB = BA; hence, GL2 (R) is
another example of a nonabelian group.
Example 3.15. Let
(
1
1=
0
(
0
J=
i
0
1
i
0
0
I=
1
(
i
K=
0
1
0
)
0
,
i
where i2 = 1. Then the relations I 2 = J 2 = K 2 = 1, IJ = K,

JK = I, KI = J, JI = K, KJ = I, and IK = J hold.
The set Q8 = {1, I, J, K} is a group called the quaternion
group. Notice that Q8 is noncommutative.
Example 3.16. Let C be the set of nonzero complex numbers.
Under the operation of multiplication C forms a group. The identity is 1. If z = a + bi is a nonzero complex number, then
z 1 =
a bi
a2 + b2
is the inverse of z. It is easy to see that the remaining group axioms

hold.
A group is finite, or has finite order, if it contains a finite
number of elements; otherwise, the group is said to be infinite or
to have infinite order. The order of a finite group is the number
of elements that it contains. If G is a group containing n elements,
we write |G| = n. The group Z5 is a finite group of order 5; the
integers Z form an infinite group under addition, and we sometimes
write |Z| = .
Basic Properties of Groups

Proposition 3.17. The identity element in a group G is unique;
that is, there exists only one element e G such that eg = ge = g
for all g G.
43
Proof. Suppose that e and e are both identities in G. Then

eg = ge = g and e g = ge = g for all g G. We need to show
that e = e . If we think of e as the identity, then ee = e ; but if
e is the identity, then ee = e. Combining these two equations, we
have e = ee = e .
Inverses in a group are also unique. If g and g are both
inverses of an element g in a group G, then gg = g g = e and
gg = g g = e. We want to show that g = g , but g = g e =
g (gg ) = (g g)g = eg = g . We summarize this fact in the
following proposition.
Proposition 3.18. If g is any element in a group G, then the
inverse of g, denoted by g 1 , is unique.
Proposition 3.19. Let G be a group. If a, b G, then (ab)1 =
b1 a1 .
Proof. Let a, b G. Then abb1 a1 = aea1 = aa1 = e.
Similarly, b1 a1 ab = e. But by the previous proposition, inverses
are unique; hence, (ab)1 = b1 a1 .
Proposition 3.20. Let G be a group. For any a G, (a1 )1 = a.
Proof. Observe that a1 (a1 )1 = e. Consequently, multiplying
both sides of this equation by a, we have
(a1 )1 = e(a1 )1 = aa1 (a1 )1 = ae = a.
It makes sense to write equations with group elements and

group operations. If a and b are two elements in a group G, does
there exist an element x G such that ax = b? If such an x does
exist, is it unique? The following proposition answers both of these
questions positively.
Proposition 3.21. Let G be a group and a and b be any two
elements in G. Then the equations ax = b and xa = b have unique
solutions in G.
Proof. Suppose that ax = b. We must show that such an x
exists. Multiplying both sides of ax = b by a1 , we have x = ex =
a1 ax = a1 b.
To show uniqueness, suppose that x1 and x2 are both solutions
of ax = b; then ax1 = b = ax2 . So x1 = a1 ax1 = a1 ax2 = x2 .
The proof for the existence and uniqueness of the solution of xa = b
is similar.
44
CHAPTER 3. GROUPS
Proposition 3.22. If G is a group and a, b, c G, then ba = ca

implies b = c and ab = ac implies b = c.
This proposition tells us that the right and left cancellation
laws are true in groups. We leave the proof as an exercise.
We can use exponential notation for groups just as we do in
ordinary algebra. If G is a group and g G, then we define g 0 = e.
For n N, we define
gn = g g g
| {z }
n times
and
g n = g 1 g 1 g 1 .
|
{z
}
n times
Theorem 3.23. In a group, the usual laws of exponents hold; that

is, for all g, h G,
1. g m g n = g m+n for all m, n Z;
2. (g m )n = g mn for all m, n Z;
3. (gh)n = (h1 g 1 )n for all n Z. Furthermore, if G is
abelian, then (gh)n = g n hn .
We will leave the proof of this theorem as an exercise. Notice
that (gh)n = g n hn in general, since the group may not be abelian.
If the group is Z or Zn , we write the group operation additively
and the exponential operation multiplicatively; that is, we write
ng instead of g n . The laws of exponents now become
1. mg + ng = (m + n)g for all m, n Z;
2. m(ng) = (mn)g for all m, n Z;
3. m(g + h) = mg + mh for all n Z.
It is important to realize that the last statement can be made
only because Z and Zn are commutative groups.
Historical Note
Although the first clear axiomatic definition of a group was not
given until the late 1800s, group-theoretic methods had been employed before this time in the development of many areas of mathematics, including geometry and the theory of algebraic equations.
Joseph-Louis Lagrange used group-theoretic methods in a 1770
1771 memoir to study methods of solving polynomial equations.
Later, variste Galois (18111832) succeeded in developing the
mathematics necessary to determine exactly which polynomial equations could be solved in terms of the polynomialscoefficients. Galois primary tool was group theory.
3.3. SUBGROUPS
45
The study of geometry was revolutionized in 1872 when Felix

Klein proposed that geometric spaces should be studied by examining those properties that are invariant under a transformation of
the space. Sophus Lie, a contemporary of Klein, used group theory to study solutions of partial differential equations. One of the
first modern treatments of group theory appeared in William Burnsides The Theory of Groups of Finite Order [1], first published in
1897.
3.3
Subgroups

Sometimes we wish to investigate smaller groups sitting inside a
larger group. The set of even integers 2Z = {. . . , 2, 0, 2, 4, . . .} is
a group under the operation of addition. This smaller group sits
naturally inside of the group of integers under addition. We define
a subgroup H of a group G to be a subset H of G such that when
the group operation of G is restricted to H, H is a group in its own
right. Observe that every group G with at least two elements will
always have at least two subgroups, the subgroup consisting of the
identity element alone and the entire group itself. The subgroup
H = {e} of a group G is called the trivial subgroup. A subgroup
that is a proper subset of G is called a proper subgroup. In many
of the examples that we have investigated up to this point, there
exist other subgroups besides the trivial and improper subgroups.
Example 3.24. Consider the set of nonzero real numbers, R ,
with the group operation of multiplication. The identity of this
group is 1 and the inverse of any element a R is just 1/a. We
will show that
Q = {p/q : p and q are nonzero integers}
is a subgroup of R . The identity of R is 1; however, 1 = 1/1 is
the quotient of two nonzero integers. Hence, the identity of R is
in Q . Given two elements in Q , say p/q and r/s, their product
pr/qs is also in Q . The inverse of any element p/q Q is again in
Q since (p/q)1 = q/p. Since multiplication in R is associative,
multiplication in Q is associative.
Example 3.25. Recall that C is the multiplicative group of nonzero
complex numbers. Let H = {1, 1, i, i}. Then H is a subgroup of
C . It is quite easy to verify that H is a group under multiplication
and that H C .
Example 3.26. Let SL2 (R) be the subset of GL2 (R)consisting of
matrices of determinant one; that is, a matrix
(
)
a b
A=
c d
46
CHAPTER 3. GROUPS
is in SL2 (R) exactly when ad bc = 1. To show that SL2 (R) is

a subgroup of the general linear group, we must show that it is a
group under matrix multiplication. The 2 2 identity matrix is in
SL2 (R), as is the inverse of the matrix A:
A
(
=
)
d b
.
c a
It remains to show that multiplication is closed; that is, that the

product of two matrices of determinant one also has determinant
one. We will leave this task as an exercise. The group SL2 (R) is
called the special linear group.
Example 3.27. It is important to realize that a subset H of a
group G can be a group without being a subgroup of G. For H to
be a subgroup of G it must inherit Gs binary operation. The set
of all 2 2 matrices, M2 (R), forms a group under the operation of
addition. The 2 2 general linear group is a subset of M2 (R) and
is a group under matrix multiplication, but it is not a subgroup of
M2 (R). If we add two invertible matrices, we do not necessarily
obtain another invertible matrix. Observe that
(
) (
) (
)
1 0
1 0
0 0
+
=
,
0 1
0 1
0 0
but the zero matrix is not in GL2 (R).
Example 3.28. One way of telling whether or not two groups are
the same is by examining their subgroups. Other than the trivial
subgroup and the group itself, the group Z4 has a single subgroup
consisting of the elements 0 and 2. From the group Z2 , we can
form another group of four elements as follows. As a set this group
is Z2 Z2 . We perform the group operation coordinatewise; that
is, (a, b) + (c, d) = (a + c, b + d). Table 3.29 is an addition table
for Z2 Z2 . Since there are three nontrivial proper subgroups
of Z2 Z2 , H1 = {(0, 0), (0, 1)}, H2 = {(0, 0), (1, 0)}, and H3 =
{(0, 0), (1, 1)}, Z4 and Z2 Z2 must be different groups.
+
(0, 0)
(0, 1)
(1, 0)
(1, 1)
(0, 0)
(0, 0)
(0, 1)
(1, 0)
(1, 1)
(0, 1)
(0, 1)
(0, 0)
(1, 1)
(1, 0)
(1, 0)
(1, 0)
(1, 1)
(0, 0)
(0, 1)
(1, 1)
(1, 1)
(1, 0)
(0, 1)
(0, 0)
Table 3.29: Addition table for Z2 Z2
3.3. SUBGROUPS
47
Some Subgroup Theorems

Let us examine some criteria for determining exactly when a subset
of a group is a subgroup.
Proposition 3.30. A subset H of G is a subgroup if and only if
it satisfies the following conditions.
1. The identity e of G is in H.
2. If h1 , h2 H, then h1 h2 H.
3. If h H, then h1 H.
Proof. First suppose that H is a subgroup of G. We must show
that the three conditions hold. Since H is a group, it must have
an identity eH . We must show that eH = e, where e is the identity
of G. We know that eH eH = eH and that eeH = eH e = eH ; hence,
eeH = eH eH . By right-hand cancellation, e = eH . The second
condition holds since a subgroup H is a group. To prove the third
condition, let h H. Since H is a group, there is an element
h H such that hh = h h = e. By the uniqueness of the inverse
in G, h = h1 .
Conversely, if the three conditions hold, we must show that H is
a group under the same operation as G; however, these conditions
plus the associativity of the binary operation are exactly the axioms
stated in the definition of a group.
Proposition 3.31. Let H be a subset of a group G. Then H is a
subgroup of G if and only if H = , and whenever g, h H then
gh1 is in H.
Proof. First assume that H is a subgroup of G. We wish to show

that gh1 H whenever g and h are in H. Since h is in H, its
inverse h1 must also be in H. Because of the closure of the group
operation, gh1 H.
Conversely, suppose that H G such that H = and gh1
H whenever g, h H. If g H, then gg 1 = e is in H. If g H,
then eg 1 = g 1 is also in H. Now let h1 , h2 H. We must show
1 = h h H.
that their product is also in H. However, h1 (h1
1 2
2 )
Hence, H is a subgroup of G.
Sage The first half of this text is about group theory. Sage includes Groups, Algorithms and Programming (GAP), a program
designed primarly for just group theory, and in continuous development since 1986. Many of Sages computations for groups
ultimately are performed by GAP.
48
3.4
CHAPTER 3. GROUPS
Exercises
1. Find all x Z satisfying each of the following equations.

(a) 3x 2 (mod 7)
(d) 9x 3 (mod 5)
(b) 5x + 1 13 (mod 23)
(e) 5x 1 (mod 6)
(c) 5x + 1 13 (mod 26)
(f) 3x 1 (mod 6)
2. Which of the following multiplication tables defined on the set

G = {a, b, c, d} form a group? Support your answer in each case.
(a)
(c)
a
b
c
d
a
a
b
c
d
b
c
b
d
a
c
d
c
a
b
d
a
d
b
c
(b)
a
b
c
d
a
a
b
c
d
b
b
c
d
a
c
c
d
a
b
d
d
a
b
c
a
b
c
d
a
a
b
c
d
b
b
a
b
d
c
c
c
a
b
d
d
d
d
c
(d)
a
b
c
d
a
a
b
c
d
b
b
a
d
c
c
c
d
a
b
d
d
c
b
a
3. Write out Cayley tables for groups formed by the symmetries of

a rectangle and for (Z4 , +). How many elements are in each group?
Are the groups the same? Why or why not?
4. Describe the symmetries of a rhombus and prove that the set
of symmetries forms a group. Give Cayley tables for both the
symmetries of a rectangle and the symmetries of a rhombus. Are
the symmetries of a rectangle and those of a rhombus the same?
5. Describe the symmetries of a square and prove that the set of
symmetries is a group. Give a Cayley table for the symmetries.
How many ways can the vertices of a square be permuted? Is each
permutation necessarily a symmetry of the square? The symmetry
group of the square is denoted by D4 .
6. Give a multiplication table for the group U (12).
7. Let S = R \ {1} and define a binary operation on S by a b =
a + b + ab. Prove that (S, ) is an abelian group.
3.4. EXERCISES
49
8. Give an example of two elements A and B in GL2 (R) with

AB = BA.
9. Prove that the product of two matrices in SL2 (R) has determinant one.
10. Prove that the set of matrices
1 x
0 1
0 0
of the form
y
z
1
is a group under matrix multiplication. This group, known as

the Heisenberg group, is important in quantum physics. Matrix
multiplication in the Heisenberg group is defined by
1 x y
1 x y
1 x + x y + y + xz
0 1 z 0 1 z = 0
1
z + z .
0 0 1
0
0
1
0 0 1
11. Prove that det(AB) = det(A) det(B) in GL2 (R). Use this
result to show that the binary operation in the group GL2 (R) is
closed; that is, if A and B are in GL2 (R), then AB GL2 (R).
12. Let Zn2 = {(a1 , a2 , . . . , an ) : ai Z2 }. Define a binary operation on Zn2 by
(a1 , a2 , . . . , an ) + (b1 , b2 , . . . , bn ) = (a1 + b1 , a2 + b2 , . . . , an + bn ).
Prove that Zn2 is a group under this operation. This group is important in algebraic coding theory.
13. Show that R = R \ {0} is a group under the operation of
multiplication.
14. Given the groups R and Z, let G = R Z. Define a binary
operation on G by (a, m) (b, n) = (ab, m + n). Show that G is
a group under this operation.
15. Prove or disprove that every group containing six elements is
abelian.
16. Give a specific example of some group G and elements g, h G
where (gh)n = g n hn .
17. Give an example of three different groups with eight elements.
Why are the groups different?
18. Show that there are n! permutations of a set containing n
items.
50
CHAPTER 3. GROUPS
19. Show that

0+aa+0a
(mod n)
for all a Zn .
20. Prove that there is a multiplicative identity for the integers
modulo n:
a 1 a (mod n).
21. For each a Zn find an element b Zn such that
a+bb+a0
(mod n).
22. Show that addition and multiplication mod n are well defined
operations. That is, show that the operations do not depend on
the choice of the representative from the equivalence classes mod
n.
23. Show that addition and multiplication mod n are associative
operations.
24. Show that multiplication distributes over addition modulo n:
a(b + c) ab + ac (mod n).
25. Let a and b be elements in a group G. Prove that abn a1 =
(aba1 )n for n Z.
26. Let U (n) be the group of units in Zn . If n > 2, prove that
there is an element k U (n) such that k 2 = 1 and k = 1.
1
27. Prove that the inverse of g1 g2 gn is gn1 gn1
g11 .
28. Prove the remainder of Proposition 3.21: if G is a group and

a, b G, then the equation xa = b has a unique solution in G.
29. Prove Theorem 3.23.
30. Prove the right and left cancellation laws for a group G; that
is, show that in the group G, ba = ca implies b = c and ab = ac
implies b = c for elements a, b, c G.
31. Show that if a2 = e for all elements a in a group G, then G
must be abelian.
32. Show that if G is a finite group of even order, then there is an
a G such that a is not the identity and a2 = e.
3.4. EXERCISES
51
33. Let G be a group and suppose that (ab)2 = a2 b2 for all a and
b in G. Prove that G is an abelian group.
34. Find all the subgroups of Z3 Z3 . Use this information to
show that Z3 Z3 is not the same group as Z9 . (See Example 3.28
for a short description of the product of groups.)
35. Find all the subgroups of the symmetry group of an equilateral
triangle.
36. Compute the subgroups of the symmetry group of a square.
37. Let H = {2k : k Z}. Show that H is a subgroup of Q .
38. Let n = 0, 1, 2, . . . and nZ = {nk : k Z}. Prove that nZ is a
subgroup of Z. Show that these subgroups are the only subgroups
of Z.
39. Let T = {z C : |z| = 1}. Prove that T is a subgroup of C .
40.
(
)
cos sin
sin cos
where R. Prove that G is a subgroup of SL2 (R).

41. Prove that
G = {a + b 2 : a, b Q and a and b are not both zero}

is a subgroup of R under the group operation of multiplication.
42. Let G be the group of 2 2 matrices under addition and
{(
)
}
a b
H=
:a+d=0 .
c d
Prove that H is a subgroup of G.
43. Prove or disprove: SL2 (Z), the set of 2 2 matrices with
integer entries and determinant one, is a subgroup of SL2 (R).
44. List the subgroups of the quaternion group, Q8 .
45. Prove that the intersection of two subgroups of a group G is
also a subgroup of G.
46. Prove or disprove: If H and K are subgroups of a group G,
then H K is a subgroup of G.
52
CHAPTER 3. GROUPS
47. Prove or disprove: If H and K are subgroups of a group G,

then HK = {hk : h H and k K} is a subgroup of G. What if
G is abelian?
48. Let G be a group and g G. Show that
Z(G) = {x G : gx = xg for all g G}
is a subgroup of G. This subgroup is called the center of G.
49. Let a and b be elements of a group G. If a4 b = ba and a3 = e,
prove that ab = ba.
50. Give an example of an infinite group in which every nontrivial
subgroup is infinite.
51. If xy = x1 y 1 for all x and y in G, prove that G must be
abelian.
52. Prove or disprove: Every proper subgroup of an nonabelian
group is nonabelian.
53. Let H be a subgroup of G and
C(H) = {g G : gh = hg for all h H}.
Prove C(H) is a subgroup of G. This subgroup is called the centralizer of H in G.
54. Let H be a subgroup of G. If g G, show that gHg 1 =
{g 1 hg : h H} is also a subgroup of G.
3.5
Additional Exercises: Detecting Errors
1. (UPC Symbols) Universal Product Code (UPC) symbols are

found on most products in grocery and retail stores. The UPC
symbol is a 12-digit code identifying the manufacturer of a product
and the product itself (Figure 3.32). The first 11 digits contain
information about the product; the twelfth digit is used for error
detection. If d1 d2 d12 is a valid UPC number, then
3 d1 + 1 d2 + 3 d3 + + 3 d11 + 1 d12 0 (mod 10).
(a) Show that the UPC number 0-50000-30042-6, which appears
in Figure 3.32, is a valid UPC number.
(b) Show that the number 0-50000-30043-6 is not a valid UPC
number.
3.5. ADDITIONAL EXERCISES: DETECTING ERRORS
53
(c) Write a formula to calculate the check digit, d12 , in the UPC
number.
(d) The UPC error detection scheme can detect most transposition errors; that is, it can determine if two digits have been interchanged. Show that the transposition error 0-05000-300426 is not detected. Find a transposition error that is detected.
Can you find a general rule for the types of transposition errors that can be detected?
(e) Write a program that will determine whether or not a UPC
number is valid.
Figure 3.32: A UPC code
2. It is often useful to use an inner product notation for this type

of error detection scheme; hence, we will use the notion
(d1 , d2 , . . . , dk ) (w1 , w2 , . . . , wk ) 0
(mod n)
to mean
d1 w1 + d2 w2 + + dk wk 0 (mod n).
Suppose that (d1 , d2 , . . . , dk )(w1 , w2 , . . . , wk ) 0 (mod n) is an error detection scheme for the k-digit identification number d1 d2 dk ,
where 0 di < n. Prove that all single-digit errors are detected if
and only if gcd(wi , n) = 1 for 1 i k.
3. Let (d1 , d2 , . . . , dk ) (w1 , w2 , . . . , wk ) 0 (mod n) be an error
detection scheme for the k-digit identification number d1 d2 dk ,
where 0 di < n. Prove that all transposition errors of two digits
di and dj are detected if and only if gcd(wi wj , n) = 1 for i and
j between 1 and k.
4. ISBN CodesEvery book has an International Standard Book
Number (ISBN) code. This is a 10-digit code indicating the books
publisher and title. The tenth digit is a check digit satisfying
(d1 , d2 , . . . , d10 ) (10, 9, . . . , 1) 0
(mod 11).
One problem is that d10 might have to be a 10 to make the inner

product zero; in this case, 11 digits would be needed to make this
54
CHAPTER 3. GROUPS
scheme work. Therefore, the character X is used for the eleventh

digit. So ISBN 3-540-96035-X is a valid ISBN code.
(a) Is ISBN 0-534-91500-0 a valid ISBN code? What about ISBN
0-534-91700-0 and ISBN 0-534-19500-0?
(b) Does this method detect all single-digit errors? What about
all transposition errors?
(c) How many different ISBN codes are there?
(d) Write a computer program that will calculate the check digit
for the first nine digits of an ISBN code.
(e) A publisher has houses in Germany and the United States.
Its German prefix is 3-540. If its United States prefix will be
0-abc, find abc such that the rest of the ISBN code will be the
same for a book printed in Germany and in the United States.
Under the ISBN coding method the first digit identifies the
language; German is 3 and English is 0. The next group of
numbers identifies the publisher, and the last group identifies
the specific book.
3.6
[1]
Burnside, W. Theory of Groups of Finite Order. 2nd ed.

Cambridge University Press, Cambridge, 1911; Dover, New
York, 1953. A classic. Also available at books.google.com.
[2]
Gallian, J. A. and Winters, S. Modular Arithmetic in the

Marketplace, The American Mathematical Monthly 95 (1988):
54851.
[3]
Gallian, J. A. Contemporary Abstract Algebra. 7th ed. Brooks/Cole, Belmont, CA, 2009.
[4]
Hall, M. Theory of Groups. 2nd ed. American Mathematical

Society, Providence, 1959.
[5]
Kurosh, A. E. The Theory of Groups, vols. I and II. American

Mathematical Society, Providence, 1979.
[6]
Rotman, J. J. An Introduction to the Theory of Groups. 4th

ed. Springer, New York, 1995.
4
Cyclic Groups
The groups Z and Zn , which are among the most familiar and
easily understood groups, are both examples of what are called
cyclic groups. In this chapter we will study the properties of cyclic
groups and cyclic subgroups, which play a fundamental part in the
classification of all abelian groups.
4.1
Cyclic Subgroups
Often a subgroup will depend entirely on a single element of the

group; that is, knowing that particular element will allow us to
compute any other element in the subgroup.
Example 4.1. Suppose that we consider 3 Z and look at all
multiples (both positive and negative) of 3. As a set, this is
3Z = {. . . , 3, 0, 3, 6, . . .}.
It is easy to see that 3Z is a subgroup of the integers. This subgroup
is completely determined by the element 3 since we can obtain all
of the other elements of the group by taking multiples of 3. Every
element in the subgroup is generated by 3.
Example 4.2. If H = {2n : n Z}, then H is a subgroup of the
multiplicative group of nonzero rational numbers, Q . If a = 2m
and b = 2n are in H, then ab1 = 2m 2n = 2mn is also in H. By
Proposition 3.31, H is a subgroup of Q determined by the element
2.
Theorem 4.3. Let G be a group and a be any element in G. Then
the set
a = {ak : k Z}
is a subgroup of G. Furthermore, a is the smallest subgroup of G
that contains a.
55
56
CHAPTER 4. CYCLIC GROUPS
Proof. The identity is in a since a0 = e. If g and h are any two

elements in a, then by the definition of a we can write g = am
and h = an for some integers m and n. So gh = am an = am+n is
again in a. Finally, if g = an in a, then the inverse g 1 = an is
also in a. Clearly, any subgroup H of G containing a must contain
all the powers of a by closure; hence, H contains a. Therefore,
a is the smallest subgroup of G containing a.
Remark 4.4. If we are using the + notation, as in the case of

the integers under addition, we write a = {na : n Z}.
For a G, we call a the cyclic subgroup generated by a. If
G contains some element a such that G = a, then G is a cyclic
group. In this case a is a generator of G. If a is an element
of a group G, we define the order of a to be the smallest positive
integer n such that an = e, and we write |a| = n. If there is no such
integer n, we say that the order of a is infinite and write |a| =
to denote the order of a.
Example 4.5. Notice that a cyclic group can have more than a
single generator. Both 1 and 5 generate Z6 ; hence, Z6 is a cyclic
group. Not every element in a cyclic group is necessarily a generator of the group. The order of 2 Z6 is 3. The cyclic subgroup
generated by 2 is 2 = {0, 2, 4}.
The groups Z and Zn are cyclic groups. The elements 1 and 1
are generators for Z. We can certainly generate Zn with 1 although
there may be other generators of Zn , as in the case of Z6 .
Example 4.6. The group of units, U (9), in Z9 is a cyclic group.
As a set, U (9) is {1, 2, 4, 5, 7, 8}. The element 2 is a generator for
U (9) since
21 = 2
22 = 4
23 = 8
24 = 7
25 = 5
26 = 1.
Example 4.7. Not every group is a cyclic group. Consider the

symmetry group of an equilateral triangle S3 . The multiplication
table for this group is Table 3.7. The subgroups of S3 are shown
in Figure 4.8. Notice that every subgroup is cyclic; however, no
single element generates the entire group.
4.1. CYCLIC SUBGROUPS
57
S3
{id, 1 , 2 }
{id, 1 }
{id, 2 }
{id, 3 }
{id}
Figure 4.8: Subgroups of S3
Theorem 4.9. Every cyclic group is abelian.
Proof. Let G be a cyclic group and a G be a generator for G.
If g and h are in G, then they can be written as powers of a, say
g = ar and h = as . Since
gh = ar as = ar+s = as+r = as ar = hg,
G is abelian.
Subgroups of Cyclic Groups

We can ask some interesting questions about cyclic subgroups of
a group and subgroups of a cyclic group. If G is a group, which
subgroups of G are cyclic? If G is a cyclic group, what type of
subgroups does G possess?
Theorem 4.10. Every subgroup of a cyclic group is cyclic.
Proof. The main tools used in this proof are the division algorithm and the Principle of Well-Ordering. Let G be a cyclic group
generated by a and suppose that H is a subgroup of G. If H = {e},
then trivially H is cyclic. Suppose that H contains some other element g distinct from the identity. Then g can be written as an
for some integer n. We can assume that n > 0. Let m be the
smallest natural number such that am H. Such an m exists by
the Principle of Well-Ordering.
We claim that h = am is a generator for H. We must show
that every h H can be written as a power of h. Since h H
and H is a subgroup of G, h = ak for some positive integer k.
Using the division algorithm, we can find numbers q and r such
that k = mq + r where 0 r < m; hence,
ak = amq+r = (am )q ar = hq ar .
So ar = ak hq . Since ak and hq are in H, ar must also be in H.
However, m was the smallest positive number such that am was in
H; consequently, r = 0 and so k = mq. Therefore,
h = ak = amq = hq
58
and H is generated by h.
Corollary 4.11. The subgroups of Z are exactly nZ for n =
0, 1, 2, . . ..
Proposition 4.12. Let G be a cyclic group of order n and suppose
that a is a generator for G. Then ak = e if and only if n divides k.
Proof. First suppose that ak = e. By the division algorithm,

k = nq + r where 0 r < n; hence,
e = ak = anq+r = anq ar = ear = ar .
Since the smallest positive integer m such that am = e is n, r = 0.
Conversely, if n divides k, then k = ns for some integer s.
Consequently,
ak = ans = (an )s = es = e.
Theorem 4.13. Let G be a cyclic group of order n and suppose

that a G is a generator of the group. If b = ak , then the order of
b is n/d, where d = gcd(k, n).
Proof. We wish to find the smallest integer m such that e = bm =

akm . By Proposition 4.12, this is the smallest integer m such that
n divides km or, equivalently, n/d divides m(k/d). Since d is the
greatest common divisor of n and k, n/d and k/d are relatively
prime. Hence, for n/d to divide m(k/d) it must divide m. The
smallest such m is n/d.
Corollary 4.14. The generators of Zn are the integers r such that
1 r < n and gcd(r, n) = 1.
Example 4.15. Let us examine the group Z16 . The numbers 1,
3, 5, 7, 9, 11, 13, and 15 are the elements of Z16 that are relatively
prime to 16. Each of these elements generates Z16 . For example,
19=9
29=2
3 9 = 11
49=4
5 9 = 13
69=6
7 9 = 15
89=8
99=1
10 9 = 10
11 9 = 3
12 9 = 12
13 9 = 5
14 9 = 14
15 9 = 7.
4.2. MULTIPLICATIVE GROUP OF COMPLEX NUMBERS59
4.2
Multiplicative Group of Complex Numbers
The complex numbers are defined as

C = {a + bi : a, b R},
where i2 = 1. If z = a + bi, then a is the real part of z and b is
the imaginary part of z.
To add two complex numbers z = a + bi and w = c + di, we
just add the corresponding real and imaginary parts:
z + w = (a + bi) + (c + di) = (a + c) + (b + d)i.
Remembering that i2 = 1, we multiply complex numbers just like
polynomials. The product of z and w is
(a + bi)(c + di) = ac + bdi2 + adi + bci = (ac bd) + (ad + bc)i.
Every nonzero complex number z = a + bi has a multiplicative
inverse; that is, there exists a z 1 C such that zz 1 = z 1 z = 1.
If z = a + bi, then
z 1 =
a bi
.
a2 + b2
The complex conjugate of a complex number z = a+bi is defined

z = a bi. The absolute value or modulus of z = a + bi is
to be
|z| = a2 + b2 .
Example 4.16. Let z = 2 + 3i and w = 1 2i. Then
z + w = (2 + 3i) + (1 2i) = 3 + i
and
zw = (2 + 3i)(1 2i) = 8 i.
Also,
2
3
i
13 13
|z| = 13
z 1 =
z = 2 3i.
60

y
z1 = 2 + 3i
z3 = 3 + 2i
x
0
z2 = 1 2i
Figure 4.17: Rectangular coordinates of a complex number

There are several ways of graphically representing complex numbers. We can represent a complex number z = a + bi as an ordered
pair on the xy plane where a is the x (or real) coordinate and b
is the y (or imaginary) coordinate. This is called the rectangular
or Cartesian representation. The rectangular representations of
z1 = 2+3i, z2 = 12i, and z3 = 3+2i are depicted in Figure 4.17.
y
a + bi
r
Figure 4.18: Polar coordinates of a complex number

Nonzero complex numbers can also be represented using polar
coordinates. To specify any nonzero point on the plane, it suffices
to give an angle from the positive x axis in the counterclockwise
direction and a distance r from the origin, as in Figure 4.18. We
can see that
z = a + bi = r(cos + i sin ).
Hence,
r = |z| =
a2 + b2
and
a = r cos
b = r sin .
4.2. MULTIPLICATIVE GROUP OF COMPLEX NUMBERS61

We sometimes abbreviate r(cos + i sin ) as r cis . To assure
that the representation of z is well-defined, we also require that
0 < 360 . If the measurement is in radians, then 0 < 2.
Example 4.19. Suppose that z = 2 cis 60 . Then
a = 2 cos 60 = 1
and
b = 2 sin 60 =
3.
Hence, the rectangular representation is z = 1 + 3 i.

Conversely, if we are given a rectangular representation of a
complex number, it is
often useful
to know the numbers polar
representation. If z = 3 2 3 2 i, then
r = a2 + b2 = 36 = 6
( )
b
= arctan
= arctan(1) = 315 ,
a
and
so 3 2 3 2 i = 6 cis 315 .
The polar representation of a complex number makes it easy to

find products and powers of complex numbers. The proof of the
following proposition is straightforward and is left as an exercise.
Proposition 4.20. Let z = r cis and w = s cis be two nonzero
complex numbers. Then
zw = rs cis( + ).
Example 4.21. If z = 3 cis(/3) and w = 2 cis(/6), then zw =
6 cis(/2) = 6i.
Theorem 4.22 (DeMoivre). Let z = r cis be a nonzero complex
number. Then
[r cis ]n = rn cis(n)
for n = 1, 2, . . ..
Proof. We will use induction on n. For n = 1 the theorem is
trivial. Assume that the theorem is true for all k such that 1
k n. Then
z n+1 = z n z
= rn (cos n + i sin n)r(cos + i sin )
= rn+1 [(cos n cos sin n sin ) + i(sin n cos + cos n sin )]
= rn+1 [cos(n + ) + i sin(n + )]
= rn+1 [cos(n + 1) + i sin(n + 1)].
62
Example 4.23. Suppose that z = 1 + i and we wish to compute

z 10 . Rather than computing (1 + i)10 directly, it is much easier
to switch to polar coordinates and calculate z 10 using DeMoivres
Theorem:
z 10 = (1 + i)10
(
( ))10
=
2 cis
4( )
10
5
= ( 2 ) cis
2
( )
= 32 cis
2
= 32i.
The Circle Group and the Roots of Unity

The multiplicative group of the complex numbers, C , possesses
some interesting subgroups. Whereas Q and R have no interesting subgroups of finite order, C has many. We first consider the
circle group,
T = {z C : |z| = 1}.
The following proposition is a direct result of Proposition 4.20.
Proposition 4.24. The circle group is a subgroup of C .
Although the circle group has infinite order, it has many interesting finite subgroups. Suppose that H = {1, 1, i, i}. Then
H is a subgroup of the circle group. Also, 1, 1, i, and i are
exactly those complex numbers that satisfy the equation z 4 = 1.
The complex numbers satisfying the equation z n = 1 are called the
nth roots of unity.
Theorem 4.25. If z n = 1, then the nth roots of unity are
(
)
2k
z = cis
,
n
where k = 0, 1, . . . , n 1. Furthermore, the nth roots of unity form
a cyclic subgroup of T of order n
Proof. By DeMoivres Theorem,
)
(
2k
= cis(2k) = 1.
z n = cis n
n
The zs are distinct since the numbers 2k/n are all distinct and
are greater than or equal to 0 but less than 2. The fact that
these are all of the roots of the equation z n = 1 follows from from
Corollary 17.9, which states that a polynomial of degree n can have
at most n roots. We will leave the proof that the nth roots of unity
form a cyclic subgroup of T as an exercise.
4.3. THE METHOD OF REPEATED SQUARES
63
A generator for the group of the nth roots of unity is called a

primitive nth root of unity.
Example 4.26. The 8th roots of unity can be represented as eight
equally spaced points on the unit circle (Figure 4.27). The primitive 8th roots of unity are
2
2
=
+
i
2
2
2
2
3 =
+
i
2
2
2
2
5 =
i
2 2
2
2
i.
7 =
2
2
y
i
3
1
0
5
7
i
Figure 4.27: 8th roots of unity
4.3
The Method of Repeated Squares1
Computing large powers can be very time-consuming. Just as anyone can compute 22 or 28 , everyone knows how to compute
22
1000000
However, such numbers are so large that we do not want to attempt

the calculations; moreover, past a certain point the computations
would not be feasible even if we had every computer in the world
at our disposal. Even writing down the decimal representation of a
very large number may not be reasonable. It could be thousands or
even millions of digits long. However, if we could compute something like 237398332 (mod 46389), we could very easily write the
result down since it would be a number between 0 and 46,388. If
we want to compute powers modulo n quickly and efficiently, we
will have to be clever.
1
The results in this section are needed only in Chapter 7
64
The first thing to notice is that any number a can be written

as the sum of distinct powers of 2; that is, we can write
a = 2k1 + 2k2 + + 2kn ,
where k1 < k2 < < kn . This is just the binary representation
of a. For example, the binary representation of 57 is 111001, since
we can write 57 = 20 + 23 + 24 + 25 .
The laws of exponents still work in Zn ; that is, if b ax
(mod n) and c ay (mod n), then bc ax+y (mod n). We can
k
compute a2 (mod n) in k multiplications by computing
0
a2
a
(mod n)
21
a2
(mod n)
..
.
(mod n).
Each step involves squaring the answer obtained in the previous

step, dividing by n, and taking the remainder.
Example 4.28. We will compute 271321 (mod 481). Notice that
321 = 20 + 26 + 28 ;
hence, computing 271321 (mod 481) is the same as computing
2712
0 +26 +28
2712 2712 2712
(mod 481).
So it will suffice to compute 2712 (mod 481) where i = 0, 6, 8. It

is very easy to see that
1
2712 = 73,441 329
(mod 481).
2
We can square this result to obtain a value for 2712 (mod 481):
2
2712 (2712 )2
(329)
108,241
16
(mod 481)
(mod 481)
(mod 481)
(mod 481).
n
We are using the fact that (a2 )2 a22 a2

tinuing, we can calculate
6
2712 419
(mod 481)
and
8
2712 16 (mod 481).
n+1
(mod n). Con-
4.4. EXERCISES
65
Therefore,
0 +26 +28
271321 2712
20
271
26
271
(mod 481)
8
2712
(mod 481)
271 419 16 (mod 481)

1,816,784 (mod 481)
47 (mod 481).
The method of repeated squares will prove to be a very useful
tool when we explore RSA cryptography in Chapter 7. To encode
and decode messages in a reasonable manner under this scheme, it
is necessary to be able to quickly compute large powers of integers
mod n.
Sage Sage support for cyclic groups is a little spotty but we
can still make effective use of Sage and perhaps this situation could
change soon.
4.4 Exercises
1. Prove or disprove each of the following statements.
(a) All of the generators of Z60 are prime.
(b) U (8) is cyclic.
(c) Q is cyclic.
(d) If every proper subgroup of a group G is cyclic, then G is a
cyclic group.
(e) A group with a finite number of subgroups is finite.
2. Find the order of each of the following elements.
(a) 5 Z12
(b) 3 R
(c) 3 R
(d) i C
(e) 72 in Z240
(f) 312 in Z471
3. List all of the elements in each of the following subgroups.

(a) The subgroup of Z generated by 7
(b) The subgroup of Z24 generated by 15
(c) All subgroups of Z12
(d) All subgroups of Z60
(e) All subgroups of Z13
(f) All subgroups of Z48
66
(g)
(h)
(i)
(j)
(k)
(l)
(m)

The
The
The
The
The
The
The
subgroup
subgroup
subgroup
subgroup
subgroup
subgroup
subgroup
generated by 3 in U (20)
generated by 5 in U (18)
of R generated by 7
of C generated by i where i2 = 1
of C generated by 2i
of C generated by (1 + i)/ 2
of C generated by (1 + 3 i)/2
4. Find the subgroups of GL2 (R) generated by each of the following matrices.
(
)
(
)
(
)
0 1
1 1
1 1
(a)
(c)
(e)
1 0
1 0
1 0
(
)
(
)
(
)
0 1/3
1 1
3/2 1/2
(b)
(d)
(f)
3 0
0 1
1/2
3/2
5. Find the order of every element in Z18 .
6. Find the order of every element in the symmetry group of the
square, D4 .
7. What are all of the cyclic subgroups of the quaternion group,
Q8 ?
8. List all of the cyclic subgroups of U (30).
9. List every generator of each subgroup of order 8 in Z32 .
10. Find all elements of finite order in each of the following groups.
Here the indicates the set with zero removed.
(b) Q
(a) Z
(c) R
11. If a24 = e in a group G, what are the possible orders of a?

12. Find a cyclic group with exactly one generator. Can you find
cyclic groups with exactly two generators? Four generators? How
about n generators?
13. For n 20, which groups U (n) are cyclic? Make a conjecture
as to what is true in general. Can you prove your conjecture?
14. Let
(
A=
)
0 1
1 0
and
(
)
0 1
B
1 1
be elements in GL2 (R). Show that A and B have finite orders but
AB does not.
4.4. EXERCISES
67
15. Evaluate each of the following.

(a) (3 2i) + (5i 6)
(d) (9 i)(9 i)
(b) (4 5i) (4i 4)
(e) i45
(c) (5 4i)(7 + 2i)
(f) (1 + i) + (1 + i)
16. Convert the following complex numbers to the form a + bi.

(a) 2 cis(/6)
(c) 3 cis()
(b) 5 cis(9/4)
(d) cis(7/4)/2
17. Change the following complex numbers to polar representation.

(a) 1 i
(e) 3i
(c) 2 + 2i
(d) 3 + i
(b) 5
(f) 2i + 2 3
18. Calculate each of the following expressions.

(a)
(b)
(c)
(d)
(1 + i)1
(1 i)6
( 3 + i)5
(i)10
(e) ((1 i)/2)4
(f) ( 2 2 i)12
(g) (2 + 2i)5
19. Prove each of the following statements.

(a) |z| = |z|
(d) |z + w| |z| + |w|
(b) zz = |z|2
(e) |z w| ||z| |w||
(c)
z 1
z/|z|2
(f) |zw| = |z||w|
20. List and graph the 6th roots of unity. What are the generators
of this group? What are the primitive 6th roots of unity?
21. List and graph the 5th roots of unity. What are the generators
of this group? What are the primitive 5th roots of unity?
22. Calculate each of the following.
(a) 2923171 (mod 582)
(c) 20719521 (mod 4724)
(b) 2557341 (mod 5681)
(d) 971321 (mod 765)
68
23. Let a, b G. Prove the following statements.

(a) The order of a is the same as the order of a1 .
(b) For all g G, |a| = |g 1 ag|.
(c) The order of ab is the same as the order of ba.
24. Let p and q be distinct primes. How many generators does Zpq
have?
25. Let p be prime and r be a positive integer. How many generators does Zpr have?
26. Prove that Zp has no nontrivial subgroups if p is prime.
27. If g and h have orders 15 and 16 respectively in a group G,
what is the order of g h?
28. Let a be an element in a group G. What is a generator for the
subgroup am an ?
29. Prove that Zn has an even number of generators for n > 2.
30. Suppose that G is a group and let a, b G. Prove that if
|a| = m and |b| = n with gcd(m, n) = 1, then a b = {e}.
31. Let G be an abelian group. Show that the elements of finite
order in G form a subgroup. This subgroup is called the torsion
subgroup of G.
32. Let G be a finite cyclic group of order n generated by x. Show
that if y = xk where gcd(k, n) = 1, then y must be a generator of
G.
33. If G is an abelian group that contains a pair of cyclic subgroups
of order 2, show that G must contain a subgroup of order 4. Does
this subgroup have to be cyclic?
34. Let G be an abelian group of order pq where gcd(p, q) = 1.
If G contains elements a and b of order p and q respectively, then
show that G is cyclic.
35. Prove that the subgroups of Z are exactly nZ for n = 0, 1, 2, . . ..
36. Prove that the generators of Zn are the integers r such that
1 r < n and gcd(r, n) = 1.
37. Prove that if G has no proper nontrivial subgroups, then G is
a cyclic group.
4.5. PROGRAMMING EXERCISES
69
38. Prove that the order of an element in a cyclic group G must

divide the order of the group.
39. Prove that if G is a cyclic group of order m and d | m, then G
must have a subgroup of order d.
40. For what integers n is 1 an nth root of unity?
41. If z = r(cos + i sin ) and w = s(cos + i sin ) are two
nonzero complex numbers, show that
zw = rs[cos( + ) + i sin( + )].
42. Prove that the circle group is a subgroup of C .
43. Prove that the nth roots of unity form a cyclic subgroup of T
of order n.
44. Let T. Prove that m = 1 and n = 1 if and only if
d = 1 for d = gcd(m, n).
45. Let z C . If |z| =
1, prove that the order of z is infinite.
46. Let z = cos + i sin be in T where Q. Prove that the
order of z is infinite.
4.5
1. Write a computer program that will write any decimal number

as the sum of distinct powers of 2. What is the largest integer that
yourprogram will handle?
2. Write a computer program to calculate ax (mod n) by the method
of repeated squares. What are the largest values of n and x that
your program will accept?
4.6
[1]
Koblitz, N. A Course in Number Theory and Cryptography.

2nd ed. Springer, New York, 1994.
[2]
Pomerance, C. Cryptology and Computational Number Theory

An Introduction, in Cryptology and Computational Number
70

Theory, Pomerance, C., ed. Proceedings of Symposia in Applied Mathematics, vol. 42, American Mathematical Society,
Providence, RI, 1990. Thisbook gives an excellent account of
how the method of repeated squares is used in cryptography.
5
Permutation Groups
Permutation groups are central to the study of geometric symmetries and to Galois theory, the study of finding solutions of
polynomial equations. They also provide abundant examples of
nonabelian groups.
Let us recall for a moment the symmetries of the equilateral
triangle ABC from Chapter 3. The symmetries actually consist
of permutations of the three vertices, where a permutation of the
set S = {A, B, C} is a one-to-one and onto map : S S. The
three vertices have the following six permutations.
(
)
(
)
(
)
A B C
A B C
A B C
A B C
C A B
B C A
(
)
(
)
(
)
A B C
A B C
A B C
A C B
C B A
B A C
We have used the array
(
A B C
B C A
to denote the permutation that sends A to B, B to C, and C to

A. That is,
A 7 B
B 7 C
C 7 A.
The symmetries of a triangle form a group. In this chapter we will
study groups of this type.
5.1
Definitions and Notation
In general, the permutations of a set X form a group SX . If X is

a finite set, we can assume X = {1, 2, . . . , n}. In this case we write
Sn instead of SX . The following theorem says that Sn is a group.
We call this group the symmetric group on n letters.
71
72
CHAPTER 5. PERMUTATION GROUPS
Theorem 5.1. The symmetric group on n letters, Sn , is a group

with n! elements, where the binary operation is the composition of
maps.
Proof. The identity of Sn is just the identity map that sends 1

to 1, 2 to 2, . . ., n to n. If f : Sn Sn is a permutation, then f 1
exists, since f is one-to-one and onto; hence, every permutation
has an inverse. Composition of maps is associative, which makes
the group operation associative. We leave the proof that |Sn | = n!
as an exercise.
A subgroup of Sn is called a permutation group.
Example 5.2. Consider the subgroup G of S5 consisting of the
identity permutation id and the permutations
(
1
1
(
1
=
3
(
1
=
3
2 3 4 5
2 3 5 4
2 3 4 5
2 1 4 5
)
)
)
2 3 4 5
.
2 1 5 4
The following table tells us how to multiply elements in the permutation group G.
id
id id
id
id
id
Remark 5.3. Though it is natural to multiply elements in a group

from left to right, functions are composed from right to left. Let
and be permutations on a set X. To compose and as
functions, we calculate ( )(x) = ( (x)). That is, we do first,
then . There are several ways to approach this inconsistency.
We will adopt the convention of multiplying permutations right to
left. To compute , do first and then . That is, by (x)
we mean ( (x)). (Another way of solving this problem would be
to write functions on the right; that is, instead of writing (x),
we could write (x). We could also multiply permutations left
to right to agree with the usual way of multiplying elements in a
group. Certainly all of these methods have been used.
5.1. DEFINITIONS AND NOTATION
73
Example 5.4. Permutation multiplication is not usually commutative. Let

(
)
1 2 3 4
=
4 1 2 3
)
(
1 2 3 4
.
=
2 1 4 3
Then
(
)
1 2 3 4
=
,
1 4 3 2
but
(
)
1 2 3 4
=
.
3 2 1 4
Cycle Notation
The notation that we have used to represent permutations up to
this point is cumbersome, to say the least. To work effectively
with permutation groups, we need a more streamlined method of
writing down and manipulating permutations.
A permutation SX is a cycle of length k if there exist
elements a1 , a2 , . . . , ak X such that
(a1 ) = a2
(a2 ) = a3
..
.
(ak ) = a1
and (x) = x for all other elements x X. We will write (a1 , a2 , . . . , ak )
to denote the cycle . Cycles are the building blocks of all permutations.
Example 5.5. The permutation
(
)
1 2 3 4 5 6 7
=
= (162354)
6 3 5 1 4 2 7
is a cycle of length 6, whereas
(
)
1 2 3 4 5 6
=
= (243)
1 4 2 3 5 6
is a cycle of length 3.
Not every permutation is a cycle. Consider the permutation
(
)
1 2 3 4 5 6
= (1243)(56).
2 4 1 3 6 5
This permutation actually contains a cycle of length 2 and a cycle
of length 4.
74
Example 5.6. It is very easy to compute products of cycles. Suppose that

= (1352) and = (256).
If we think of as
1 7 3,
3 7 5,
5 7 2,
2 7 1,
and as
2 7 5,
5 7 6,
6 7 2,
then for remembering that we apply first and then , it must

be the case that
1 7 3,
3 7 5,
5 7 6,
6 7 2 7 1,
or = (1356). If = (1634), then = (1652)(34).

Two cycles in SX , = (a1 , a2 , . . . , ak ) and = (b1 , b2 , . . . , bl ),
are disjoint if ai = bj for all i and j.
Example 5.7. The cycles (135) and (27) are disjoint; however,
the cycles (135) and (347) are not. Calculating their products, we
find that
(135)(27) = (135)(27)
(135)(347) = (13475).
The product of two cycles that are not disjoint may reduce to
something less complicated; the product of disjoint cycles cannot
be simplified.
Proposition 5.8. Let and be two disjoint cycles in SX . Then
= .
Proof. Let = (a1 , a2 , . . . , ak ) and = (b1 , b2 , . . . , bl ). We must
show that (x) = (x) for all x X. If x is neither in {a1 , a2 , . . . , ak }
nor {b1 , b2 , . . . , bl }, then both and fix x. That is, (x) = x and
(x) = x. Hence,
(x) = ( (x)) = (x) = x = (x) = ((x)) = (x).
Do not forget that we are multiplying permutations right to left,
which is the opposite of the order in which we usually multiply
group elements. Now suppose that x {a1 , a2 , . . . , ak }. Then
(ai ) = a(i mod k)+1 ; that is,
a1 7 a2
a2
7 a3
..
.
ak1 7 ak
ak 7 a1 .
75
However, (ai ) = ai since and are disjoint. Therefore,

(ai ) = ( (ai ))
= (ai )
= a(i mod k)+1
= (a(i mod k)+1 )
= ((ai ))
= (ai ).
Similarly, if x {b1 , b2 , . . . , bl }, then and also commute.
Theorem 5.9. Every permutation in Sn can be written as the
product of disjoint cycles.
Proof. We can assume that X = {1, 2, . . . , n}. If Sn and we
define X1 to be {(1), 2 (1), . . .}, then the set X1 is finite since X
is finite. Now let i be the first integer in X that is not in X1 and
define X2 by {(i), 2 (i), . . .}. Again, X2 is a finite set. Continuing
in this manner, we can define finite disjoint sets X3 , X4 , . . .. Since
X is a finite set, we are guaranteed that this process will end and
there will be only a finite number of these sets, say r. If i is the
cycle defined by
{
i (x) =
(x) x Xi
x
x
/ Xi ,
then = 1 2 r . Since the sets X1 , X2 , . . . , Xr are disjoint,

the cycles 1 , 2 , . . . , r must also be disjoint.
Example 5.10. Let
(
1
=
6
(
1
=
3
2 3 4 5 6
4 3 1 5 2
)
2 3 4 5 6
.
2 1 5 6 4
Using cycle notation, we can write

= (1624)
= (13)(456)
= (136)(245)
= (143)(256).
Remark 5.11. From this point forward we will find it convenient
to use cycle notation to represent permutations. When using cycle
notation, we often denote the identity permutation by (1).
76
Transpositions
The simplest permutation is a cycle of length 2. Such cycles are
called transpositions. Since
(a1 , a2 , . . . , an ) = (a1 an )(a1 an1 ) (a1 a3 )(a1 a2 ),
any cycle can be written as the product of transpositions, leading
to the following proposition.
Proposition 5.12. Any permutation of a finite set containing at
least two elements can be written as the product of transpositions.
Example 5.13. Consider the permutation
(16)(253) = (16)(23)(25) = (16)(45)(23)(45)(25).
As we can see, there is no unique way to represent permutation
as the product of transpositions. For instance, we can write the
identity permutation as (12)(12), as (13)(24)(13)(24), and in many
other ways. However, as it turns out, no permutation can be written as the product of both an even number of transpositions and
an odd number of transpositions. For instance, we could represent
the permutation (16) by
(23)(16)(23)
or by
(35)(16)(13)(16)(13)(35)(56),
but (16) will always be the product of an odd number of transpositions.
Lemma 5.14. If the identity is written as the product of r transpositions,
id = 1 2 r ,
then r is an even number.
Proof. We will employ induction on r. A transposition cannot
be the identity; hence, r > 1. If r = 2, then we are done. Suppose
that r > 2. In this case the product of the last two transpositions,
r1 r , must be one of the following cases:
(ab)(ab) = id
(bc)(ab) = (ac)(bc)
(cd)(ab) = (ab)(cd)
(ac)(ab) = (ab)(bc),
where a, b, c, and d are distinct.
77
The first equation simply says that a transposition is its own

inverse. If this case occurs, delete r1 r from the product to obtain
id = 1 2 r3 r2 .
By induction r 2 is even; hence, r must be even.
In each of the other three cases, we can replace r1 r with
the right-hand side of the corresponding equation to obtain a new
product of r transpositions for the identity. In this new product
the last occurrence of a will be in the next-to-the-last transposition. We can continue this process with r2 r1 to obtain either
a product of r 2 transpositions or a new product of r transpositions where the last occurrence of a is in r2 . If the identity is
the product of r 2 transpositions, then again we are done, by our
induction hypothesis; otherwise, we will repeat the procedure with
r3 r2 .
At some point either we will have two adjacent, identical transpositions canceling each other out or a will be shuffled so that it
will appear only in the first transposition. However, the latter
case cannot occur, because the identity would not fix a in this instance. Therefore, the identity permutation must be the product
of r 2 transpositions and, again by our induction hypothesis, we
are done.
Theorem 5.15. If a permutation can be expressed as the product of an even number of transpositions, then any other product
of transpositions equaling must also contain an even number of
transpositions. Similarly, if can be expressed as the product of an
odd number of transpositions, then any other product of transpositions equaling must also contain an odd number of transpositions.
Proof. Suppose that

= 1 2 m = 1 2 n ,
where m is even. We must show that n is also an even number.
The inverse of is m 1 . Since
id = m 1 = 1 n m 1 ,
n must be even by Lemma 5.14. The proof for the case in which
can be expressed as an odd number of transpositions is left as an
exercise.
In light of Theorem 5.15, we define a permutation to be even
if it can be expressed as an even number of transpositions and odd
if it can be expressed as an odd number of transpositions.
78
The Alternating Groups

One of the most important subgroups of Sn is the set of all even
permutations, An . The group An is called the alternating group
on n letters.
Theorem 5.16. The set An is a subgroup of Sn .
Proof. Since the product of two even permutations must also
be an even permutation, An is closed. The identity is an even
permutation and therefore is in An . If is an even permutation,
then
= 1 2 r ,
where i is a transposition and r is even. Since the inverse of any
transposition is itself,
1 = r r1 1
is also in An .
Proposition 5.17. The number of even permutations in Sn , n 2,
is equal to the number of odd permutations; hence, the order of An
is n!/2.
Proof. Let An be the set of even permutations in Sn and Bn
be the set of odd permutations. If we can show that there is a
bijection between these sets, they must contain the same number
of elements. Fix a transposition in Sn . Since n 2, such a
exists. Define
: An Bn
by
( ) = .
Suppose that ( ) = (). Then = and so
= 1 = 1 = .
Therefore, is one-to-one. We will leave the proof that is
surjective to the reader.
Example 5.18. The group A4 is the subgroup of S4 consisting of
even permutations. There are twelve elements in A4 :
(1)
(12)(34)
(13)(24)
(14)(23)
(123)
(132)
(124)
(142)
(134)
(143)
(234)
(243).
One of the end-of-chapter exercises will be to write down all the

subgroups of A4 . You will find that there is no subgroup of order
6. Does this surprise you?
5.2. DIHEDRAL GROUPS
79
Historical Note
Lagrange first thought of permutations as functions from a set
to itself, but it was Cauchy who developed the basic theorems and
notation for permutations. He was the first to use cycle notation.
Augustin-Louis Cauchy (17891857) was born in Paris at the height
of the French Revolution. His family soon left Paris for the village
of Arcueil to escape the Reign of Terror. One of the familys neighbors there was Pierre-Simon Laplace (17491827), who encouraged
him to seek a career in mathematics. Cauchy began his career as
a mathematician by solving a problem in geometry given to him
by Lagrange. Cauchy wrote over 800 papers on such diverse topics
as differential equations, finite groups, applied mathematics, and
complex analysis. He was one of the mathematicians responsible
for making calculus rigorous. Perhaps more theorems and concepts
in mathematics have the name Cauchy attached to them than that
of any other mathematician.
5.2
Dihedral Groups
Another special type of permutation group is the dihedral group.

Recall the symmetry group of an equilateral triangle in Chapter 3.
Such groups consist of the rigid motions of a regular n-sided polygon or n-gon. For n = 3, 4, . . ., we define the nth dihedral group
to be the group of rigid motions of a regular n-gon. We will denote this group by Dn . We can number the vertices of a regular
n-gon by 1, 2, . . . , n (Figure 5.19). Notice that there are exactly n
choices to replace the first vertex. If we replace the first vertex by
k, then the second vertex must be replaced either by vertex k + 1
or by vertex k 1; hence, there are 2n possible rigid motions of
the n-gon. We summarize these results in the following theorem.
1
n
n1
3
4
Figure 5.19: A regular n-gon
Theorem 5.20. The dihedral group, Dn , is a subgroup of Sn of

order 2n.
80

1
2
3
7
6
1
rotation
4
5
4
5
1
6
1
2
3
7
6
2
reflection
7
6
Figure 5.21: Rotations and reflections of a regular n-gon
2
4
Figure 5.22: Types of reflections of a regular n-gon

Theorem 5.23. The group Dn , n 3, consists of all products of
the two elements r and s, satisfying the relations
rn = 1
s2 = 1
srs = r1 .
Proof. The possible motions of a regular n-gon are either reflections or rotations (Figure 5.21). There are exactly n possible
rotations:
360
360
360
id,
,2
, . . . , (n 1)
.
n
n
n
5.2. DIHEDRAL GROUPS
81
We will denote the rotation 360 /n by r. The rotation r generates

all of the other rotations. That is,
rk = k
360
.
n
Label the n reflections s1 , s2 , . . . , sn , where sk is the reflection that

leaves vertex k fixed. There are two cases of reflection, depending
on whether n is even or odd. If there are an even number of vertices,
then 2 vertices are left fixed by a reflection. If there are an odd
number of vertices, then only a single vertex is left fixed by a
reflection (Figure 5.22).
In either case, the order of sk is two. Let s = s1 . Then s2 = id
and rn = id. Since any rigid motion t of the n-gon replaces the
first vertex by the vertex k, the second vertex must be replaced by
either k + 1 or by k 1. If the second vertex is replaced by k + 1,
then t = rk1 . If it is replaced by k 1, then t = rk1 s. Hence, r
and s generate Dn ; that is, Dn consists of all finite products of r
and s. We will leave the proof that srs = r1 as an exercise.
Example 5.24. The group of rigid motions of a square, D4 , consists of eight elements. With the vertices numbered 1, 2, 3, 4
(Figure 5.25), the rotations are
r = (1234)
r2 = (13)(24)
r3 = (1432)
r4 = (1)
and the reflections are
s1 = (24)
s2 = (13).
The order of D4 is 8. The remaining two elements are
rs1 = (12)(34)
r3 s1 = (14)(23).
1
Figure 5.25: The group D4
82
The Motion Group of a Cube

We can investigate the groups of rigid motions of geometric objects
other than a regular n-sided polygon to obtain interesting examples
of permutation groups. Let us consider the group of rigid motions
of a cube. One of the first questions that we can ask about this
group is what is its order? A cube has 6 sides. If a particular side
is facing upward, then there are four possible rotations of the cube
that will preserve the upward-facing side. Hence, the order of the
group is 6 4 = 24. We have just proved the following proposition.
2
3
3
2
4
1
Figure 5.26: The motion group of a cube
Proposition 5.27. The group of rigid motions of a cube contains

24 elements.
Theorem 5.28. The group of rigid motions of a cube is S4 .
Proof. From Proposition 5.27, we already know that the motion

group of the cube has 24 elements, the same number of elements as
there are in S4 . There are exactly four diagonals in the cube. If we
label these diagonals 1, 2, 3, and 4, we must show that the motion
group of the cube will give us any permutation of the diagonals
(Figure 5.26). If we can obtain all of these permutations, then S4
and the group of rigid motions of the cube must be the same. To
obtain a transposition we can rotate the cube 180 about the axis
joining the midpoints of opposite edges (Figure 5.29). There are
six such axes, giving all transpositions in S4 . Since every element
in S4 is the product of a finite number of transpositions, the motion
group of a cube must be S4 .
5.3. EXERCISES
83
3
2
1
3
4
1
Figure 5.29: Transpositions in the motion group of a cube

Sage A permutation group is a very concrete representation of
a group, and Sage support for permutations groups is very good
making Sage a natural place for beginners to learn about group
theory.
5.3
Exercises
1. Write the following permutations in cycle notation.

(a)
(
)
1 2 3 4 5
2 4 1 5 3
(c)
(
)
1 2 3 4 5
3 5 1 4 2
(b)
)
(
1 2 3 4 5
4 2 5 1 3
(d)
)
(
1 2 3 4 5
1 4 3 2 5
2. Compute each of the following.

(a) (1345)(234)
(i) (123)(45)(1254)2
(b) (12)(1253)
(j) (1254)100
(c) (143)(23)(24)
(k) |(1254)|
(d) (1423)(34)(56)(1324)
(l) |(1254)2 |
(e) (1254)(13)(25)
(m) (12)1
(f) (1254)(13)(25)2
(n) (12537)1
(g) (1254)1 (123)(45)(1254)
(o) [(12)(34)(12)(47)]1
(h) (1254)2 (123)(45)
(p) [(1235)(467)]1
3. Express the following permutations as products of transpositions and identify them as even or odd.
84
(a) (14356)
(b) (156)(234)
(c) (1426)(142)
(d) (17254)(1423)(154632)
(e) (142637)
4. Find (a1 , a2 , . . . , an )1 .
5. List all of the subgroups of S4 . Find each of the following sets.
(a) { S4 : (1) = 3}
(b) { S4 : (2) = 2}
(c) { S4 : (1) = 3 and (2) = 2}
Are any of these sets subgroups of S4 ?
6. Find all of the subgroups in A4 . What is the order of each
subgroup?
7. Find all possible orders of elements in S7 and A7 .
8. Show that A10 contains an element of order 15.
9. Does A8 contain an element of order 26?
10. Find an element of largest order in Sn for n = 3, . . . , 10.
11. What are the possible cycle structures of elements of A5 ?
What about A6 ?
12. Let Sn have order n. Show that for all integers i and j,
i = j if and only if i j (mod n).
13. Let = 1 m Sn be the product of disjoint cycles. Prove
that the order of is the least common multiple of the lengths of
the cycles 1 , . . . , m .
14. Using cycle notation, list the elements in D5 . What are r and
s? Write every element as a product of r and s.
15. If the diagonals of a cube are labeled as Figure 5.26, to which
motion of the cube does the permutation (12)(34) correspond?
What about the other permutations of the diagonals?
16. Find the group of rigid motions of a tetrahedron. Show that
this is the same group as A4 .
17. Prove that Sn is nonabelian for n 3.
18. Show that An is nonabelian for n 4.
19. Prove that Dn is nonabelian for n 3.
5.3. EXERCISES
85
20. Let Sn be a cycle. Prove that can be written as the

product of at most n 1 transpositions.
21. Let Sn . If is not a cycle, prove that can be written as
the product of at most n 2 transpositions.
22. If can be expressed as an odd number of transpositions, show
that any other product of transpositions equaling must also be
odd.
23. If is a cycle of odd length, prove that 2 is also a cycle.
24. Show that a 3-cycle is an even permutation.
25. Prove that in An with n 3, any permutation is a product of
cycles of length 3.
26. Prove that any element in Sn can be written as a finite product
of the following permutations.
(a) (12), (13), . . . , (1n)
(b) (12), (23), . . . , (n 1, n)
(c) (12), (12 . . . n)
27. Let G be a group and define a map g : G G by g (a) = ga.
Prove that g is a permutation of G.
28. Prove that there exist n! permutations of a set containing n
elements.
29. Recall that the center of a group G is
Z(G) = {g G : gx = xg for all x G}.
Find the center of D8 . What about the center of D10 ? What is
the center of Dn ?
30. Let = (a1 , a2 , . . . , ak ) be a cycle of length k.
(a) Prove that if is any permutation, then
1 = ((a1 ), (a2 ), . . . , (ak ))
is a cycle of length k.
(b) Let be a cycle of length k. Prove that there is a permutation
such that 1 = .
31. For and in Sn , define if there exists an Sn such
that 1 = . Show that is an equivalence relation on Sn .
86
32. Let SX . If n (x) = y, we will say that x y.

(a) Show that is an equivalence relation on X.
(b) If An and Sn , show that 1 An .
(c) Define the orbit of x X under SX to be the set
Ox, = {y : x y}.
Compute the orbits of each of the following elements in S5 :
= (1254)
= (123)(45)
= (13)(25).
(d) If Ox, Oy, = , prove that Ox, = Oy, . The orbits under
a permutation are the equivalence classes corresponding to
the equivalence relation .
(e) A subgroup H of SX is transitive if for every x, y X, there
exists a H such that (x) = y. Prove that is transitive
if and only if Ox, = X for some x X.
33. Let Sn for n 3. If = for all Sn , prove that
must be the identity permutation; hence, the center of Sn is the
trivial subgroup.
34. If is even, prove that 1 is also even. Does a corresponding
result hold if is odd?
35. Show that 1 1 is even for , Sn .
36. Let r and s be the elements in Dn described in Theorem 5.10.
(a) Show that srs = r1 .
(b) Show that rk s = srk in Dn .
(c) Prove that the order of rk Dn is n/ gcd(k, n).
6
Cosets and Lagranges
Theorem
Lagranges Theorem, one of the most important results in finite

group theory, states that the order of a subgroup must divide the
order of the group. This theorem provides a powerful tool for
analyzing finite groups; it gives us an idea of exactly what type of
subgroups we might expect a finite group to possess. Central to
understanding Lagrangess Theorem is the notion of a coset.
6.1
Cosets
Let G be a group and H a subgroup of G. Define a left coset of

H with representative g G to be the set
gH = {gh : h H}.
Right cosets can be defined similarly by
Hg = {hg : h H}.
If left and right cosets coincide or if it is clear from the context
to which type of coset that we are referring, we will use the word
coset without specifying left or right.
Example 6.1. Let H be the subgroup of Z6 consisting of the
elements 0 and 3. The cosets are
0 + H = 3 + H = {0, 3}
1 + H = 4 + H = {1, 4}
2 + H = 5 + H = {2, 5}.
We will always write the cosets of subgroups of Z and Zn with the
additive notation we have used for cosets here. In a commutative
group, left and right cosets are always identical.
87
88
CHAPTER 6. COSETS AND LAGRANGES THEOREM
Example 6.2. Let H be the subgroup of S3 defined by the permutations {(1), (123), (132)}. The left cosets of H are
(1)H = (123)H = (132)H = {(1), (123), (132)}
(12)H = (13)H = (23)H = {(12), (13), (23)}.
The right cosets of H are exactly the same as the left cosets:
H(1) = H(123) = H(132) = {(1), (123), (132)}
H(12) = H(13) = H(23) = {(12), (13), (23)}.
It is not always the case that a left coset is the same as a right
coset. Let K be the subgroup of S3 defined by the permutations
{(1), (12)}. Then the left cosets of K are
(1)K = (12)K = {(1), (12)}
(13)K = (123)K = {(13), (123)}
(23)K = (132)K = {(23), (132)};
however, the right cosets of K are
K(1) = K(12) = {(1), (12)}
K(13) = K(132) = {(13), (132)}
K(23) = K(123) = {(23), (123)}.
The following lemma is quite useful when dealing with cosets.
(We leave its proof as an exercise.)
Lemma 6.3. Let H be a subgroup of a group G and suppose that
g1 , g2 G. The following conditions are equivalent.
1. g1 H = g2 H;
2. Hg11 = Hg21 ;
3. g1 H g2 H;
4. g2 g1 H;
5. g11 g2 H.
In all of our examples the cosets of a subgroup H partition the
larger group G. The following theorem proclaims that this will
always be the case.
Theorem 6.4. Let H be a subgroup of a group G. Then the left
cosets of H in G partition G. That is, the group G is the disjoint
union of the left cosets of H in G.
Proof. Let g1 H and g2 H be two cosets of H in G. We must
show that either g1 H g2 H = or g1 H = g2 H. Suppose that
g1 H g2 H = and a g1 H g2 H. Then by the definition of a left
coset, a = g1 h1 = g2 h2 for some elements h1 and h2 in H. Hence,
g1 = g2 h2 h1
1 or g1 g2 H. By Lemma 6.3, g1 H = g2 H.
6.2. LAGRANGES THEOREM
89
Remark 6.5. There is nothing special in this theorem about left

cosets. Right cosets also partition G; the proof of this fact is exactly the same as the proof for left cosets except that all group
multiplications are done on the opposite side of H.
Let G be a group and H be a subgroup of G. Define the index
of H in G to be the number of left cosets of H in G. We will denote
the index by [G : H].
Example 6.6. Let G = Z6 and H = {0, 3}. Then [G : H] = 3.
Example 6.7. Suppose that G = S3 , H = {(1), (123), (132)}, and
K = {(1), (12)}. Then [G : H] = 2 and [G : K] = 3.
Theorem 6.8. Let H be a subgroup of a group G. The number of
left cosets of H in G is the same as the number of right cosets of
H in G.
Proof. Let LH and RH denote the set of left and right cosets of H
in G, respectively. If we can define a bijective map : LH RH ,
then the theorem will be proved. If gH LH , let (gH) = Hg 1 .
By Lemma 6.3, the map is well-defined; that is, if g1 H = g2 H,
then Hg11 = Hg21 . To show that is one-to-one, suppose that
Hg11 = (g1 H) = (g2 H) = Hg21 .
Again by Lemma 6.3, g1 H = g2 H. The map is onto since
(g 1 H) = Hg.
6.2
Lagranges Theorem
Proposition 6.9. Let H be a subgroup of G with g G and define

a map : H gH by (h) = gh. The map is bijective; hence,
the number of elements in H is the same as the number of elements
in gH.
Proof. We first show that the map is one-to-one. Suppose
that (h1 ) = (h2 ) for elements h1 , h2 H. We must show that
h1 = h2 , but (h1 ) = gh1 and (h2 ) = gh2 . So gh1 = gh2 , and
by left cancellation h1 = h2 . To show that is onto is easy. By
definition every element of gH is of the form gh for some h H
and (h) = gh.
Theorem 6.10 (Lagrange). Let G be a finite group and let H be
a subgroup of G. Then |G|/|H| = [G : H] is the number of distinct
left cosets of H in G. In particular, the number of elements in H
must divide the number of elements in G.
90
Proof. The group G is partitioned into [G : H] distinct left cosets.

Each left coset has |H| elements; therefore, |G| = [G : H]|H|.
Corollary 6.11. Suppose that G is a finite group and g G. Then
the order of g must divide the number of elements in G.
Corollary 6.12. Let |G| = p with p a prime number. Then G is
cyclic and any g G such that g = e is a generator.
Proof. Let g be in G such that g = e. Then by Corollary 6.11,
the order of g must divide the order of the group. Since |g| > 1,
it must be p. Hence, g generates G.
Corollary 6.12 suggests that groups of prime order p must somehow look like Zp .
Corollary 6.13. Let H and K be subgroups of a finite group G
such that G H K. Then
[G : K] = [G : H][H : K].
Proof. Observe that

[G : K] =
|G|
|G| |H|
=
= [G : H][H : K].
|K|
|H| |K|
Remark 6.14 (The converse of Lagranges Theorem is false). The

group A4 has order 12; however, it can be shown that it does not
possess a subgroup of order 6. According to Lagranges Theorem,
subgroups of a group of order 12 can have orders of either 1, 2, 3,
4, or 6. However, we are not guaranteed that subgroups of every
possible order exist. To prove that A4 has no subgroup of order
6, we will assume that it does have such a subgroup H and show
that a contradiction must occur. Since A4 contains eight 3-cycles,
we know that H must contain a 3-cycle. We will show that if H
contains one 3-cycle, then it must contain more than 6 elements.
Proposition 6.15. The group A4 has no subgroup of order 6.
Proof. Since [A4 : H] = 2, there are only two cosets of H in A4 .
Inasmuch as one of the cosets is H itself, right and left cosets must
coincide; therefore, gH = Hg or gHg 1 = H for every g A4 .
Since there are eight 3-cycles in A4 , at least one 3-cycle must be
in H. Without loss of generality, assume that (123) is in H. Then
6.3. FERMATS AND EULERS THEOREMS
91
(123)1 = (132) must also be in H. Since ghg 1 H for all g A4

and all h H and
(124)(123)(124)1 = (124)(123)(142) = (243)
(243)(123)(243)1 = (243)(123)(234) = (142)
we can conclude that H must have at least seven elements
(1), (123), (132), (243), (243)1 = (234), (142), (142)1 = (124).
Therefore, A4 has no subgroup of order 6.
In fact, we can say more about when two cycles have the same
length.
Theorem 6.16. Two cycles and in Sn have the same length
if and only if there exists a Sn such that = 1 .
Proof. Suppose that
= (a1 , a2 , . . . , ak )
= (b1 , b2 , . . . , bk ).
Define to be the permutation
(a1 ) = b1
(a2 ) = b2
..
.
(ak ) = bk .
Then = 1 .
Conversely, suppose that = (a1 , a2 , . . . , ak ) is a k-cycle and
Sn . If (ai ) = b and (a(i mod k)+1) = b , then (b) = b .
Hence,
= ((a1 ), (a2 ), . . . , (ak )).
Since is one-to-one and onto, is a cycle of the same length as
.
6.3
Fermats and Eulers Theorems
The Euler -function is the map : N N defined by (n) = 1

for n = 1, and, for n > 1, (n) is the number of positive integers
m with 1 m < n and gcd(m, n) = 1.
From Proposition 3.4, we know that the order of U (n), the
group of units in Zn , is (n). For example, |U (12)| = (12) = 4
since the numbers that are relatively prime to 12 are 1, 5, 7, and
11. For any prime p, (p) = p 1. We state these results in the
following theorem.
92
Theorem 6.17. Let U (n) be the group of units in Zn . Then

|U (n)| = (n).
The following theorem is an important result in number theory,
due to Leonhard Euler.
Theorem 6.18 (Eulers Theorem). Let a and n be integers such
that n > 0 and gcd(a, n) = 1. Then a(n) 1 (mod n).
Proof. By Theorem 6.17 the order of U (n) is (n). Consequently,
a(n) = 1 for all a U (n); or a(n) 1 is divisible by n. Therefore,
a(n) 1 (mod n).
If we consider the special case of Eulers Theorem in which
n = p is prime and recall that (p) = p 1, we obtain the following
result, due to Pierre de Fermat.
Theorem 6.19 (Fermats Little Theorem). Let p be any prime
number and suppose that p |a. Then
ap1 1
(mod p).
Furthermore, for any integer b, bp b (mod p).

Sage Sage can create all the subgroups of a group, so long as the
group is not too large. It can also create the cosets of a subgroup.
Historical Note
Joseph-Louis Lagrange (17361813), born in Turin, Italy, was
of French and Italian descent. His talent for mathematics became
apparent at an early age. Leonhard Euler recognized Lagranges
abilities when Lagrange, who was only 19, communicated to Euler
some work that he had done in the calculus of variations. That
year he was also named a professor at the Royal Artillery School in
Turin. At the age of 23 he joined the Berlin Academy. Frederick
the Great had written to Lagrange proclaiming that the greatest king in Europe should have the greatest mathematician in
Europe at his court. For 20 years Lagrange held the position vacated by his mentor, Euler. His works include contributions to
number theory, group theory, physics and mechanics, the calculus
of variations, the theory of equations, and differential equations.
Along with Laplace and Lavoisier, Lagrange was one of the people responsible for designing the metric system. During his life
Lagrange profoundly influenced the development of mathematics,
leaving much to the next generation of mathematicians in the form
of examples and new problems to be solved.
6.4. EXERCISES
6.4
93
Exercises
1. Suppose that G is a finite group with an element g of order 5

and an element h of order 7. Why must |G| 35?
2. Suppose that G is a finite group with 60 elements. What are
the orders of possible subgroups of G?
3. Prove or disprove: Every subgroup of the integers has finite
index.
4. Prove or disprove: Every subgroup of the integers has finite
order.
5. List the left and right cosets of the subgroups in each of the
following.
(a)
(b)
(c)
(d)
(e)
8 in Z24
3 in U (8)
3Z in Z
A4 in S4
An in Sn
(f) D4 in S4
(g) T in C
(h) H = {(1), (123), (132)} in
S4
6. Describe the left cosets of SL2 (R) in GL2 (R). What is the index
of SL2 (R) in GL2 (R)?
7. Verify Eulers Theorem for n = 15 and a = 4.
8. Use Fermats Little Theorem to show that if p = 4n+3 is prime,
there is no solution to the equation x2 1 (mod p).
9. Show that the integers have infinite index in the additive group
of rational numbers.
10. Show that the additive group of real numbers has infinite index
in the additive group of the complex numbers.
11. Let H be a subgroup of a group G and suppose that g1 , g2 G.
Prove that the following conditions are equivalent.
(a) g1 H = g2 H
(b) Hg11 = Hg21
(c) g1 H g2 H
(d) g2 g1 H
(e) g11 g2 H
94
12. If ghg 1 H for all g G and h H, show that right cosets

are identical to left cosets. That is, show that gH = Hg for all
g G.
13. What fails in the proof of Theorem 6.3 if : LH RH is
defined by (gH) = Hg?
14. Suppose that g n = e. Show that the order of g divides n.
15. Show that any two permutations , Sn have the same
cycle structure if and only if there exists a permutation such
that = 1 . If = 1 for some Sn , then and are
conjugate.
16. If |G| = 2n, prove that the number of elements of order 2 is
odd. Use this result to show that G must contain a subgroup of
order 2.
17. Suppose that [G : H] = 2. If a and b are not in H, show that
ab H.
18. If [G : H] = 2, prove that gH = Hg.
19. Let H and K be subgroups of a group G. Prove that gH gK
is a coset of H K in G.
20. Let H and K be subgroups of a group G. Define a relation
on G by a b if there exists an h H and a k K such
that hak = b. Show that this relation is an equivalence relation.
The corresponding equivalence classes are called double cosets.
Compute the double cosets of H = {(1), (123), (132)} in A4 .
21. Let G be a cyclic group of order n. Show that there are exactly
(n) generators for G.
22. Let n = pe11 pe22 pekk , where p1 , p2 , . . . , pk are distinct primes.
Prove that
(
)(
)
(
)
1
1
1
(n) = n 1
1
1
.
p1
p2
pk
23. Show that
n=
d|n
for all positive integers n.
(d)
7
Introduction to
Cryptography
Cryptography is the study of sending and receiving secret messages.

The aim of cryptography is to send messages across a channel so
that only the intended recipient of the message can read it. In
addition, when a message is received, the recipient usually requires
some assurance that the message is authentic; that is, that it has
not been sent by someone who is trying to deceive the recipient.
Modern cryptography is heavily dependent on abstract algebra and
number theory.
The message to be sent is called the plaintext message. The
disguised message is called the ciphertext. The plaintext and the
ciphertext are both written in an alphabet, consisting of letters or
characters. Characters can include not only the familiar alphabetic characters A, . . ., Z and a, . . ., z but also digits, punctuation
marks, and blanks. A cryptosystem, or cipher, has two parts:
encryption, the process of transforming a plaintext message to a
ciphertext message, and decryption, the reverse transformation
of changing a ciphertext message into a plaintext message.
There are many different families of cryptosystems, each distinguished by a particular encryption algorithm. Cryptosystems
in a specified cryptographic family are distinguished from one another by a parameter to the encryption function called a key. A
classical cryptosystem has a single key, which must be kept secret, known only to the sender and the receiver of the message. If
person A wishes to send secret messages to two different people
B and C, and does not wish to have B understand Cs messages
or vice versa, A must use two separate keys, so one cryptosystem
is used for exchanging messages with B, and another is used for
exchanging messages with C.
Systems that use two separate keys, one for encoding and another for decoding, are called public key cryptosystems. Since
knowledge of the encoding key does not allow anyone to guess at
the decoding key, the encoding key can be made public. A public
key cryptosystem allows A and B to send messages to C using the
95
96
CHAPTER 7. INTRODUCTION TO CRYPTOGRAPHY
same encoding key. Anyone is capable of encoding a message to

be sent to C, but only C knows how to decode such a message.
7.1
Private Key Cryptography
In single or private key cryptosystems the same key is used for

both encrypting and decrypting messages. To encrypt a plaintext
message, we apply to the message some function which is kept secret, say f . This function will yield an encrypted message. Given
the encrypted form of the message, we can recover the original message by applying the inverse transformation f 1 . The transformation f must be relatively easy to compute, as must f 1 ; however,
f must be extremely difficult to guess from available examples of
coded messages.
Example 7.1. One of the first and most famous private key cryptosystems was the shift code used by Julius Caesar. We first digitize
the alphabet by letting A = 00, B = 01, . . . , Z = 25. The encoding
function will be
f (p) = p + 3 mod 26;
that is, A 7 D, B 7 E, . . . , Z 7 C. The decoding function is
then
f 1 (p) = p 3 mod 26 = p + 23 mod 26.
Suppose we receive the encoded message DOJHEUD. To decode
this message, we first digitize it:
3, 14, 9, 7, 4, 20, 3.
Next we apply the inverse transformation to get
0, 11, 6, 4, 1, 17, 0,
or ALGEBRA. Notice here that there is nothing special about either of the numbers 3 or 26. We could have used a larger alphabet
or a different shift.
Cryptanalysis is concerned with deciphering a received or intercepted message. Methods from probability and statistics are
great aids in deciphering an intercepted message; for example, the
frequency analysis of the characters appearing in the intercepted
message often makes its decryption possible.
Example 7.2. Suppose we receive a message that we know was
encrypted by using a shift transformation on single letters of the 26letter alphabet. To find out exactly what the shift transformation
was, we must compute b in the equation f (p) = p + b mod 26. We
can do this using frequency analysis. The letter E = 04 is the most
commonly occurring letter in the English language. Suppose that
S = 18 is the most commonly occurring letter in the ciphertext.
7.1. PRIVATE KEY CRYPTOGRAPHY
97
Then we have good reason to suspect that 18 = 4 + b mod 26, or

b = 14. Therefore, the most likely encrypting function is
f (p) = p + 14 mod 26.
The corresponding decrypting function is
f 1 (p) = p + 12 mod 26.
It is now easy to determine whether or not our guess is correct.
Simple shift codes are examples of monoalphabetic cryptosystems. In these ciphers a character in the enciphered message
represents exactly one character in the original message. Such cryptosystems are not very sophisticated and are quite easy to break.
In fact, in a simple shift as described in Example 7.1, there are
only 26 possible keys. It would be quite easy to try them all rather
than to use frequency analysis.
Let us investigate a slightly more sophisticated cryptosystem.
Suppose that the encoding function is given by
f (p) = ap + b mod 26.
We first need to find out when a decoding function f 1 exists. Such
a decoding function exists when we can solve the equation
c = ap + b mod 26
for p. By Proposition 3.4, this is possible exactly when a has an
inverse or, equivalently, when gcd(a, 26) = 1. In this case
f 1 (p) = a1 p a1 b mod 26.
Such a cryptosystem is called an affine cryptosystem.
Example 7.3. Let us consider the affine cryptosystem f (p) =
ap + b mod 26. For this cryptosystem to work we must choose an
a Z26 that is invertible. This is only possible if gcd(a, 26) = 1.
Recognizing this fact, we will let a = 5 since gcd(5, 26) = 1. It is
easy to see that a1 = 21. Therefore, we can take our encryption
function to be f (p) = 5p + 3 mod 26. Thus, ALGEBRA is encoded
as 3, 6, 7, 23, 8, 10, 3, or DGHXIKD. The decryption function will
be
f 1 (p) = 21p 21 3 mod 26 = 21p + 15 mod 26.
A cryptosystem would be more secure if a ciphertext letter
could represent more than one plaintext letter. To give an example
of this type of cryptosystem, called a polyalphabetic cryptosystem, we will generalize affine codes by using matrices. The idea
works roughly the same as before; however, instead of encrypting
98
one letter at a time we will encrypt pairs of letters. We can store

a pair of letters p1 and p2 in a vector
( )
p1
p=
.
p2
Let A be a 2 2 invertible matrix with entries in Z26 . We can
define an encoding function by
f (p) = Ap + b,
where b is a fixed column vector and matrix operations are performed in Z26 . The decoding function must be
f 1 (p) = A1 p A1 b.
Example 7.4. Suppose that we wish to encode the word HELP.
The corresponding digit string is 7, 4, 11, 15. If
(
)
3 5
A=
,
1 2
then
A1 =
)
2 21
.
25 3
If b = (2, 2)t , then our message is encrypted as RRCR. The encrypted letter R represents more than one plaintext letter.
Frequency analysis can still be performed on a polyalphabetic
cryptosystem, because we have a good understanding of how pairs
of letters appear in the English language. The pair th appears
quite often; the pair qz never appears. To avoid decryption by a
third party, we must use a larger matrix than the one we used in
Example 7.4.
7.2 Public Key Cryptography

If traditional cryptosystems are used, anyone who knows enough to
encode a message will also know enough to decode an intercepted
message. In 1976, W. Diffie and M. Hellman proposed public key
cryptography, which is based on the observation that the encryption and decryption procedures need not have the same key. This
removes the requirement that the encoding key be kept secret. The
encoding function f must be relatively easy to compute, but f 1
must be extremely difficult to compute without some additional
information, so that someone who knows only the encrypting key
cannot find the decrypting key without prohibitive computation.
It is interesting to note that to date, no system has been proposed
that has been proven to be one-way; that is, for any existing
public key cryptosystem, it has never been shown to be computationally prohibitive to decode messages with only knowledge of the
encoding key.
7.2. PUBLIC KEY CRYPTOGRAPHY
99
The RSA Cryptosystem

The RSA cryptosystem introduced by R. Rivest, A. Shamir, and L.
Adleman in 1978, is based on the difficulty of factoring large numbers. Though it is not a difficult task to find two large random
primes and multiply them together, factoring a 150-digit number
that is the product of two large primes would take 100 million
computers operating at 10 million instructions per second about
50 million years under the fastest algorithms available in the early
1990s. Although the algorithms have improved, factoring a number that is a product of two large primes is still computationally
prohibative.
The RSA cryptosystem works as follows. Suppose that we
choose two random 150-digit prime numbers p and q. Next, we
compute the product n = pq and also compute (n) = m =
(p 1)(q 1), where is the Euler -function. Now we start
choosing random integers E until we find one that is relatively
prime to m; that is, we choose E such that gcd(E, m) = 1. Using the Euclidean algorithm, we can find a number D such that
DE 1 (mod m). The numbers n and E are now made public.
Suppose now that person B (Bob) wishes to send person A
(Alice) a message over a public line. Since E and n are known
to everyone, anyone can encode messages. Bob first digitizes the
message according to some scheme, say A = 00, B = 02, . . . , Z = 25.
If necessary, he will break the message into pieces such that each
piece is a positive integer less than n. Suppose x is one of the pieces.
Bob forms the number y = xE mod n and sends y to Alice. For
Alice to recover x, she need only compute x = y D mod n. Only
Alice knows D.
Example 7.5. Before exploring the theory behind the RSA cryptosystem or attempting to use large integers, we will use some
small integers just to see that the system does indeed work. Suppose that we wish to send some message, which when digitized is
25. Let p = 23 and q = 29. Then
n = pq = 667
and
(n) = m = (p 1)(q 1) = 616.
We can let E = 487, since gcd(616, 487) = 1. The encoded message
is computed to be
25487 mod 667 = 169.
This computation can be reasonably done by using the method of
repeated squares as described in Chapter 4. Using the Euclidean
algorithm, we determine that 191E = 1 + 151m; therefore, the
100
decrypting key is (n, D) = (667, 191). We can recover the original

message by calculating
169191 mod 667 = 25.
Now let us examine why the RSA cryptosystem works. We
know that DE 1 (mod m); hence, there exists a k such that
DE = km + 1 = k(n) + 1.
There are two cases to consider. In the first case assume that
gcd(x, n) = 1. Then by Theorem 6.18,
y D = (xE )D = xDE = xkm+1 = (x(n) )k x = (1)k x = x mod n.
So we see that Alice recovers the original message x when she
computes y D mod n.
For the other case, assume that gcd(x, n) = 1. Since n = pq
and x < n, we know x is a multiple of p or a multiple of q, but not
both. We will describe the first possibility only, since the second
is entirely similar. There is then an integer r, with r < q and
x = rp. Note that we have gcd(x, q) = 1 and that m = (n) =
(p 1)(q 1) = (p)(q). Then, using Theorem 6.18, but now mod
q,
xkm = xk(p)(q) = (x(q) )k(p) = (1)k(p) = 1 mod q.
So there is an integer t such that xkm = 1 + tq. Thus, Alice also
recovers the message in this case,
y D = xkm+1 = xkm x = (1+tq)x = x+tq(rp) = x+trn = x mod n.
We can now ask how one would go about breaking the RSA
cryptosystem. To find D given n and E, we simply need to factor
n and solve for D by using the Euclidean algorithm. If we had
known that 667 = 23 29 in Example 7.5, we could have recovered
D.
Message Verification
There is a problem of message verification in public key cryptosystems. Since the encoding key is public knowledge, anyone has the
ability to send an encoded message. If Alice receives a message
from Bob, she would like to be able to verify that it was Bob
who actually sent the message. Suppose that Bobs encrypting key
is (n , E ) and his decrypting key is (n , D ). Also, suppose that
Alices encrypting key is (n, E) and her decrypting key is (n, D).
Since encryption keys are public information, they can exchange
coded messages at their convenience. Bob wishes to assure Alice
that the message he is sending is authentic. Before Bob sends the
message x to Alice, he decrypts x with his own key:
x = xD mod n .
7.2. PUBLIC KEY CRYPTOGRAPHY
101
Anyone can change x back to x just by encryption, but only Bob

has the ability to form x . Now Bob encrypts x with Alices encryption key to form
y = x mod n,
E
a message that only Alice can decode. Alice decodes the message
and then encodes the result with Bobs key to read the original
message, a message that could have only been sent by Bob.
Historical Note
Encrypting secret messages goes as far back as ancient Greece
and Rome. As we know, Julius Caesar used a simple shift code
to send and receive messages. However, the formal study of encoding and decoding messages probably began with the Arabs in
the 1400s. In the fifteenth and sixteenth centuries mathematicians
such as Alberti and Viete discovered that monoalphabetic cryptosystems offered no real security. In the 1800s, F. W. Kasiski
established methods for breaking ciphers in which a ciphertext letter can represent more than one plaintext letter, if the same key
was used several times. This discovery led to the use of cryptosystems with keys that were used only a single time. Cryptography
was placed on firm mathematical foundations by such people as W.
Friedman and L. Hill in the early part of the twentieth century.
The period after World War I saw the development of specialpurpose machines for encrypting and decrypting messages, and
mathematicians were very active in cryptography during World
War II. Efforts to penetrate the cryptosystems of the Axis nations
were organized in England and in the United States by such notable mathematicians as Alan Turing and A. A. Albert. The Allies
gained a tremendous advantage in World War II by breaking the ciphers produced by the German Enigma machine and the Japanese
Purple ciphers.
By the 1970s, interest in commercial cryptography had begun
to take hold. There was a growing need to protect banking transactions, computer data, and electronic mail. In the early 1970s,
IBM developed and implemented LUZIFER, the forerunner of the
National Bureau of Standards Data Encryption Standard (DES).
The concept of a public key cryptosystem, due to Diffie and
Hellman, is very recent (1976). It was further developed by Rivest,
Shamir, and Adleman with the RSA cryptosystem (1978). It is not
known how secure any of these systems are. The trapdoor knapsack
cryptosystem, developed by Merkle and Hellman, has been broken.
It is still an open question whether or not the RSA system can be
broken. In 1991, RSA Laboratories published a list of semiprimes
(numbers with exactly two prime factors) with a cash prize for whoever was able to provide a factorization (http://www.emc.com/emcplus/rsa-labs/historical/the-rsa-challenge-numbers.htm). Although
102
the challenge ended in 2007, many of these numbers have not yet
been factored.
There been a great deal of controversy about research in cryptography and cryptography itself. In 1929, when Henry Stimson, Secretary of State under Herbert Hoover, dismissed the Black
Chamber (the State Departments cryptography division) on the
ethical grounds that gentlemen do not read each others mail.
During the last two decades of the twentieth century, the National
Security Agency wanted to keep information about cryptography
secret, whereas the academic community fought for the right to
publish basic research. Currently, research in mathematical cryptography and computational number theory is very active, and
mathematicians are free to publish their results in these areas.
Sage Sages early development featured powerful routines for
number theory, and later included significant support for algebraic structures and other areas of discrete mathematics. So it
is a natural tool for the study of cryptology, including topics like
RSA, elliptic curve cryptography, and AES (Advanced Encryption
Standard).
7.3
Exercises
1. Encode IXLOVEXMATH using the cryptosystem in Example

1.
2. Decode ZLOOA WKLVA EHARQ WKHA ILQDO, which was
encoded using the cryptosystem in Example 1.
3. Assuming that monoalphabetic code was used to encode the
following secret message, what was the original message?
APHUO EGEHP PEXOV FKEUH CKVUE CHKVE
APHUO
EGEHU EXOVL EXDKT VGEFT EHFKE UHCKF TZEXO
VEZDT TVKUE XOVKV ENOHK ZFTEH TEHKQ
LEROF
PVEHP PEXOV ERYKP GERYT GVKEG XDRTE RGAGA
What is the significance of this message in the history of cryptography?
4. What is the total number of possible monoalphabetic cryptosystems? How secure are such cryptosystems?
5. Prove that a 2 2 matrix A with entries in Z26 is invertible if
and only if gcd(det(A), 26) = 1.
7.3. EXERCISES
103
6. Given the matrix
(
)
3 4
A=
,
2 3
use the encryption function f (p) = Ap + b to encode the message CRYPTOLOGY, where b = (2, 5)t . What is the decoding
function?
7. Encrypt each of the following RSA messages x so that x is
divided into blocks of integers of length 2; that is, if x = 142528,
encode 14, 25, and 28 separately.
(a) n = 3551, E = 629, x = 31
(b) n = 2257, E = 47, x = 23
(c) n = 120979, E = 13251, x = 142371
(d) n = 45629, E = 781, x = 231561
8. Compute the decoding key D for each of the encoding keys in
Exercise 7.
9. Decrypt each of the following RSA messages y.
(a) n = 3551, D = 1997, y = 2791
(b) n = 5893, D = 81, y = 34
(c) n = 120979, D = 27331, y = 112135
(d) n = 79403, D = 671, y = 129381
10. For each of the following encryption keys (n, E) in the RSA
cryptosystem, compute D.
(a) (n, E) = (451, 231)
(b) (n, E) = (3053, 1921)
(c) (n, E) = (37986733, 12371)
(d) (n, E) = (16394854313, 34578451)
11. Encrypted messages are often divided into blocks of n letters.
A message such as THE WORLD WONDERS WHY might be
encrypted as JIW OCFRJ LPOEVYQ IOC but sent as JIW OCF
RJL POE VYQ IOC. What are the advantages of using blocks of
n letters?
12. Find integers n, E, and X such that
XE X
(mod n).
Is this a potential problem in the RSA cryptosystem?
104
13. Every person in the class should construct an RSA cryptosystem using primes that are 10 to 15 digits long. Hand in (n, E)
and an encoded message. Keep D secret. See if you can break one
anothers codes.
7.4
Additional Exercises: Primality and Factoring
In the RSA cryptosystem it is important to be able to find large

prime numbers easily. Also, this cryptosystem is not secure if we
can factor a composite number that is the product of two large
primes. The solutions to both of these problems are quite easy.
To find out if a number n is prime or to factor n, we can use
trial division. We simply divide n by d = 2, 3, . . . , n. Either a

factorization will be obtained, or n is prime if no d divides n. The
problem is that such a computation is prohibitively time-consuming
if n is very large.
1. A better algorithm for factoring odd positive integers is Fermats factorization algorithm.
(a) Let n = ab be an odd composite number. Prove that n can
be written as the difference of two perfect squares:
n = x2 y 2 = (x y)(x + y).
Consequently, a positive odd integer can be factored exactly
when we can find integers x and y such that n = x2 y 2 .
(b) Write a program to implement the following factorization algorithm based on the observation in part (a). The expression
ceiling(sqrt(n)) means the smallest integer greater than or
equal to the square root of n. Write another program to do
factorization using trial division and compare the speed of the
two algorithms. Which algorithm is faster and why?
x := ceiling(sqrt(n))
y := 1
1 : while x^2 - y^2 > n do
y := y + 1
if x^2 - y^2 < n then
x := x + 1
y := 1
goto 1
else if x^2 - y^2 = 0 then
a := x - y
b := x + y
write n = a * b
105
2. (Primality Testing) Recall Fermats Little Theorem from Chapter 6. Let p be prime with gcd(a, p) = 1. Then ap1 1 (mod p).
We can use Fermats Little Theorem as a screening test for primes.
For example, 15 cannot be prime since
2151 214 4
(mod 15).
However, 17 is a potential prime since

2171 216 1
(mod 17).
We say that an odd composite number n is a pseudoprime if

2n1 1
(mod n).
Which of the following numbers are primes and which are pseudoprimes?
(a) 342
(c) 601
(e) 771
(b) 811
(d) 561
(f) 631
3. Let n be an odd composite number and b be a positive integer

such that gcd(b, n) = 1. If bn1 1 (mod n), then n is a pseudoprime base b. Show that 341 is a pseudoprime base 2 but not a
pseudoprime base 3.
4. Write a program to determine all primes less than 2000 using trial division. Write a second program that will determine all
numbers less than 2000 that are either primes or pseudoprimes.
Compare the speed of the two programs. How many pseudoprimes
are there below 2000?
There exist composite numbers that are pseudoprimes for all bases
to which they are relatively prime. These numbers are called
Carmichael numbers. The first Carmichael number is 561 =
3 11 17. In 1992, Alford, Granville, and Pomerance proved that
there are an infinite number of Carmichael numbers [4]. However,
Carmichael numbers are very rare. There are only 2163 Carmichael
numbers less than 25 109 . For more sophisticated primality tests,
see [1], [6], or [7].
7.5
[1]
Bressoud, D. M. Factorization and Primality Testing. SpringerVerlag, New York, 1989.
[2]
Diffie, W. and Hellman, M. E. New Directions in Cryptography, IEEE Trans. Inform. Theory 22 (1976), 64454.
106
[3]
Gardner, M. Mathematical games: A new kind of cipher

that would take millions of years to break, Scientific American 237 (1977), 12024.
[4]
Granville, A. Primality Testing and Carmichael Numbers,

Notices of the American Mathematical Society 39(1992), 696
700.
[5]
Hellman, M. E. The Mathematics of Public Key Cryptography, Scientific American 241(1979), 13039.
[6]
Koblitz, N. A Course in Number Theory and Cryptography.

2nd ed. Springer, New York, 1994.
[7]
Pomerance, C., ed. Cryptology and Computational Number

Theory, Proceedings of Symposia in Applied Mathematics
42(1990) American Mathematical Society, Providence, RI.
[8]
Rivest, R. L., Shamir, A., and Adleman, L., A Method for

Obtaining Signatures and Public-key Cryptosystems, Comm.
ACM 21(1978), 12026.
8
Algebraic Coding Theory
Coding theory is an application of algebra that has become increasingly important over the last several decades. When we transmit
data, we are concerned about sending a message over a channel
that could be affected by noise. We wish to be able to encode
and decode the information in a manner that will allow the detection, and possibly the correction, of errors caused by noise. This
situation arises in many areas of communications, including radio,
telephone, television, computer communications, and digital media
technology. Probability, combinatorics, group theory, linear algebra, and polynomial rings over finite fields all play important roles
in coding theory.
8.1
Error-Detecting and Correcting Codes
Let us examine a simple model of a communications system for

transmitting and receiving coded messages (Figure 8.1).
107
108
CHAPTER 8. ALGEBRAIC CODING THEORY

m-digit message
Encoder
n-digit code word
Transmitter
Noise
Receiver
n-digit received word
Decoder
m-digit received message or error
Figure 8.1: Encoding and decoding messages
Uncoded messages may be composed of letters or characters,

but typically they consist of binary m-tuples. These messages are
encoded into codewords, consisting of binary n-tuples, by a device
called an encoder. The message is transmitted and then decoded.
We will consider the occurrence of errors during transmission. An
error occurs if there is a change in one or more bits in the codeword. A decoding scheme is a method that either converts an
arbitrarily received n-tuple into a meaningful decoded message or
gives an error message for that n-tuple. If the received message
is a codeword (one of the special n-tuples allowed to be transmitted), then the decoded message must be the unique message that
was encoded into the codeword. For received non-codewords, the
decoding scheme will give an error indication, or, if we are more
clever, will actually try to correct the error and reconstruct the
original message. Our goal is to transmit error-free messages as
cheaply and quickly as possible.
Example 8.2. One possible coding scheme would be to send a
message several times and to compare the received copies with
one another. Suppose that the message to be encoded is a binary
n-tuple (x1 , x2 , . . . , xn ). The message is encoded into a binary 3ntuple by simply repeating the message three times:
(x1 , x2 , . . . , xn ) 7 (x1 , x2 , . . . , xn , x1 , x2 , . . . , xn , x1 , x2 , . . . , xn ).
To decode the message, we choose as the ith digit the one that
appears in the ith place in at least two of the three transmissions.
8.1. ERROR-DETECTING AND CORRECTING CODES
109
For example, if the original message is (0110), then the transmitted

message will be (0110 0110 0110). If there is a transmission error in
the fifth digit, then the received codeword will be (0110 1110 0110),
which will be correctly decoded as (0110).1 This triple-repetition
method will automatically detect and correct all single errors, but
it is slow and inefficient: to send a message consisting of n bits, 2n
extra bits are required, and we can only detect and correct single
errors. We will see that it is possible to find an encoding scheme
that will encode a message of n bits into m bits with m much
smaller than 3n.
Example 8.3. Even parity, a commonly used coding scheme, is
much more efficient than the simple repetition scheme. The ASCII
(American Standard Code for Information Interchange) coding system uses binary 8-tuples, yielding 28 = 256 possible 8-tuples. However, only seven bits are needed since there are only 27 = 128 ASCII
characters. What can or should be done with the extra bit? Using
the full eight bits, we can detect single transmission errors. For
example, the ASCII codes for A, B, and C are
A = 6510 = 010000012 ,
B = 6610 = 010000102 ,
C = 6710 = 010000112 .
Notice that the leftmost bit is always set to 0; that is, the 128
ASCII characters have codes
000000002 = 010 ,
..
.
011111112 = 12710 .
The bit can be used for error checking on the other seven bits. It
is set to either 0 or 1 so that the total number of 1 bits in the
representation of a character is even. Using even parity, the codes
for A, B, and C now become
A = 010000012 ,
B = 010000102 ,
C = 110000112 .
Suppose an A is sent and a transmission error in the sixth bit is
caused by noise over the communication channel so that (0100 0101)
is received. We know an error has occurred since the received word
has an odd number of 1s, and we can now request that the codeword be transmitted again. When used for error checking, the
leftmost bit is called a parity check bit.
1
We will adopt the convention that bits are numbered left to right in binary
n-tuples.
110
By far the most common error-detecting codes used in computers are based on the addition of a parity bit. Typically, a computer stores information in m-tuples called words. Common word
lengths are 8, 16, and 32 bits. One bit in the word is set aside as
the parity check bit, and is not used to store information. This bit
is set to either 0 or 1, depending on the number of 1s in the word.
Adding a parity check bit allows the detection of all single errors because changing a single bit either increases or decreases the
number of 1s by one, and in either case the parity has been changed
from even to odd, so the new word is not a codeword. (We could
also construct an error detection scheme based on odd parity; that
is, we could set the parity check bit so that a codeword always has
an odd number of 1s.)
The even parity system is easy to implement, but has two drawbacks. First, multiple errors are not detectable. Suppose an A is
sent and the first and seventh bits are changed from 0 to 1. The
received word is a codeword, but will be decoded into a C instead
of an A. Second, we do not have the ability to correct errors. If
the 8-tuple (1001 1000) is received, we know that an error has
occurred, but we have no idea which bit has been changed. We
will now investigate a coding scheme that will not only allow us to
detect transmission errors but will actually correct the errors.
Transmitted
Codeword
000
111
000
0
3
001
1
2
Received Word
010 011 100 101
1
2
1
2
2
1
2
1
110
2
1
111
3
0
Table 8.4: A repetition code

Example 8.5. Suppose that our original message is either a 0 or
a 1, and that 0 encodes to (000) and 1 encodes to (111). If only a
single error occurs during transmission, we can detect and correct
the error. For example, if a 101 is received, then the second bit
must have been changed from a 1 to a 0. The originally transmitted codeword must have been (111). This method will detect and
correct all single errors.
In Table 8.4, we present all possible words that might be received for the transmitted codewords (000) and (111). Table 8.4
also shows the number of bits by which each received 3-tuple differs
from each original codeword.
Maximum-Likelihood Decoding2
The coding scheme presented in Example 8.5 is not a complete
solution to the problem because it does not account for the pos2
This section requires a knowledge of probability, but can be skipped without

loss of continuity.
111
sibility of multiple errors. For example, either a (000) or a (111)

could be sent and a (001) received. We have no means of deciding
from the received word whether there was a single error in the third
bit or two errors, one in the first bit and one in the second. No
matter what coding scheme is used, an incorrect message could be
received. We could transmit a (000), have errors in all three bits,
and receive the codeword (111). It is important to make explicit
assumptions about the likelihood and distribution of transmission
errors so that, in a particular application, it will be known whether
a given error detection scheme is appropriate. We will assume that
transmission errors are rare, and, that when they do occur, they
occur independently in each bit; that is, if p is the probability of
an error in one bit and q is the probability of an error in a different
bit, then the probability of errors occurring in both of these bits at
the same time is pq. We will also assume that a received n-tuple
is decoded into a codeword that is closest to it; that is, we assume
that the receiver uses maximum-likelihood decoding.
0
0
q
q
Figure 8.6: Binary symmetric channel

A binary symmetric channel is a model that consists of a
transmitter capable of sending a binary signal, either a 0 or a 1,
together with a receiver. Let p be the probability that the signal is
correctly received. Then q = 1 p is the probability of an incorrect
reception. If a 1 is sent, then the probability that a 1 is received
is p and the probability that a 0 is received is q (Figure 8.6). The
probability that no errors occur during the transmission of a binary
codeword of length n is pn . For example, if p = 0.999 and a message
consisting of 10,000 bits is sent, then the probability of a perfect
transmission is
(0.999)10,000 0.00005.
Theorem 8.7. If a binary n-tuple (x1 , . . . , xn ) is transmitted across
a binary symmetric channel with probability p that no error will
occur in each coordinate, then the probability that there are errors
in exactly k coordinates is
( )
n k nk
q p
.
k
Proof. Fix k different coordinates. We first compute the probability that an error has occurred in this fixed set of coordinates.
112
The probability of an error occurring in a particular one of these k

coordinates is q; the probability that an error will not occur in any
of the remaining n k coordinates is p. The probability of each
of these n independent events is q k pnk . The number of possible
error patterns with exactly k errors occurring is equal to
( )
n
n!
=
,
k
k!(n k)!
the number of combinations of n things taken k at a time. Each
of these error patterns has probability q k pnk of occurring; hence,
the probability of all of these error patterns is
( )
n k nk
q p
.
k
Example 8.8. Suppose that p = 0.995 and a 500-bit message is

sent. The probability that the message was sent error-free is
pn = (0.995)500 0.082.
The probability of exactly one error occurring is
( )
n
qpn1 = 500(0.005)(0.995)499 0.204.
1
The probability of exactly two errors is
( )
n 2 n2 500 499
(0.005)2 (0.995)498 0.257.
q p
=
2
2
The probability of more than two errors is approximately
1 0.082 0.204 0.257 = 0.457.
Block Codes
If we are to develop efficient error-detecting and error-correcting
codes, we will need more sophisticated mathematical tools. Group
theory will allow faster methods of encoding and decoding messages. A code is an (n, m)-block code if the information that is
to be coded can be divided into blocks of m binary digits, each of
which can be encoded into n binary digits. More specifically, an
(n, m)-block code consists of an encoding function
n
E : Zm
2 Z2
and a decoding function

D : Zn2 Zm
2 .
A codeword is any element in the image of E. We also require that
E be one-to-one so that two information blocks will not be encoded
into the same codeword. If our code is to be error-correcting, then
D must be onto.
113
Example 8.9. The even-parity coding system developed to detect single errors in ASCII characters is an (8, 7)-block code. The
encoding function is
E(x7 , x6 , . . . , x1 ) = (x8 , x7 , . . . , x1 ),
where x8 = x7 + x6 + + x1 with addition in Z2 .
Let x = (x1 , . . . , xn ) and y = (y1 , . . . , yn ) be binary n-tuples.
The Hamming distance or distance, d(x, y), between x and y is
the number of bits in which x and y differ. The distance between
two codewords is the minimum number of transmission errors required to change one codeword into the other. The minimum
distance for a code, dmin , is the minimum of all distances d(x, y),
where x and y are distinct codewords. The weight, w(x), of a binary codeword x is the number of 1s in x. Clearly, w(x) = d(x, 0),
where 0 = (00 0).
Example 8.10. Let x = (10101), y = (11010), and z = (00011)
be all of the codewords in some code C. Then we have the following
Hamming distances:
d(x, y) = 4,
d(x, z) = 3,
d(y, z) = 3.
The minimum distance for this code is 3. We also have the following
weights:
w(x) = 3,
w(y) = 3,
w(z) = 2.
The following proposition lists some basic properties about the
weight of a codeword and the distance between two codewords.
The proof is left as an exercise.
Proposition 8.11. Let x, y, and z be binary n-tuples. Then
1. w(x) = d(x, 0);
2. d(x, y) 0;
3. d(x, y) = 0 exactly when x = y;
4. d(x, y) = d(y, x);
5. d(x, y) d(x, z) + d(z, y).
The weights in a particular code are usually much easier to
compute than the Hamming distances between all codewords in
the code. If a code is set up carefully, we can use this fact to our
advantage.
Suppose that x = (1101) and y = (1100) are codewords in some
code. If we transmit (1101) and an error occurs in the rightmost
bit, then (1100) will be received. Since (1100) is a codeword, the
decoder will decode (1100) as the transmitted message. This code
114
is clearly not very appropriate for error detection. The problem

is that d(x, y) = 1. If x = (1100) and y = (1010) are codewords,
then d(x, y) = 2. If x is transmitted and a single error occurs, then
y can never be received. Table 8.12 gives the distances between
all 4-bit codewords in which the first three bits carry information
and the fourth is an even parity check bit. We can see that the
minimum distance here is 2; hence, the code is suitable as a single
error-correcting code.
0000
0011
0101
0110
1001
1010
1100
1111
0000
0
2
2
2
2
2
2
4
0011
2
0
2
2
2
2
4
2
0101
2
2
0
2
2
4
2
2
0110
2
2
2
0
4
2
2
2
1001
2
2
2
4
0
2
2
2
1010
2
2
4
2
2
0
2
2
1100
2
4
2
2
2
2
0
2
1111
4
2
2
2
2
2
2
0
Table 8.12: Distances between 4-bit codewords

To determine exactly what the error-detecting and error-correcting
capabilities for a code are, we need to analyze the minimum distance for the code. Let x and y be codewords. If d(x, y) = 1
and an error occurs where x and y differ, then x is changed to y.
The received codeword is y and no error message is given. Now
suppose d(x, y) = 2. Then a single error cannot change x to y.
Therefore, if dmin = 2, we have the ability to detect single errors.
However, suppose that d(x, y) = 2, y is sent, and a noncodeword
z is received such that
d(x, z) = d(y, z) = 1.
Then the decoder cannot decide between x and y. Even though
we are aware that an error has occurred, we do not know what the
error is.
Suppose dmin 3. Then the maximum-likelihood decoding
scheme corrects all single errors. Starting with a codeword x, an
error in the transmission of a single bit gives y with d(x, y) = 1,
but d(z, y) 2 for any other codeword z = x. If we do not require
the correction of errors, then we can detect multiple errors when a
code has a minimum distance that is greater than 3.
Theorem 8.13. Let C be a code with dmin = 2n + 1. Then C can
correct any n or fewer errors. Furthermore, any 2n or fewer errors
can be detected in C.
8.2. LINEAR CODES
115
Proof. Suppose that a codeword x is sent and the word y is

received with at most n errors. Then d(x, y) n. If z is any
codeword other than x, then
2n + 1 d(x, z) d(x, y) + d(y, z) n + d(y, z).
Hence, d(y, z) n + 1 and y will be correctly decoded as x. Now
suppose that x is transmitted and y is received and that at least
one error has occurred, but not more than 2n errors. Then 1
d(x, y) 2n. Since the minimum distance between codewords is
2n + 1, y cannot be a codeword. Consequently, the code can detect
between 1 and 2n errors.
Example 8.14. In Table 8.15, the codewords c1 = (00000), c2 =
(00111), c3 = (11100), and c4 = (11011) determine a single errorcorrecting code.
00000
00111
11100
11011
00000
0
3
3
4
00111
3
0
4
3
11100
3
4
0
3
11011
4
3
3
0
Table 8.15: Hamming distances for an error-correcting code
Historical Note
Modern coding theory began in 1948 with C. Shannons paper,
A Mathematical Theory of Information [7]. This paper offered an
example of an algebraic code, and Shannons Theorem proclaimed
exactly how good codes could be expected to be. Richard Hamming
began working with linear codes at Bell Labs in the late 1940s and
early 1950s after becoming frustrated because the programs that
he was running could not recover from simple errors generated by
noise. Coding theory has grown tremendously in the past several
decades. The Theory of Error-Correcting Codes, by MacWilliams
and Sloane [5], published in 1977, already contained over 1500 references. Linear codes (Reed-Muller (32, 6)-block codes) were used
on NASAs Mariner space probes. More recent space probes such as
Voyager have used what are called convolution codes. Currently,
very active research is being done with Goppa codes, which are
heavily dependent on algebraic geometry.
8.2
Linear Codes
To gain more knowledge of a particular code and develop more

efficient techniques of encoding, decoding, and error detection, we
116
need to add additional structure to our codes. One way to accomplish this is to require that the code also be a group. A group
code is a code that is also a subgroup of Zn2 .
To check that a code is a group code, we need only verify one
thing. If we add any two elements in the code, the result must be
an n-tuple that is again in the code. It is not necessary to check
that the inverse of the n-tuple is in the code, since every codeword
is its own inverse, nor is it necessary to check that 0 is a codeword.
For instance,
(11000101) + (11000101) = (00000000).
Example 8.16. Suppose that we have a code that consists of the
following 7-tuples:
(0000000)
(0001111)
(0010101)
(0011010)
(0100110)
(0101001)
(0110011)
(0111100)
(1000011)
(1001100)
(1010110)
(1011001)
(1100101)
(1101010)
(1110000)
(1111111).
It is a straightforward though tedious task to verify that this code

is also a subgroup of Z72 and, therefore, a group code. This code is
a single error-detecting and single error-correcting code, but it is a
long and tedious process to compute all of the distances between
pairs of codewords to determine that dmin = 3. It is much easier
to see that the minimum weight of all the nonzero codewords is 3.
As we will soon see, this is no coincidence. However, the relationship between weights and distances in a particular code is heavily
dependent on the fact that the code is a group.
Lemma 8.17. Let x and y be binary n-tuples. Then w(x + y) =
d(x, y).
Proof. Suppose that x and y are binary n-tuples. Then the distance between x and y is exactly the number of places in which x
and y differ. But x and y differ in a particular coordinate exactly
when the sum in the coordinate is 1, since
1+1=0
0+0=0
1+0=1
0 + 1 = 1.
Consequently, the weight of the sum must be the distance between
the two codewords.
Theorem 8.18. Let dmin be the minimum distance for a group
code C. Then dmin is the minimum of all the nonzero weights of
the nonzero codewords in C. That is,
dmin = min{w(x) : x = 0}.
8.2. LINEAR CODES
117
Proof. Observe that

dmin = min{d(x, y) : x = y}
= min{d(x, y) : x + y = 0}
= min{w(x + y) : x + y = 0}
= min{w(z) : z = 0}.
Linear Codes
From Example 8.16, it is now easy to check that the minimum
nonzero weight is 3; hence, the code does indeed detect and correct
all single errors. We have now reduced the problem of finding
good codes to that of generating group codes. One easy way to
generate group codes is to employ a bit of matrix theory.
Define the inner product of two binary n-tuples to be
x y = x1 y1 + + xn yn ,
where x = (x1 , x2 , . . . , xn )t and y = (y1 , y2 , . . . , yn )t are column
vectors.3 For example, if x = (011001)t and y = (110101)t , then
x y = 0. We can also look at an inner product as the product of
a row matrix with a column matrix; that is,
x y = xt y
(
= x1 x2
y1
)
y2
xn .
..
yn
= x1 y1 + x2 y2 + + xn yn .
Example 8.19. Suppose that the words to be encoded consist of
all binary 3-tuples and that our encoding scheme is even-parity. To
encode an arbitrary 3-tuple, we add a fourth bit to obtain an even
number of 1s. Notice that an arbitrary n-tuple x = (x1 , x2 , . . . , xn )t
has an even number of 1s exactly when x1 + x2 + + xn = 0;
hence, a 4-tuple x = (x1 , x2 , x3 , x4 )t has an even number of 1s if
x1 + x2 + x3 + x4 = 0, or

1

(
)
1
x 1 = xt 1 = x1 x2 x3 x4 = 0.
1
1
This example leads us to hope that there is a connection between
matrices and coding theory.
3
Since we will be working with matrices, we will write binary n-tuples as

column vectors for the remainder of this chapter.
118
Let Mmn (Z2 ) denote the set of all m n matrices with entries
in Z2 . We do matrix operations as usual except that all our addition and multiplication operations occur in Z2 . Define the null
space of a matrix H Mmn (Z2 ) to be the set of all binary ntuples x such that Hx = 0. We denote the null space of a matrix
H by Null(H).
0 1 0 1 0
H = 1 1 1 1 0 .
0 0 1 1 1
For a 5-tuple x = (x1 , x2 , x3 , x4 , x5 )t to be in the null space of H,
Hx = 0. Equivalently, the following system of equations must be
satisfied:
x2 + x4 = 0
x1 + x2 + x3 + x4 = 0
x3 + x4 + x5 = 0.
The set of binary 5-tuples satisfying these equations is
(00000)
(11110)
(10101)
(01011).
This code is easily determined to be a group code.

Theorem 8.21. Let H be in Mmn (Z2 ). Then the null space of
H is a group code.
Proof. Since each element of Zn2 is its own inverse, the only thing
that really needs to be checked here is closure. Let x, y Null(H)
for some matrix H in Mmn (Z2 ). Then Hx = 0 and Hy = 0. So
H(x + y) = Hx + Hy = 0 + 0 = 0.
Hence, x + y is in the null space of H and therefore must be a
codeword.
A code is a linear code if it is determined by the null space of
some matrix H Mmn (Z2 ).
Example 8.22. Let C be the code given
0 0 0 1 1
H = 0 1 1 0 1
1 0 1 0 0
by the matrix
1
1 .
1
Suppose that the 6-tuple x = (010011)t is received. It is a simple

matter of matrix multiplication to determine whether or not x is
a codeword. Since

0
Hx = 1 ,
1
8.3. PARITY-CHECK AND GENERATOR MATRICES
119
the received word is not a codeword. We must either attempt to

correct the word or request that it be transmitted again.
8.3
Parity-Check and Generator Matrices
We need to find a systematic way of generating linear codes as

well as fast methods of decoding. By examining the properties of a
matrix H and by carefully choosing H, it is possible to develop very
efficient methods of encoding and decoding messages. To this end,
we will introduce standard generator and canonical parity-check
matrices.
Suppose that H is an m n matrix with entries in Z2 and
n > m. If the last m columns of the matrix form the mm identity
matrix, Im , then the matrix is a canonical parity-check matrix.
More specifically, H = (A | Im ), where A is the m (n m) matrix
a11
a21
.
..
am1
a12 a1,nm
a22 a2,nm
.. . .
..
.
.
.
am2 am,nm
and Im is the m m identity matrix
1 0 0
0 1 0
. . .
.
.
.. .. . . ..
0 0 1
With each canonical parity-check matrix we can associate an n
(n m) standard generator matrix
(
G=
Inm
A
)
.
Our goal will be to show that Gx = y if and only if Hy = 0. Given

a message block x to be encoded, G will allow us to quickly encode
it into a linear codeword y.
Example 8.23. Suppose that we have the following eight words
to be encoded:
(000), (001), (010), . . . , (111).
For
0 1 1
A = 1 1 0 ,
1 0 1
120
the associated standard generator

trices are
1
0
0
G=
0
1
1
and canonical parity-check ma0

1
0
1
1
0
0
0
0
1
and
0 1 1 1 0 0
H = 1 1 0 0 1 0 ,
1 0 1 0 0 1
respectively.
Observe that the rows in H represent the parity checks on
certain bit positions in a 6-tuple. The 1s in the identity matrix serve as parity checks for the 1s in the same row. If x =
(x1 , x2 , x3 , x4 , x5 , x6 ), then
x2 + x3 + x4
0 = Hx = x1 + x2 + x5 ,
x1 + x3 + x6
which yields a system of equations:
x2 + x3 + x4 = 0
x1 + x2 + x5 = 0
x1 + x3 + x6 = 0.
Here x4 serves as a check bit for x2 and x3 ; x5 is a check bit for x1
and x2 ; and x6 is a check bit for x1 and x3 . The identity matrix
keeps x4 , x5 , and x6 from having to check on each other. Hence,
x1 , x2 , and x3 can be arbitrary but x4 , x5 , and x6 must be chosen
to ensure parity. The null space of H is easily computed to be
(000000) (001101) (010110) (011011)
(100011) (101110) (110101) (111000).
An even easier way to compute the null space is with the generator
matrix G (Table 8.24).

Message Word x
000
001
010
011
100
101
110
111
121
Codeword Gx
000000
001101
010110
011011
100011
101110
110101
111000
Table 8.24: A matrix-generated code

Theorem 8.25. If H Mmn (Z2 ) is a canonical parity-check
matrix, then Null(H) consists of all x Zn2 whose first n m bits
are arbitrary but whose last m bits are determined by Hx = 0.
Each of the last m bits serves as an even parity check bit for some
of the first n m bits. Hence, H gives rise to an (n, n m)-block
code.
We leave the proof of this theorem as an exercise. In light of
the theorem, the first n m bits in x are called information bits
and the last m bits are called check bits. In Example 8.23, the
first three bits are the information bits and the last three are the
check bits.
Theorem 8.26. Suppose
that G is an n } k standard generator
{
matrix. Then C = y : Gx = y for x Zk2 is an (n, k)-block code.
More specifically, C is a group code.
Proof. Let Gx1 = y1 and Gx2 = y2 be two codewords. Then

y1 + y2 is in C since
G(x1 + x2 ) = Gx1 + Gx2 = y1 + y2 .
We must also show that two message blocks cannot be encoded
into the same codeword. That is, we must show that if Gx = Gy,
then x = y. Suppose that Gx = Gy. Then
Gx Gy = G(x y) = 0.
However, the first k coordinates in G(x y) are exactly x1
y1 , . . . , xk yk , since they are determined by the identity matrix,
Ik , part of G. Hence, G(x y) = 0 exactly when x = y.
Before we can prove the relationship between canonical paritycheck matrices and standard generating matrices, we need to prove
a lemma.
122
Lemma 8.27. Let H =

( (A |)Im ) be an m n canonical paritycheck matrix and G = Inm
be the corresponding n (n m)
A
standard generator matrix. Then HG = 0.
Proof. Let C = HG. The ijth entry in C is
cij =
=
hik gkj
k=1
nm
k=1
nm
hik gkj +
aik kj +
k=1
k=nm+1
n
hik gkj
i(mn),k akj
k=nm+1
= aij + aij
= 0,
where
{
ij =
1,
i=j
0,
i = j
is the Kronecker delta.

Theorem 8.28. Let H = (A
( | Im)) be an m n canonical paritycheck matrix and let G = Inm
be the n (n m) standard
A
generator matrix associated with H. Let C be the code generated
by G. Then y is in C if and only if Hy = 0. In particular, C is a
linear code with canonical parity-check matrix H.
Proof. First suppose that y C. Then Gx = y for some x Zm
2 .
By Lemma 8.27, Hy = HGx = 0.
Conversely, suppose that y = (y1 , . . . , yn )t is in the null space
of H. We need to find an x in Znm
such that Gxt = y. Since
2
Hy = 0, the following set of equations must be satisfied:
a11 y1 + a12 y2 + + a1,nm ynm + ynm+1 = 0
a21 y1 + a22 y2 + + a2,nm ynm + ynm+1 = 0
..
.
am1 y1 + am2 y2 + + am,nm ynm + ynm+1 = 0.
Equivalently, ynm+1 , . . . , yn are determined by y1 , . . . , ynm :
ynm+1 = a11 y1 + a12 y2 + + a1,nm ynm
ynm+1 = a21 y1 + a22 y2 + + a2,nm ynm
..
.
ynm+1 = am1 y1 + am2 y2 + + am,nm ynm .
Consequently, we can let xi = yi for i = 1, . . . , n m.
123
It would be helpful if we could compute the minimum distance

of a linear code directly from its matrix H in order to determine
the error-detecting and error-correcting capabilities of the code.
Suppose that
e1 = (100 00)t
e2 = (010 00)t
..
.
en = (000 01)t
are the n-tuples in Zn2 of weight 1. For an m n binary matrix H,
Hei is exactly the ith column of the matrix H.
Example 8.29. Observe that

0

1 1 1 0 0 1
1
1 0 0 1 0
0 = 0 .

1 1 0 0 1 0
1
0
We state this result in the following proposition and leave the
proof as an exercise.
Proposition 8.30. Let ei be the binary n-tuple with a 1 in the
ith coordinate and 0s elsewhere and suppose that H Mmn (Z2 ).
Then Hei is the ith column of the matrix H.
Theorem 8.31. Let H be an m n binary matrix. Then the null
space of H is a single error-detecting code if and only if no column
of H consists entirely of zeros.
Proof. Suppose that Null(H) is a single error-detecting code.
Then the minimum distance of the code must be at least 2. Since
the null space is a group code, it is sufficient to require that the
code contain no codewords of less than weight 2 other than the
zero codeword. That is, ei must not be a codeword for i = 1, . . . , n.
Since Hei is the ith column of H, the only way in which ei could
be in the null space of H would be if the ith column were all zeros,
which is impossible; hence, the code must have the capability to
detect at least single errors.
Conversely, suppose that no column of H is the zero column.
By Proposition 8.30, Hei = 0.
Example 8.32. If we consider
H1 = 1
1
the matrices
1 1 0 0
0 0 1 0
1 0 0 1
124
and
1 1 1 0 0
H2 = 1 0 0 0 0 ,
1 1 0 0 1
then the null space of H1 is a single error-detecting code and the

null space of H2 is not.
We can even do better than Theorem 8.31. This theorem gives
us conditions on a matrix H that tell us when the minimum weight
of the code formed by the null space of H is 2. We can also determine when the minimum distance of a linear code is 3 by examining
the corresponding matrix.
Example 8.33. If we let
1 1 1 0
H = 1 0 0 1
1 1 0 0
and want to determine whether or not H is the canonical paritycheck matrix for an error-correcting code, it is necessary to make
certain that Null(H) does not contain any 4-tuples of weight 2.
That is, (1100), (1010), (1001), (0110), (0101), and (0011) must
not be in Null(H). The next theorem states that we can indeed
determine that the code generated by H is error-correcting by examining the columns of H. Notice in this example that not only
does H have no zero columns, but also that no two columns are
the same.
Theorem 8.34. Let H be a binary matrix. The null space of H
is a single error-correcting code if and only if H does not contain
any zero columns and no two columns of H are identical.
Proof. The n-tuple ei + ej has 1s in the ith and jth entries and
0s elsewhere, and w(ei + ej ) = 2 for i = j. Since
0 = H(ei + ej ) = Hei + Hej
can only occur if the ith and jth columns are identical, the null
space of H is a single error-correcting code.
Suppose now that we have a canonical parity-check matrix H
with three rows. Then we might ask how many more columns we
can add to the matrix and still have a null space that is a single
error-detecting and single error-correcting code. Since each column
has three entries, there are 23 = 8 possible distinct columns. We
cannot add the columns

0
0
1
0
0 , 0 , 1 , 0 .
1
0
0
0
8.4. EFFICIENT DECODING
125
So we can add as many as four columns and still maintain a minimum distance of 3.
In general, if H is an m n canonical parity-check matrix, then
there are n m information positions in each codeword. Each
column has m bits, so there are 2m possible distinct columns. It
is necessary that the columns 0, e1 , . . . , em be excluded, leaving
2m (1 + m) remaining columns for information if we are still to
maintain the ability not only to detect but also to correct single
errors.
8.4
Efficient Decoding
We are now at the stage where we are able to generate linear codes
that detect and correct errors fairly easily, but it is still a timeconsuming process to decode a received n-tuple and determine
which is the closest codeword, because the received n-tuple must
be compared to each possible codeword to determine the proper
decoding. This can be a serious impediment if the code is very
large.
Example 8.35. Given the binary
1 1
H= 0 1
1 0
matrix
1 0 0
0 1 0
0 0 1
and the 5-tuples x = (11011)t and y = (01011)t , we can compute

0
1
Hx = 0
and
Hy = 0 .
0
1
Hence, x is a codeword and y is not, since x is in the null space
and y is not. Notice that Hy is identical to the first column of H.
In fact, this is where the error occurred. If we flip the first bit in
y from 0 to 1, then we obtain x.
If H is an m n matrix and x Zn2 , then we say that the
syndrome of x is Hx. The following proposition allows the quick
detection and correction of errors.
Proposition 8.36. Let the m n binary matrix H determine a
linear code and let x be the received n-tuple. Write x as x =
c+e, where c is the transmitted codeword and e is the transmission
error. Then the syndrome Hx of the received codeword x is also
the syndrome of the error e.
Proof. The proof follows from the fact that
Hx = H(c + e) = Hc + He = 0 + He = He.
126
This proposition tells us that the syndrome of a received word

depends solely on the error and not on the transmitted codeword. The proof of the following theorem follows immediately from
Proposition 8.36 and from the fact that He is the ith column of
the matrix H.
Theorem 8.37. Let H Mmn (Z2 ) and suppose that the linear
code corresponding to H is single error-correcting. Let r be a
received n-tuple that was transmitted with at most one error. If the
syndrome of r is 0, then no error has occurred; otherwise, if the
syndrome of r is equal to some column of H, say the ith column,
then the error has occurred in the ith bit.
Example 8.38. Consider the matrix
1 0 1 1 0 0
H = 0 1 1 0 1 0
1 1 1 0 0 1
and suppose that the 6-tuples x = (111110)t , y = (111111)t , and
z = (010111)t have been received. Then

1
1
1
Hx = 1 , Hy = 1 , Hz = 0 .
1
0
0
Hence, x has an error in the third bit and z has an error in the
fourth bit. The transmitted codewords for x and z must have been
(110110) and (010011), respectively. The syndrome of y does not
occur in any of the columns of the matrix H, so multiple errors
must have occurred to produce y.
Coset Decoding
We can use group theory to obtain another way of decoding messages. A linear code C is a subgroup of Zn2 . Coset or standard
decoding uses the cosets of C in Zn2 to implement maximumlikelihood decoding. Suppose that C is an (n, m)-linear code. A
coset of C in Zn2 is written in the form x+C, where x Zn2 . By Lagranges Theorem (Theorem 6.10), there are 2nm distinct cosets
of C in Zn2 .
Example 8.39. Let C be the (5, 3)-linear code given by the paritycheck matrix
0 1 1 0 0
H = 1 0 0 1 0 .
1 1 0 0 1
The code consists of the codewords
(00000) (01101) (10011)
(11110).
There are 252 = 23 cosets of C in Z52 , each with order 22 = 4.

These cosets are listed in Table 8.40.
8.4. EFFICIENT DECODING

Coset
Representative
C
(10000) + C
(01000) + C
(00100) + C
(00010) + C
(00001) + C
(10100) + C
(00110) + C
127
Coset
(00000)
(10000)
(01000)
(00100)
(00010)
(00001)
(00111)
(00110)
(01101)
(11101)
(00101)
(01001)
(01111)
(01100)
(01010)
(01011)
(10011)
(00011)
(11011)
(10111)
(10001)
(10010)
(10100)
(10101)
(11110)
(01110)
(10110)
(11010)
(11100)
(11111)
(11001)
(11000)
Table 8.40: Cosets of C
Our task is to find out how knowing the cosets might help us
to decode a message. Suppose that x was the original codeword
sent and that r is the n-tuple received. If e is the transmission
error, then r = e + x or, equivalently, x = e + r. However, this
is exactly the statement that r is an element in the coset e + C.
In maximum-likelihood decoding we expect the error e to be as
small as possible; that is, e will have the least weight. An ntuple of least weight in a coset is called a coset leader. Once we
have determined a coset leader for each coset, the decoding process
becomes a task of calculating r + e to obtain x.
Example 8.41. In Table 8.40, notice that we have chosen a representative of the least possible weight for each coset. These representatives are coset leaders. Now suppose that r = (01111) is
the received word. To decode r, we find that it is in the coset
(00010) + C; hence, the originally transmitted codeword must have
been (01101) = (01111) + (00010).
A potential problem with this method of decoding is that we

might have to examine every coset for the received codeword. The
following proposition gives a method of implementing coset decoding. It states that we can associate a syndrome with each coset;
hence, we can make a table that designates a coset leader corresponding to each syndrome. Such a list is called a decoding table.
128

Syndrome
(000)
(001)
(010)
(011)
(100)
(101)
(110)
(111)
Coset Leader
(00000)
(00001)
(00010)
(10000)
(00100)
(01000)
(00110)
(10100)
Table 8.42: Syndromes for each coset

Proposition 8.43. Let C be an (n, k)-linear code given by the
matrix H and suppose that x and y are in Zn2 . Then x and y are
in the same coset of C if and only if Hx = Hy. That is, two
n-tuples are in the same coset if and only if their syndromes are
the same.
Proof. Two n-tuples x and y are in the same coset of C exactly
when x y C; however, this is equivalent to H(x y) = 0 or
Hx = Hy.
Example 8.44. Table 8.42 is a decoding table for the code C given
in Example 8.39. If x = (01111) is received, then its syndrome can
be computed to be

0
Hx = 1 .
1
Examining the decoding table, we determine that the coset leader
is (00010). It is now easy to decode the received codeword.
Given an (n, k)-block code, the question arises of whether or not
coset decoding is a manageable scheme. A decoding table requires
a list of cosets and syndromes, one for each of the 2nk cosets of
C. Suppose that we have a (32, 24)-block code. We have a huge
number of codewords, 224 , yet there are only 23224 = 28 = 256
cosets.
Sage Sage has a substantial repertoire of commands for coding
theory, including the ability to build many different families of
codes.
8.5
Exercises
1. Why is the following encoding scheme not acceptable?
8.5. EXERCISES
Information
Codeword
0
000
129
1
001
2
010
3
011
4
101
5
110
6
111
7
000
8
001
2. Without doing any addition, explain why the following set of

4-tuples in Z42 cannot be a group code.
(0110)
(1001)
(1010)
(1100)
3. Compute the Hamming distances between the following pairs

of n-tuples.
(a) (011010), (011100)
(c) (00110), (01111)
(b) (11110101), (01010100)
(d) (1001), (0111)
4. Compute the weights of the following n-tuples.

(a) (011010)
(c) (01111)
(b) (11110101)
(d) (1011)
5. Suppose that a linear code C has a minimum weight of 7. What

are the error-detection and error-correction capabilities of C?
6. In each of the following codes, what is the minimum distance
for the code? What is the best situation we might hope for in
connection with error detection and error correction?
(a) (011010) (011100) (110111) (110000)
(b) (011100) (011011) (111011) (100011) (000000) (010101) (110100) (110011)
(c) (000000) (011100) (110101) (110001)
(d) (0110110) (0111100) (1110000) (1111111) (1001001) (1000011) (0001111) (0000000)
7. Compute the null space of each of the following matrices. What
type of (n, k)-block codes are the null spaces? Can you find a
matrix (not necessarily a standard generator matrix) that generates
each code? Are your generator matrices unique?
(a)
(b)
0 1 0 0 0
1 0 1 0 1
1 0 0 1 0
0
1
0
1
1
1
1
0
0
0
0
1
0
0
0
0
1
0
0
1
130
(c)
(d)
1
0
(
)
1 0 0 1 1
0 1 0 1 1
0
1
0
1
0
1
1
1
1
0
0
0
1
0
1
0
1
1
0
1
1
1
8. Construct a (5, 2)-block code. Discuss both the error-detection

and error-correction capabilities of your code.
9. Let C be the code obtained from the null space of the matrix
0 1 0 0 1
H = 1 0 1 0 1 .
0 0 1 1 1
Decode the message
01111 10101
01110
00011
if possible.
10. Suppose that a 1000-bit binary message is transmitted. Assume that the probability of a single error is p and that the errors occurring in different bits are independent of one another. If
p = 0.01, what is the probability of more than one error occurring?
What is the probability of exactly two errors occurring? Repeat
this problem for p = 0.0001.
11. Which matrices are canonical parity-check matrices? For those
matrices that are canonical parity-check matrices, what are the
corresponding standard generator matrices? What are the errordetection and error-correction capabilities of the code generated by
each of these matrices?
(a)
0
1
(b)
0
1
1
0
0
0
1
1
1
1
0
1
0
0
1
0
0
0
0
0
1
0
0
1
0
0
0
1
0
0
1
0
0
1
(c)
(
)
1 1 1 0
1 0 0 1
(d)
1
0
0
1
0
1
0
1
1
1
1
0
0
0
0
1
0
0
0
0
1
0
0
1
8.5. EXERCISES
131
12. List all possible syndromes for the codes generated by each of
the matrices in Exercise 8.5.11.
13. Let
0 1 1 1 1
H = 0 0 0 1 1 .
1 0 1 0 1
Compute the syndrome caused by each of the following transmission errors.

(a) An error in the first bit.
(b) An error in the third bit.
(c) An error in the last bit.
(d) Errors in the third and fourth bits.
14. Let C be the group code in Z32 defined by the codewords (000)
and (111). Compute the cosets of H in Z32 . Why was there no need
to specify right or left cosets? Give the single transmission error,
if any, to which each coset corresponds.
15. For each of the following matrices, find the cosets of the corresponding code C. Give a decoding table for each code if possible.
(a)
(c)
(
)
1 0 0 1 1
0 1 0 1 1
0 1 0 0 0
1 0 1 0 1
1 0 0 1 0
(b)
(d)
0
1
0
1
1
1
1
0
0
0
0
1
1
0
0
1
1
1
0
1
0
1
0
1
1
1
1
0
0
0
1
0
1
0
1
1
0
1
1
0
16. Let x, y, and z be binary n-tuples. Prove each of the following

statements.
(a) w(x) = d(x, 0)
(b) d(x, y) = d(x + z, y + z)
(c) d(x, y) = w(x y)
17. A metric on a set X is a map d : X X R satisfying the
following conditions.
(a) d(x, y) 0 for all x, y X;
132
(b) d(x, y) = 0 exactly when x = y;

(c) d(x, y) = d(y, x);
(d) d(x, y) d(x, z) + d(z, y).
In other words, a metric is simply a generalization of the notion
of distance. Prove that Hamming distance is a metric on Zn2 . Decoding a message actually reduces to deciding which is the closest
codeword in terms of distance.
18. Let C be a linear code. Show that either the ith coordinates in
the codewords of C are all zeros or exactly half of them are zeros.
19. Let C be a linear code. Show that either every codeword has
even weight or exactly half of the codewords have even weight.
20. Show that the codewords of even weight in a linear code C are
also a linear code.
21. If we are to use an error-correcting linear code to transmit the
128 ASCII characters, what size matrix must be used? What size
matrix must be used to transmit the extended ASCII character set
of 256 characters? What if we require only error detection in both
cases?
22. Find the canonical parity-check matrix that gives the even parity check bit code with three information positions. What is the
matrix for seven information positions? What are the corresponding standard generator matrices?
23. How many check positions are needed for a single error-correcting
code with 20 information positions? With 32 information positions?
24. Let ei be the binary n-tuple with a 1 in the ith coordinate and
0s elsewhere and suppose that H Mmn (Z2 ). Show that Hei is
the ith column of the matrix H.
25. Let C be an (n, k)-linear code. Define the dual or orthogonal
code of C to be
C = {x Zn2 : x y = 0 for all y C}.
(a) Find the dual code of the linear code C where C is given by
the matrix
1 1 1 0 0
0 0 1 0 1 .
1 0 0 1 0
(b) Show that C is an (n, n k)-linear code.
133
(c) Find the standard generator and parity-check matrices of C

and C . What happens in general? Prove your conjecture.
26. Let H be an m n matrix over Z2 , where the ith column is
the number i written in binary with m bits. The null space of such
a matrix is called a Hamming code.
(a) Show that the matrix
0 0 0 1 1 1
H = 0 1 1 0 0 1
1 0 1 0 1 0
generates a Hamming code. What are the error-correcting

properties of a Hamming code?
(b) The column corresponding to the syndrome also marks the
bit that was in error; that is, the ith column of the matrix is
i written as a binary number, and the syndrome immediately
tells us which bit is in error. If the received word is (101011),
compute the syndrome. In which bit did the error occur in
this case, and what codeword was originally transmitted?
(c) Give a binary matrix H for the Hamming code with six information positions and four check positions. What are the check
positions and what are the information positions? Encode the
messages (101101) and (001001). Decode the received words
(0010000101) and (0000101100). What are the possible syndromes for this code?
(d) What is the number of check bits and the number of information bits in an (m, n)-block Hamming code? Give both an
upper and a lower bound on the number of information bits
in terms of the number of check bits. Hamming codes having the maximum possible number of information bits with k
check bits are called perfect. Every possible syndrome except
0 occurs as a column. If the number of information bits is
less than the maximum, then the code is called shortened. In
this case, give an example showing that some syndromes can
represent multiple errors.
8.6 Programming Exercises

1. Write a program to implement a (16, 12)-linear code. Your program should be able to encode and decode messages using coset
decoding. Once your program is written, write a program to simulate a binary symmetric channel with transmission noise. Compare
the results of your simulation with the theoretically predicted error
probability.
134
8.7
[1]
Blake, I. F. Codes and Designs, Mathematics Magazine

52(1979), 8195.
[2]
Hill, R. A First Course in Coding Theory. Oxford University

Press, Oxford, 1990.
[3]
Levinson, N. Coding Theory: A Counterexample to G. H.

Hardys Conception of Applied Mathematics, American Mathematical Monthly 77(1970), 24958.
[4]
Lidl, R. and Pilz, G. Applied Abstract Algebra.

[5]
MacWilliams, F. J. and Sloane, N. J. A. The Theory of ErrorCorrecting Codes. North-Holland Mathematical Library, 16,
Elsevier, Amsterdam, 1983.
[6]
Roman, S. Coding and Information Theory. Springer-Verlag,

New York, 1992.
[7]
Shannon, C. E. A Mathematical Theory of Communication, Bell System Technical Journal 27(1948), 379423, 623
56.
[8]
Thompson, T. M. From Error-Correcting Codes through Sphere

Packing to Simple Groups. Carus Monograph Series, No.
21. Mathematical Association of America, Washington, DC,
1983.
[9]
van Lint, J. H. Introduction to Coding Theory. Springer, New

York, 1999.
2nd ed.
9
Isomorphisms
Many groups may appear to be different at first glance, but can be

shown to be the same by a simple renaming of the group elements.
For example, Z4 and the subgroup of the circle group T generated
by i can be shown to be the same by demonstrating a one-toone correspondence between the elements of the two groups and
between the group operations. In such a case we say that the
groups are isomorphic.
9.1
Definition and Examples
Two groups (G, ) and (H, ) are isomorphic if there exists a oneto-one and onto map : G H such that the group operation is
preserved; that is,
(a b) = (a) (b)
for all a and b in G. If G is isomorphic to H, we write G
= H.
The map is called an isomorphism.
i, define a map : Z4 i
Example 9.1. To show that Z4 =
n
by (n) = i . We must show that is bijective and preserves the
group operation. The map is one-to-one and onto because
(0) = 1
(1) = i
(2) = 1
(3) = i.
Since
(m + n) = im+n = im in = (m)(n),
the group operation is preserved.
Example 9.2. We can define an isomorphism from the additive
group of real numbers (R, +) to the multiplicative group of positive
real numbers (R+ , ) with the exponential map; that is,
(x + y) = ex+y = ex ey = (x)(y).
Of course, we must still show that is one-to-one and onto, but
this can be determined using calculus.
135
136
CHAPTER 9. ISOMORPHISMS
Example 9.3. The integers are isomorphic to the subgroup of Q

consisting of elements of the form 2n . Define a map : Z Q by
(n) = 2n . Then
(m + n) = 2m+n = 2m 2n = (m)(n).
By definition the map is onto the subset {2n : n Z} of Q .
To show that the map is injective, assume that m = n. If we can
show that (m) = (n), then we are done. Suppose that m > n
and assume that (m) = (n). Then 2m = 2n or 2mn = 1, which
is impossible since m n > 0.
Example 9.4. The groups Z8 and Z12 cannot be isomorphic since
they have different orders; however, it is true that U (8)
= U (12).
We know that
U (8) = {1, 3, 5, 7}
U (12) = {1, 5, 7, 11}.
An isomorphism : U (8) U (12) is then given by
1 7 1
3 7 5
5 7 7
7 7 11.
The map is not the only possible isomorphism between these
two groups. We could define another isomorphism by (1) = 1,
(3) = 11, (5) = 5, (7) = 7. In fact, both of these groups are
isomorphic to Z2 Z2 (see Example 3.28 in Chapter 3).
Example 9.5. Even though S3 and Z6 possess the same number of
elements, we would suspect that they are not isomorphic, because
Z6 is abelian and S3 is nonabelian. To demonstrate that this is
indeed the case, suppose that : Z6 S3 is an isomorphism.
Let a, b S3 be two elements such that ab = ba. Since is an
isomorphism, there exist elements m and n in Z6 such that
(m) = a
and (n) = b.
However,
ab = (m)(n) = (m + n) = (n + m) = (n)(m) = ba,
which contradicts the fact that a and b do not commute.
Theorem 9.6. Let : G H be an isomorphism of two groups.
Then the following statements are true.
1. 1 : H G is an isomorphism.
9.1. DEFINITION AND EXAMPLES
137
2. |G| = |H|.
3. If G is abelian, then H is abelian.
4. If G is cyclic, then H is cyclic.
5. If G has a subgroup of order n, then H has a subgroup of
order n.
Proof. Assertions (1) and (2) follow from the fact that is a
bijection. We will prove (3) here and leave the remainder of the
theorem to be proved in the exercises.
(3) Suppose that h1 and h2 are elements of H. Since is
onto, there exist elements g1 , g2 G such that (g1 ) = h1 and
(g2 ) = h2 . Therefore,
h1 h2 = (g1 )(g2 ) = (g1 g2 ) = (g2 g1 ) = (g2 )(g1 ) = h2 h1 .
We are now in a position to characterize all cyclic groups.

Theorem 9.7. All cyclic groups of infinite order are isomorphic
to Z.
Proof. Let G be a cyclic group with infinite order and suppose
that a is a generator of G. Define a map : Z G by : n 7 an .
Then
(m + n) = am+n = am an = (m)(n).
To show that is injective, suppose that m and n are two elements
in Z, where m = n. We can assume that m > n. We must show
that am = an . Let us suppose the contrary; that is, am = an . In
this case amn = e, where m n > 0, which contradicts the fact
that a has infinite order. Our map is onto since any element in G
can be written as an for some integer n and (n) = an .
Theorem 9.8. If G is a cyclic group of order n, then G is isomorphic to Zn .
Proof. Let G be a cyclic group of order n generated by a and
define a map : Zn G by : k 7 ak , where 0 k < n.
The proof that is an isomorphism is one of the end-of-chapter
exercises.
Corollary 9.9. If G is a group of order p, where p is a prime
number, then G is isomorphic to Zp .
Proof. The proof is a direct result of Corollary 6.12.
138
The main goal in group theory is to classify all groups; however,

it makes sense to consider two groups to be the same if they are
isomorphic. We state this result in the following theorem, whose
proof is left as an exercise.
Theorem 9.10. The isomorphism of groups determines an equivalence relation on the class of all groups.
Hence, we can modify our goal of classifying all groups to classifying all groups up to isomorphism; that is, we will consider
two groups to be the same if they are isomorphic.
Cayleys Theorem
Cayley proved that if G is a group, it is isomorphic to a group
of permutations on some set; hence, every group is a permutation
group. Cayleys Theorem is what we call a representation theorem.
The aim of representation theory is to find an isomorphism of some
group G that we wish to study into a group that we know a great
deal about, such as a group of permutations or matrices.
Example 9.11. Consider the group Z3 . The Cayley table for Z3
is as follows.
+
0
1
2
0
0
1
2
1
1
2
0
2
2
0
1
The addition table of Z3 suggests that it is the same as the

permutation group G = {(0), (012), (021)}. The isomorphism here
is
(
)
0 1 2
0 7
= (0)
0 1 2
(
)
0 1 2
1 7
= (012)
1 2 0
(
)
0 1 2
2 7
= (021).
2 0 1
Theorem 9.12 (Cayley). Every group is isomorphic to a group of
permutations.
Proof. Let G be a group. We must find a group of permutations
G that is isomorphic to G. For any g G, define a function
g : G G by g (a) = ga. We claim that g is a permutation
9.1. DEFINITION AND EXAMPLES
139
of G. To show that g is one-to-one, suppose that g (a) = g (b).

Then
ga = g (a) = g (b) = gb.
Hence, a = b. To show that g is onto, we must prove that for each
a G, there is a b such that g (b) = a. Let b = g 1 a.
Now we are ready to define our group G. Let
G = {g : g G}.
We must show that G is a group under composition of functions
and find an isomorphism between G and G. We have closure under
composition of functions since
(g h )(a) = g (ha) = gha = gh (a).
Also,
e (a) = ea = a
and
(g1 g )(a) = g1 (ga) = g 1 ga = a = e (a).
We can define an isomorphism from G to G by : g 7 g . The

group operation is preserved since
(gh) = gh = g h = (g)(h).
It is also one-to-one, because if (g)(a) = (h)(a), then
ga = g a = h a = ha.
Hence, g = h. That is onto follows from the fact that (g) = g
for any g G.
The isomorphism g 7 g is known as the left regular representation of G.
Historical Note
Arthur Cayley was born in England in 1821, though he spent
much of the first part of his life in Russia, where his father was a
merchant. Cayley was educated at Cambridge, where he took the
first Smiths Prize in mathematics. A lawyer for much of his adult
life, he wrote several papers in his early twenties before entering the
legal profession at the age of 25. While practicing law he continued
his mathematical research, writing more than 300 papers during
this period of his life. These included some of his best work. In 1863
he left law to become a professor at Cambridge. Cayley wrote more
than 900 papers in fields such as group theory, geometry, and linear
algebra. His legal knowledge was very valuable to Cambridge; he
participated in the writing of many of the universitys statutes.
Cayley was also one of the people responsible for the admission of
women to Cambridge.
140
9.2
Direct Products
Given two groups G and H, it is possible to construct a new group

from the Cartesian product of G and H, G H. Conversely, given
a large group, it is sometimes possible to decompose the group;
that is, a group is sometimes isomorphic to the direct product of
two smaller groups. Rather than studying a large group G, it is
often easier to study the component groups of G.
External Direct Products

If (G, ) and (H, ) are groups, then we can make the Cartesian
product of G and H into a new group. As a set, our group is just
the ordered pairs (g, h) G H where g G and h H. We can
define a binary operation on G H by
(g1 , h1 )(g2 , h2 ) = (g1 g2 , h1 h2 );
that is, we just multiply elements in the first coordinate as we do in
G and elements in the second coordinate as we do in H. We have
specified the particular operations and in each group here for the
sake of clarity; we usually just write (g1 , h1 )(g2 , h2 ) = (g1 g2 , h1 h2 ).
Proposition 9.13. Let G and H be groups. The set G H is
a group under the operation (g1 , h1 )(g2 , h2 ) = (g1 g2 , h1 h2 ) where
g1 , g2 G and h1 , h2 H.
Proof. Clearly the binary operation defined above is closed. If eG
and eH are the identities of the groups G and H respectively, then
(eG , eH ) is the identity of G H. The inverse of (g, h) G H
is (g 1 , h1 ). The fact that the operation is associative follows
directly from the associativity of G and H.
Example 9.14. Let R be the group of real numbers under addition. The Cartesian product of R with itself, R R = R2 , is
also a group, in which the group operation is just addition in each
coordinate; that is, (a, b) + (c, d) = (a + c, b + d). The identity is
(0, 0) and the inverse of (a, b) is (a, b).
Example 9.15. Consider
Z2 Z2 = {(0, 0), (0, 1), (1, 0), (1, 1)}.
Although Z2 Z2 and Z4 both contain four elements, they are
not isomorphic. Every element (a, b) in Z2 Z2 has order 2, since
(a, b) + (a, b) = (0, 0); however, Z4 is cyclic.
The group G H is called the external direct product of G
and H. Notice that there is nothing special about the fact that
9.2. DIRECT PRODUCTS
141
we have used only two groups to build a new group. The direct
product
n
Gi = G1 G2 Gn
i=1
of the groups G1 , G2 , . . . , Gn is defined in exactly the same manner.

If G = G1 = G2 = = Gn , we often write Gn instead of G1
G2 Gn .
Example 9.16. The group Zn2 , considered as a set, is just the set
of all binary n-tuples. The group operation is the exclusive or of
two binary n-tuples. For example,
(01011101) + (01001011) = (00010110).
This group is important in coding theory, in cryptography, and in
many areas of computer science.
Theorem 9.17. Let (g, h) G H. If g and h have finite orders
r and s respectively, then the order of (g, h) in G H is the least
common multiple of r and s.
Proof. Suppose that m is the least common multiple of r and s
and let n = |(g, h)|. Then
(g, h)m = (g m , hm ) = (eG , eH )
(g n , hn ) = (g, h)n = (eG , eH ).
Hence, n must divide m, and n m. However, by the second
equation, both r and s must divide n; therefore, n is a common
multiple of r and s. Since m is the least common multiple of r and
s, m n. Consequently, m must be equal to n.
Corollary 9.18. Let (g1 , . . . , gn ) G

i . If gi has finite order ri
in Gi , then the order of (g1 , . . . , gn ) in
Gi is the least common
multiple of r1 , . . . , rn .
Example 9.19. Let (8, 56) Z12 Z60 . Since gcd(8, 12) = 4, the
order of 8 is 12/4 = 3 in Z12 . Similarly, the order of 56 in Z60 is
15. The least common multiple of 3 and 15 is 15; hence, (8, 56) has
order 15 in Z12 Z60 .
Example 9.20. The group Z2 Z3 consists of the pairs
(0, 0),
(0, 1),
(0, 2),
(1, 0),
(1, 1),
(1, 2).
In this case, unlike that of Z2 Z2 and Z4 , it is true that Z2 Z3

=
Z6 . We need only show that Z2 Z3 is cyclic. It is easy to see that
(1, 1) is a generator for Z2 Z3 .
The next theorem tells us exactly when the direct product of
two cyclic groups is cyclic.
142
Theorem 9.21. The group Zm Zn is isomorphic to Zmn if and

only if gcd(m, n) = 1.
Proof. We will first show that if Zm Zn
= Zmn , then gcd(m, n) =
1. We will prove the contrapositive; that is, we will show that
if gcd(m, n) = d > 1, then Zm Zn cannot be cyclic. Notice
that mn/d is divisible by both m and n; hence, for any element
(a, b) Zm Zn ,
(a, b) + (a, b) + + (a, b) = (0, 0).
|
{z
}
mn/d times
Therefore, no (a, b) can generate all of Zm Zn .

The converse follows directly from Theorem 9.17 since lcm(m, n) =
mn if and only if gcd(m, n) = 1.
Corollary 9.22. Let n1 , . . . , nk be positive integers. Then
k
Zni
= Zn1 nk
i=1
if and only if gcd(ni , nj ) = 1 for i = j.

Corollary 9.23. If
m = pe11 pekk ,
where the pi s are distinct primes, then
Zm
= Zpe11 Zpek .
k
Proof. Since the greatest common divisor of pei i and pj j is 1 for

i = j, the proof follows from Corollary 9.22.
In Chapter 13, we will prove that all finite abelian groups are
isomorphic to direct products of the form
Zpe1 Zpek
1
where p1 , . . . , pk are (not necessarily distinct) primes.
Internal Direct Products

The external direct product of two groups builds a large group
out of two smaller groups. We would like to be able to reverse
this process and conveniently break down a group into its direct
product components; that is, we would like to be able to say when
a group is isomorphic to the direct product of two of its subgroups.
Let G be a group with subgroups H and K satisfying the following conditions.
9.2. DIRECT PRODUCTS
143
G = HK = {hk : h H, k K};
H K = {e};
hk = kh for all k K and h H.
Then G is the internal direct product of H and K.
Example 9.24. The group U (8) is the internal direct product of
H = {1, 3}
and K = {1, 5}.
Example 9.25. The dihedral group D6 is an internal direct product of its two subgroups
H = {id, r3 } and
K = {id, r2 , r4 , s, r2 s, r4 s}.
It can easily be shown that K

= S3 ; consequently, D6
= Z2 S3 .
Example 9.26. Not every group can be written as the internal
direct product of two of its proper subgroups. If the group S3 were
an internal direct product of its proper subgroups H and K, then
one of the subgroups, say H, would have to have order 3. In this
case H is the subgroup {(1), (123), (132)}. The subgroup K must
have order 2, but no matter which subgroup we choose for K, the
condition that hk = kh will never be satisfied for h H and k K.
Theorem 9.27. Let G be the internal direct product of subgroups
H and K. Then G is isomorphic to H K.
Proof. Since G is an internal direct product, we can write any
element g G as g = hk for some h H and some k K. Define
a map : G H K by (g) = (h, k).
The first problem that we must face is to show that is a
well-defined map; that is, we must show that h and k are uniquely
determined by g. Suppose that g = hk = h k . Then h1 h =
k(k )1 is in both H and K, so it must be the identity. Therefore,
h = h and k = k , which proves that is, indeed, well-defined.
To show that preserves the group operation, let g1 = h1 k1
and g2 = h2 k2 and observe that
(g1 g2 ) = (h1 k1 h2 k2 )
= (h1 h2 k1 k2 )
= (h1 h2 , k1 k2 )
= (h1 , k1 )(h2 , k2 )
= (g1 )(g2 ).
We will leave the proof that is one-to-one and onto as an exercise.
144
Example 9.28. The group Z6 is an internal direct product isomorphic to {0, 2, 4} {0, 3}.
We can extend the definition of an internal direct product of G
to a collection of subgroups H1 , H2 , . . . , Hn of G, by requiring that
G = H1 H2 Hn = {h1 h2 hn : hi Hi };
Hi j=i Hj = {e};
hi hj = hj hi for all hi Hi and hj Hj .
We will leave the proof of the following theorem as an exercise.
Theorem 9.29. Let G be the internal direct product
of subgroups
Hi , where i = 1, 2, . . . , n. Then G is isomorphic to i Hi .
Sage Sage can quickly determine if two permutation groups are
isomorphic, even though this should, in theory, be a very difficult
computation.
9.3
Exercises
1. Prove that Z
= nZ for n = 0.
2. Prove that C is isomorphic to the subgroup of GL2 (R) consisting of matrices of the form
)
(
a b
.
b a
3. Prove or disprove: U (8)
= Z4 .
4. Prove that U (8) is isomorphic to the group of matrices
)
) (
) (
) (
(
1 0
1 0
1 0
1 0
,
.
,
,
0 1
0 1
0 1
0 1
5. Show that U (5) is isomorphic to U (10), but U (12) is not.
6. Show that the nth roots of unity are isomorphic to Zn .
7. Show that any cyclic group of order n is isomorphic to Zn .
8. Prove that Q is not isomorphic to Z.
9. Let G = R \ {1} and define a binary operation on G by
a b = a + b + ab.
Prove that G is a group under this operation. Show that (G, ) is
isomorphic to the multiplicative group of nonzero real numbers.
9.3. EXERCISES
10. Show that the matrices

1 0 0
1
0 1 0 0
0 0 1
0

0 0 1
0
1 0 0 0
0 1 0
1
145
0 0
0 1
1 0
0 1
1 0
0 0
0
1
0
0
0
1
1 0
0 0
0 1
1 0
0 1
0 0
form a group. Find an isomorphism of G with a more familiar

group of order 6.
11. Find five non-isomorphic groups of order 8.
12. Prove S4 is not isomorphic to D12 .
13. Let = cis(2/n) be a primitive nth root of unity. Prove that
the matrices
(
)
(
)
0
0 1
A=
and
B
=
0 1
1 0
generate a multiplicative group isomorphic to Dn .
14. Show that the set of all matrices of the form
(
)
1 k
,
0 1
is a group isomorphic to Dn , where all entries in the matrix are in
Zn .
15. List all of the elements of Z4 Z2 .
16. Find the order of each of the following elements.
(a) (3, 4) in Z4 Z6
(b) (6, 15, 4) in Z30 Z45 Z24
(c) (5, 10, 15) in Z25 Z25 Z25
(d) (8, 8, 8) in Z10 Z24 Z80
17. Prove that D4 cannot be the internal direct product of two of
its proper subgroups.
18. Prove that the subgroup of Q consisting of elements of the
form 2m 3n for m, n Z is an internal direct product isomorphic to
Z Z.
19. Prove that S3 Z2 is isomorphic to D6 . Can you make a
conjecture about D2n ? Prove your conjecture.
146
20. Prove or disprove: Every abelian group of order divisible by 3

contains a subgroup of order 3.
21. Prove or disprove: Every nonabelian group of order divisible
by 6 contains a subgroup of order 6.
22. Let G be a group of order 20. If G has subgroups H and K
of orders 4 and 5 respectively such that hk = kh for all h H and
k K, prove that G is the internal direct product of H and K.
23. Prove or disprove the following assertion. Let G, H, and K
be groups. If G K
= H K, then G
= H.
24. Prove or disprove: There is a noncyclic abelian group of order
51.
25. Prove or disprove: There is a noncyclic abelian group of order
52.
26. Let : G1 G2 be a group isomorphism. Show that (x) = e
if and only if x = e.
27. Let G
= H. Show that if G is cyclic, then so is H.
28. Prove that any group G of order p, p prime, must be isomorphic to Zp .
29. Show that Sn is isomorphic to a subgroup of An+2 .
30. Prove that Dn is isomorphic to a subgroup of Sn .
31. Let : G1 G2 and : G2 G3 be isomorphisms. Show
that 1 and are both isomorphisms. Using these results,
show that the isomorphism of groups determines an equivalence
relation on the class of all groups.
32. Prove U (5)
= Z4 . Can you generalize this result for U (p),
where p is prime?
33. Write out the permutations associated with each element of
S3 in the proof of Cayleys Theorem.
34. An automorphism of a group G is an isomorphism with itself.
Prove that complex conjugation is an automorphism of the additive
group of complex numbers; that is, show that the map (a + bi) =
a bi is an isomorphism from C to C.
35. Prove that a + ib 7 a ib is an automorphism of C .
9.3. EXERCISES
147
36. Prove that A 7 B 1 AB is an automorphism of SL2 (R) for all

B in GL2 (R).
37. We will denote the set of all automorphisms of G by Aut(G).
Prove that Aut(G) is a subgroup of SG , the group of permutations
of G.
38. Find Aut(Z6 ).
39. Find Aut(Z).
40. Find two nonisomorphic groups G and H such that Aut(G)
=
Aut(H).
41. Let G be a group and g G. Define a map ig : G G by
ig (x) = gxg 1 . Prove that ig defines an automorphism of G. Such
an automorphism is called an inner automorphism. The set of
all inner automorphisms is denoted by Inn(G).
42. Prove that Inn(G) is a subgroup of Aut(G).
43. What are the inner automorphisms of the quaternion group
Q8 ? Is Inn(G) = Aut(G) in this case?
44. Let G be a group and g G. Define maps g : G G
and g : G G by g (x) = gx and g (x) = xg 1 . Show that
ig = g g is an automorphism of G. The isomorphism g 7 g is
called the right regular representation of G.
45. Let G be the internal direct product of subgroups H and K.
Show that the map : G H K defined by (g) = (h, k) for
g = hk, where h H and k K, is one-to-one and onto.
46. Let G and H be isomorphic groups. If G has a subgroup of
order n, prove that H must also have a subgroup of order n.
47. If G
= G and H
= H, show that G H
= G H.
48. Prove that G H is isomorphic to H G.
49. Let n1 , . . . , nk be positive integers. Show that
k
Zni
= Zn1 nk
i=1
if and only if gcd(ni , nj ) = 1 for i = j.

50. Prove that A B is abelian if and only if A and B are abelian.
148
51. If G is the internaldirect product of H1 , H2 , . . . , Hn , prove

that G is isomorphic to i Hi .
52. Let H1 and H2 be subgroups of G1 and G2 , respectively. Prove
that H1 H2 is a subgroup of G1 G2 .
53. Let m, n Z. Prove that m, n = d if and only if d =
gcd(m, n).
54. Let m, n Z. Prove that m n = l if and only if l =
lcm(m, n).
55. Groups of order 2p. In this series of exercises we will classify
all groups of order 2p, where p is an odd prime.
(a) Assume G is a group of order 2p, where p is an odd prime. If
a G, show that a must have order 1, 2, p, or 2p.
(b) Suppose that G has an element of order 2p. Prove that G is
isomorphic to Z2p . Hence, G is cyclic.
(c) Suppose that G does not contain an element of order 2p. Show
that G must contain an element of order p. Hint: Assume that
G does not contain an element of order p.
(d) Suppose that G does not contain an element of order 2p. Show
that G must contain an element of order 2.
(e) Let P be a subgroup of G with order p and y G have order
2. Show that yP = P y.
(f) Suppose that G does not contain an element of order 2p and
P = z is a subgroup of order p generated by z. If y is an
element of order 2, then yz = z k y for some 2 k < p.
(g) Suppose that G does not contain an element of order 2p.
Prove that G is not abelian.
(h) Suppose that G does not contain an element of order 2p and
P = z is a subgroup of order p generated by z and y is an
element of order 2. Show that we can list the elements of G
as {z i y j | 0 i < p, 0 j < 2}.
(i) Suppose that G does not contain an element of order 2p and
P = z is a subgroup of order p generated by z and y is
an element of order 2. Prove that the product (z i y j )(z r y s )
can be expressed as a uniquely as z m y n for some non negative
integers m, n. Thus, conclude that there is only one possibility
for a non-abelian group of order 2p, it must therefore be the
one we have seen already, the dihedral group.
10
Normal Subgroups and
Factor Groups
If H is a subgroup of a group G, then right cosets are not always the

same as left cosets; that is, it is not always the case that gH = Hg
for all g G. The subgroups for which this property holds play
a critical role in group theorythey allow for the construction of
a new class of groups, called factor or quotient groups. Factor
groups may be studied directly or by using homomorphisms, a
generalization of isomorphisms. We will study homomorphisms in
Chapter 11.
10.1 Factor Groups and Normal Subgroups

Normal Subgroups
A subgroup H of a group G is normal in G if gH = Hg for all
g G. That is, a normal subgroup of a group G is one in which
the right and left cosets are precisely the same.
Example 10.1. Let G be an abelian group. Every subgroup H of
G is a normal subgroup. Since gh = hg for all g G and h H,
it will always be the case that gH = Hg.
Example 10.2. Let H be the subgroup of S3 consisting of elements
(1) and (12). Since
(123)H = {(123), (13)} and
H(123) = {(123), (23)},
H cannot be a normal subgroup of S3 . However, the subgroup

N , consisting of the permutations (1), (123), and (132), is normal
since the cosets of N are
N = {(1), (123), (132)}
(12)N = N (12) = {(12), (13), (23)}.
The following theorem is fundamental to our understanding of
normal subgroups.
149
150CHAPTER 10. NORMAL SUBGROUPS AND FACTOR GROUPS

Theorem 10.3. Let G be a group and N be a subgroup of G. Then
the following statements are equivalent.
1. The subgroup N is normal in G.
2. For all g G, gN g 1 N .
3. For all g G, gN g 1 = N .
Proof. (1) (2). Since N is normal in G, gN = N g for all
g G. Hence, for a given g G and n N , there exists an n in
N such that gn = n g. Therefore, gng 1 = n N or gN g 1 N .
(2) (3). Let g G. Since gN g 1 N , we need only show
N gN g 1 . For n N , g 1 ng = g 1 n(g 1 )1 N . Hence,
g 1 ng = n for some n N . Therefore, n = gn g 1 is in gN g 1 .
(3) (1). Suppose that gN g 1 = N for all g G. Then
for any n N there exists an n N such that gng 1 = n .
Consequently, gn = n g or gN N g. Similarly, N g gN .
Factor Groups
If N is a normal subgroup of a group G, then the cosets of N in
G form a group G/N under the operation (aN )(bN ) = abN . This
group is called the factor or quotient group of G and N . Our
first task is to prove that G/N is indeed a group.
Theorem 10.4. Let N be a normal subgroup of a group G. The
cosets of N in G form a group G/N of order [G : N ].
Proof. The group operation on G/N is (aN )(bN ) = abN . This
operation must be shown to be well-defined; that is, group multiplication must be independent of the choice of coset representative.
Let aN = bN and cN = dN . We must show that
(aN )(cN ) = acN = bdN = (bN )(dN ).
Then a = bn1 and c = dn2 for some n1 and n2 in N . Hence,
acN = bn1 dn2 N
= bn1 dN
= bn1 N d
= bN d
= bdN.
The remainder of the theorem is easy: eN = N is the identity and
g 1 N is the inverse of gN . The order of G/N is, of course, the
number of cosets of N in G.
10.1. FACTOR GROUPS AND NORMAL SUBGROUPS
151
It is very important to remember that the elements in a factor

group are sets of elements in the original group.
Example 10.5. Consider the normal subgroup of S3 , N = {(1), (123), (132)}.
The cosets of N in S3 are N and (12)N . The factor group S3 /N
has the following multiplication table.
N
(12)N
N
N
(12)N
(12)N
(12)N
N
This group is isomorphic to Z2 . At first, multiplying cosets

seems both complicated and strange; however, notice that S3 /N
is a smaller group. The factor group displays a certain amount
of information about S3 . Actually, N = A3 , the group of even
permutations, and (12)N = {(12), (13), (23)} is the set of odd permutations. The information captured in G/N is parity; that is,
multiplying two even or two odd permutations results in an even
permutation, whereas multiplying an odd permutation by an even
permutation yields an odd permutation.
Example 10.6. Consider the normal subgroup 3Z of Z. The cosets
of 3Z in Z are
0 + 3Z = {. . . , 3, 0, 3, 6, . . .}
1 + 3Z = {. . . , 2, 1, 4, 7, . . .}
2 + 3Z = {. . . , 1, 2, 5, 8, . . .}.
The group Z/3Z is given by the multiplication table below.
+
0 + 3Z
1 + 3Z
2 + 3Z
0 + 3Z
0 + 3Z
1 + 3Z
2 + 3Z
1 + 3Z
1 + 3Z
2 + 3Z
0 + 3Z
2 + 3Z
2 + 3Z
0 + 3Z
1 + 3Z
In general, the subgroup nZ of Z is normal. The cosets of Z/nZ

are
nZ
1 + nZ
2 + nZ
..
.
(n 1) + nZ.

The sum of the cosets k + Z and l + Z is k + l + Z. Notice that we
have written our cosets additively, because the group operation is
integer addition.
Example 10.7. Consider the dihedral group Dn , generated by the
two elements r and s, satisfying the relations
rn = id
s2 = id
srs = r1 .
The element r actually generates the cyclic subgroup of rotations,
Rn , of Dn . Since srs1 = srs = r1 Rn , the group of rotations
is a normal subgroup of Dn ; therefore, Dn /Rn is a group. Since
there are exactly two elements in this group, it must be isomorphic
to Z2 .
10.2
The Simplicity of the Alternating Group
Of special interest are groups with no nontrivial normal subgroups.

Such groups are called simple groups. Of course, we already
have a whole class of examples of simple groups, Zp , where p is
prime. These groups are trivially simple since they have no proper
subgroups other than the subgroup consisting solely of the identity.
Other examples of simple groups are not so easily found. We can,
however, show that the alternating group, An , is simple for n 5.
The proof of this result requires several lemmas.
Lemma 10.8. The alternating group An is generated by 3-cycles
for n 3.
Proof. To show that the 3-cycles generate An , we need only show
that any pair of transpositions can be written as the product of 3cycles. Since (ab) = (ba), every pair of transpositions must be one
of the following:
(ab)(ab) = id
(ab)(cd) = (acb)(acd)
(ab)(ac) = (acb).
Lemma 10.9. Let N be a normal subgroup of An , where n 3.

If N contains a 3-cycle, then N = An .
Proof. We will first show that An is generated by 3-cycles of the
specific form (ijk), where i and j are fixed in {1, 2, . . . , n} and we
10.2. THE SIMPLICITY OF THE ALTERNATING GROUP153

let k vary. Every 3-cycle is the product of 3-cycles of this form,
since
(iaj) = (ija)2
(iab) = (ijb)(ija)2
(jab) = (ijb)2 (ija)
(abc) = (ija)2 (ijc)(ijb)2 (ija).
Now suppose that N is a nontrivial normal subgroup of An for
n 3 such that N contains a 3-cycle of the form (ija). Using the
normality of N , we see that
[(ij)(ak)](ija)2 [(ij)(ak)]1 = (ijk)
is in N . Hence, N must contain all of the 3-cycles (ijk) for 1 k
n. By Lemma 10.8, these 3-cycles generate An ; hence, N = An .
Lemma 10.10. For n 5, every nontrivial normal subgroup N
of An contains a 3-cycle.
Proof. Let be an arbitrary element in a normal subgroup N .
There are several possible cycle structures for .
is a 3-cycle.
is the product of disjoint cycles, = (a1 a2 ar ) N ,
where r > 3.
is the product of disjoint cycles, = (a1 a2 a3 )(a4 a5 a6 ).
= (a1 a2 a3 ), where is the product of disjoint 2-cycles.
= (a1 a2 )(a3 a4 ), where is the product of an even number
of disjoint 2-cycles.
If is a 3-cycle, then we are done. If N contains a product of
disjoint cycles, , and at least one of these cycles has length greater
than 3, say = (a1 a2 ar ), then
(a1 a2 a3 )(a1 a2 a3 )1
is in N since N is normal; hence,
1 (a1 a2 a3 )(a1 a2 a3 )1
is also in N . Since
1 (a1 a2 a3 )(a1 a2 a3 )1 = 1 (a1 a2 a3 )(a1 a3 a2 )
= (a1 a2 ar )1 1 (a1 a2 a3 ) (a1 a2 ar )(a1 a3 a2 )
= (a1 ar ar1 a2 )(a1 a2 a3 )(a1 a2 ar )(a1 a3 a2 )
= (a1 a3 ar ),

N must contain a 3-cycle; hence, N = An .
Now suppose that N contains a disjoint product of the form
= (a1 a2 a3 )(a4 a5 a6 ).
Then
since
1 (a1 a2 a4 )(a1 a2 a4 )1 N
(a1 a2 a4 )(a1 a2 a4 )1 N.
So
1 (a1 a2 a4 )(a1 a2 a4 )1 = [ (a1 a2 a3 )(a4 a5 a6 )]1 (a1 a2 a4 ) (a1 a2 a3 )(a4 a5 a6 )(a1 a2 a4 )1
= (a4 a6 a5 )(a1 a3 a2 ) 1 (a1 a2 a4 ) (a1 a2 a3 )(a4 a5 a6 )(a1 a4 a2 )
= (a4 a6 a5 )(a1 a3 a2 )(a1 a2 a4 )(a1 a2 a3 )(a4 a5 a6 )(a1 a4 a2 )
= (a1 a4 a2 a6 a3 ).
So N contains a disjoint cycle of length greater than 3, and we can
apply the previous case.
Suppose N contains a disjoint product of the form = (a1 a2 a3 ),
where is the product of disjoint 2-cycles. Since N , 2 N ,
and
2 = (a1 a2 a3 ) (a1 a2 a3 )
= (a1 a3 a2 ).
So N contains a 3-cycle.
The only remaining possible case is a disjoint product of the
form
= (a1 a2 )(a3 a4 ),
where is the product of an even number of disjoint 2-cycles. But
1 (a1 a2 a3 )(a1 a2 a3 )1
is in N since (a1 a2 a3 )(a1 a2 a3 )1 is in N ; and so
1 (a1 a2 a3 )(a1 a2 a3 )1 = 1 (a1 a2 )(a3 a4 )(a1 a2 a3 ) (a1 a2 )(a3 a4 )(a1 a2 a3 )1
= (a1 a3 )(a2 a4 ).
Since n 5, we can find b {1, 2, . . . , n} such that b = a1 , a2 , a3 , a4 .
Let = (a1 a3 b). Then
1 (a1 a3 )(a2 a4 )(a1 a3 )(a2 a4 ) N
and
1 (a1 a3 )(a2 a4 )(a1 a3 )(a2 a4 ) = (a1 ba3 )(a1 a3 )(a2 a4 )(a1 a3 b)(a1 a3 )(a2 a4 )
= (a1 a3 b).
Therefore, N contains a 3-cycle. This completes the proof of the
lemma.
10.3. EXERCISES
155
Theorem 10.11. The alternating group, An , is simple for n 5.

Proof. Let N be a normal subgroup of An . By Lemma 10.10,
N contains a 3-cycle. By Lemma 10.9, N = An ; therefore, An
contains no proper nontrivial normal subgroups for n 5.
Sage Sage can easily determine if a subgroup is normal or not.
If so, it can create the quotient group. However, the construction
creates a new permuation group, isomorphic to the quotient group,
so its utility is limited.
Historical Note
One of the foremost problems of group theory has been to classify all simple finite groups. This problem is over a century old
and has been solved only in the last few decades of the twentieth
century. In a sense, finite simple groups are the building blocks
of all finite groups. The first nonabelian simple groups to be discovered were the alternating groups. Galois was the first to prove
that A5 was simple. Later, mathematicians such as C. Jordan and
L. E. Dickson found several infinite families of matrix groups that
were simple. Other families of simple groups were discovered in
the 1950s. At the turn of the century, William Burnside conjectured that all nonabelian simple groups must have even order. In
1963, W. Feit and J. Thompson proved Burnsides conjecture and
published their results in the paper Solvability of Groups of Odd
Order, which appeared in the Pacific Journal of Mathematics.
Their proof, running over 250 pages, gave impetus to a program
in the 1960s and 1970s to classify all finite simple groups. Daniel
Gorenstein was the organizer of this remarkable effort. One of the
last simple groups was the Monster, discovered by R. Greiss.
The Monster, a 196,833196,833 matrix group, is one of the 26
sporadic, or special, simple groups. These sporadic simple groups
are groups that fit into no infinite family of simple groups. Some
of the sporadic groups play an important role in physics.
10.3
Exercises
1. For each of the following groups G, determine whether H is a

normal subgroup of G. If H is a normal subgroup, write out a
Cayley table for the factor group G/H.
(a) G = S4 and H = A4
(b) G = A5 and H = {(1), (123), (132)}
(c) G = S4 and H = D4
(d) G = Q8 and H = {1, 1, I, I}

(e) G = Z and H = 5Z
2. Find all the subgroups of D4 . Which subgroups are normal?
What are all the factor groups of D4 up to isomorphism?
3. Find all the subgroups of the quaternion group, Q8 . Which
subgroups are normal? What are all the factor groups of Q8 up to
isomorphism?
4. Let T be the group of nonsingular upper triangular 2 2 matrices with entries in R; that is, matrices of the form
(
)
a b
,
0 c
where a, b, c R and ac = 0. Let U consist of matrices of the form
(
)
1 x
,
0 1
where x R.
(a) Show that U is a subgroup of T .
(b) Prove that U is abelian.
(c) Prove that U is normal in T .
(d) Show that T /U is abelian.
(e) Is T normal in GL2 (R)?
5. Show that the intersection of two normal subgroups is a normal
subgroup.
6. If G is abelian, prove that G/H must also be abelian.
7. Prove or disprove: If H is a normal subgroup of G such that H
and G/H are abelian, then G is abelian.
8. If G is cyclic, prove that G/H must also be cyclic.
9. Prove or disprove: If H and G/H are cyclic, then G is cyclic.
10. Let H be a subgroup of index 2 of a group G. Prove that H
must be a normal subgroup of G. Conclude that Sn is not simple
for n 3.
11. If a group G has exactly one subgroup H of order k, prove
that H is normal in G.
12. Define the centralizer of an element g in a group G to be the
set
C(g) = {x G : xg = gx}.
10.3. EXERCISES
157
Show that C(g) is a subgroup of G. If g generates a normal subgroup of G, prove that C(g) is normal in G.
13. Recall that the center of a group G is the set
Z(G) = {x G : xg = gx for all g G}.
(a) Calculate the center of S3 .
(b) Calculate the center of GL2 (R).
(c) Show that the center of any group G is a normal subgroup of
G.
(d) If G/Z(G) is cyclic, show that G is abelian.
14. Let G be a group and let G = aba1 b1 ; that is, G is
the subgroup of all finite products of elements in G of the form
aba1 b1 . The subgroup G is called the commutator subgroup
of G.
(a) Show that G is a normal subgroup of G.
(b) Let N be a normal subgroup of G. Prove that G/N is abelian
if and only if N contains the commutator subgroup of G.
11
Homomorphisms
One of the basic ideas of algebra is the concept of a homomorphism, a natural generalization of an isomorphism. If we relax the
requirement that an isomorphism of groups be bijective, we have a
homomorphism.
11.1
Group Homomorphisms
A homomorphism between groups (G, ) and (H, ) is a map

: G H such that
(g1 g2 ) = (g1 ) (g2 )
for g1 , g2 G. The range of in H is called the homomorphic
image of .
Two groups are related in the strongest possible way if they are
isomorphic; however, a weaker relationship may exist between two
groups. For example, the symmetric group Sn and the group Z2
are related by the fact that Sn can be divided into even and odd
permutations that exhibit a group structure like that Z2 , as shown
in the following multiplication table.
even odd
even even odd
odd odd even
We use homomorphisms to study relationships such as the one

we have just described.
Example 11.1. Let G be a group and g G. Define a map
: Z G by (n) = g n . Then is a group homomorphism, since
(m + n) = g m+n = g m g n = (m)(n).
This homomorphism maps Z onto the cyclic subgroup of G generated by g.
158
11.1. GROUP HOMOMORPHISMS
159
Example 11.2. Let G = GL2 (R). If

(
)
a b
A=
c d
is in G, then the determinant is nonzero; that is, det(A) = ad
bc = 0. Also, for any two elements A and B in G, det(AB) =
det(A) det(B). Using the determinant, we can define a homomorphism : GL2 (R) R by A 7 det(A).
Example 11.3. Recall that the circle group T consists of all complex numbers z such that |z| = 1. We can define a homomorphism
from the additive group of real numbers R to T by : 7
cos + i sin . Indeed,
( + ) = cos( + ) + i sin( + )
= (cos cos sin sin ) + i(sin cos + cos sin )
= (cos + i sin )(cos + i sin )
= ()().
Geometrically, we are simply wrapping the real line around the
circle in a group-theoretic fashion.
The following proposition lists some basic properties of group
homomorphisms.
Proposition 11.4. Let : G1 G2 be a homomorphism of
groups. Then
1. If e is the identity of G1 , then (e) is the identity of G2 ;
2. For any element g G1 , (g 1 ) = [(g)]1 ;
3. If H1 is a subgroup of G1 , then (H1 ) is a subgroup of G2 ;
4. If H2 is a subgroup of G2 , then 1 (H2 ) = {g G1 : (g)
H2 } is a subgroup of G1 . Furthermore, if H2 is normal in
G2 , then 1 (H2 ) is normal in G1 .
Proof. (1) Suppose that e and e are the identities of G1 and G2 ,
respectively; then
e (e) = (e) = (ee) = (e)(e).
By cancellation, (e) = e .
(2) This statement follows from the fact that
(g 1 )(g) = (g 1 g) = (e) = e .
(3) The set (H1 ) is nonempty since the identity of G2 is in
(H1 ). Suppose that H1 is a subgroup of G1 and let x and y be
160
CHAPTER 11. HOMOMORPHISMS
in (H1 ). There exist elements a, b H1 such that (a) = x and

(b) = y. Since
xy 1 = (a)[(b)]1 = (ab1 ) (H1 ),
(H1 ) is a subgroup of G2 by Proposition 3.31.
(4) Let H2 be a subgroup of G2 and define H1 to be 1 (H2 );
that is, H1 is the set of all g G1 such that (g) H2 . The identity
is in H1 since (e) = e . If a and b are in H1 , then (ab1 ) =
(a)[(b)]1 is in H2 since H2 is a subgroup of G2 . Therefore,
ab1 H1 and H1 is a subgroup of G1 . If H2 is normal in G2 , we
must show that g 1 hg H1 for h H1 andvg G1 . But
(g 1 hg) = [(g)]1 (h)(g) H2 ,
since H2 is a normal subgroup of G2 . Therefore, g 1 hg H1 .
Let : G H be a group homomorphism and suppose that e
is the identity of H. By Proposition 11.4, 1 ({e}) is a subgroup
of G. This subgroup is called the kernel of and will be denoted
by ker . In fact, this subgroup is a normal subgroup of G since
the trivial subgroup is normal in H. We state this result in the
following theorem, which says that with every homomorphism of
groups we can naturally associate a normal subgroup.
Theorem 11.5. Let : G H be a group homomorphism. Then
the kernel of is a normal subgroup of G.
Example 11.6. Let us examine the homomorphism : GL2 (R)
R defined by A 7 det(A). Since 1 is the identity of R , the kernel
of this homomorphism is all 22 matrices having determinant one.
That is, ker = SL2 (R).
Example 11.7. The kernel of the group homomorphism : R
C defined by () = cos + i sin is {2n : n Z}. Notice that
ker
= Z.
Example 11.8. Suppose that we wish to determine all possible
homomorphisms from Z7 to Z12 . Since the kernel of must be
a subgroup of Z7 , there are only two possible kernels, {0} and all
of Z7 . The image of a subgroup of Z7 must be a subgroup of Z12 .
Hence, there is no injective homomorphism; otherwise, Z12 would
have a subgroup of order 7, which is impossible. Consequently, the
only possible homomorphism from Z7 to Z12 is the one mapping
all elements to zero.
Example 11.9. Let G be a group. Suppose that g G and is
the homomorphism from Z to G given by (n) = g n . If the order
of g is infinite, then the kernel of this homomorphism is {0} since
maps Z onto the cyclic subgroup of G generated by g. However,
if the order of g is finite, say n, then the kernel of is nZ.
11.2. THE ISOMORPHISM THEOREMS
11.2
161
The Isomorphism Theorems
Although it is not evident at first, factor groups correspond exactly to homomorphic images, and we can use factor groups to
study homomorphisms. We already know that with every group
homomorphism : G H we can associate a normal subgroup of
G, ker . The converse is also true; that is, very normal subgroup
of a group G gives rise to homomorphism of groups.
Let H be a normal subgroup of G. Define the natural or
canonical homomorphism
: G G/H
by
(g) = gH.
This is indeed a homomorphism, since
(g1 g2 ) = g1 g2 H = g1 Hg2 H = (g1 )(g2 ).
The kernel of this homomorphism is H. The following theorems
describe the relationships between group homomorphisms, normal
subgroups, and factor groups.
Theorem 11.10 (First Isomorphism Theorem). If : G H is
a group homomorphism with K = ker , then K is normal in G.
Let : G G/K be the canonical homomorphism. Then there
exists a unique isomorphism : G/K (G) such that = .
Proof. We already know that K is normal in G. Define :
G/K (G) by (gK) = (g). We first show that is a welldefined map. If g1 K = g2 K, then for some k K, g1 k = g2 ;
consequently,
(g1 K) = (g1 ) = (g1 )(k) = (g1 k) = (g2 ) = (g2 K).
Thus, does not depend on the choice of coset representatives and
the map : G/K (G) is uniquely defined since = . We
must also show that is a homomorphism, but
(g1 Kg2 K) = (g1 g2 K)
= (g1 g2 )
= (g1 )(g2 )
= (g1 K)(g2 K).
Clearly, is onto (G). To show that is one-to-one, suppose
that (g1 K) = (g2 K). Then (g1 ) = (g2 ). This implies that
(g11 g2 ) = e, or g11 g2 is in the kernel of ; hence, g11 g2 K = K;
that is, g1 K = g2 K.
162
Mathematicians often use diagrams called commutative diagrams to describe such theorems. The following diagram commutes since = .
G/K
Example 11.11. Let G be a cyclic group with generator g. Define

a map : Z G by n
7 g n . This map is a surjective homomorphism since
(m + n) = g m+n = g m g n = (m)(n).
Clearly is onto. If |g| = m, then g m = e. Hence, ker = mZ
and Z/ ker = Z/mZ
= G. On the other hand, if the order of g
is infinite, then ker = 0 and is an isomorphism of G and Z.
Hence, two cyclic groups are isomorphic exactly when they have
the same order. Up to isomorphism, the only cyclic groups are Z
and Zn .
Theorem 11.12 (Second Isomorphism Theorem). Let H be a subgroup of a group G (not necessarily normal in G) and N a normal
subgroup of G. Then HN is a subgroup of G, H N is a normal
subgroup of H, and
H/H N
= HN /N.
Proof. We will first show that HN = {hn : h H, n N } is
a subgroup of G. Suppose that h1 n1 , h2 n2 HN . Since N is
normal, (h2 )1 n1 h2 N . So
(h1 n1 )(h2 n2 ) = h1 h2 ((h2 )1 n1 h2 )n2
is in HN . The inverse of hn HN is in HN since
(hn)1 = n1 h1 = h1 (hn1 h1 ).
Next, we prove that H N is normal in H. Let h H and
n H N . Then h1 nh H since each element is in H. Also,
h1 nh N since N is normal in G; therefore, h1 nh H N .
Now define a map from H to HN /N by h 7 hN . The map
is onto, since any coset hnN = hN is the image of h in H. We
also know that is a homomorphism because
(hh ) = hh N = hN h N = (h)(h ).
11.2. THE ISOMORPHISM THEOREMS
163
By the First Isomorphism Theorem, the image of is isomorphic

to H/ ker ; that is,
HN /N = (H)
= H/ ker .
Since
ker = {h H : h N } = H N,
HN /N = (H)
= H/H N .
Theorem 11.13 (Correspondence Theorem). Let N be a normal
subgroup of a group G. Then H 7 H/N is a one-to-one correspondence between the set of subgroups H containing N and the
set of subgroups of G/N . Furthermore, the normal subgroups of G
containing N correspond to normal subgroups of G/N .
Proof. Let H be a subgroup of G containing N . Since N is
normal in H, H/N makes sense. Let aN and bN be elements
of H/N . Then (aN )(b1 N ) = ab1 N H/N ; hence, H/N is a
subgroup ofG/N .
Let S be a subgroup of G/N . This subgroup is a set of cosets
of N . If H = {g G : gN S}, then for h1 , h2 H, we have that
(h1 N )(h2 N ) = h1 h2 N S and h1
1 N S. Therefore, H must be
a subgroup of G. Clearly, H contains N . Therefore, S = H/N .
Consequently, the map H 7 H/N is onto.
Suppose that H1 and H2 are subgroups of G containing N
such that H1 /N = H2 /N . If h1 H1 , then h1 N H1 /N . Hence,
h1 N = h2 N H2 for some h2 in H2 . However, since N is contained
in H2 , we know that h1 H2 or H1 H2 . Similarly, H2 H1 .
Since H1 = H2 , the map H 7 H/N is one-to-one.
Suppose that H is normal in G and N is a subgroup of H.
Then it is easy to verify that the map G/N G/H defined by
gN 7 gH is a homomorphism. The kernel of this homomorphism
is H/N , which proves that H/N is normal in G/N .
Conversely, suppose that H/N is normal in G/N . The homomorphism given by
G G/N
G/N
H/N
has kernel H. Hence, H must be normal in G.

Notice that in the course of the proof of Theorem 11.13, we
have also proved the following theorem.
Theorem 11.14 (Third Isomorphism Theorem). Let G be a group
and N and H be normal subgroups of G with N H. Then
G/N
.
G/H
=
H/N
164
Example 11.15. By the Third Isomorphism Theorem,

Z/mZ
= (Z/mnZ)/(mZ/mnZ).
Since |Z/mnZ| = mn and |Z/mZ| = m, we have |mZ/mnZ| = n.
Sage Sage can create homomorphisms between groups, which can
be used directly as functions, and then queried for their kernels and
images. So there is great potential for exploring the many fundamental relationships between groups, normal subgroups, quotient
groups and properties of homomorphisms.
11.3
Exercises
1. Prove that det(AB) = det(A) det(B) for A, B GL2 (R). This

shows that the determinant is a homomorphism from GL2 (R) to
R .
2. Which of the following maps are homomorphisms? If the map
is a homomorphism, what is the kernel?
(a) : R GL2 (R) defined by
(
)
1 0
(a) =
0 a
(b) : R GL2 (R) defined by
(
(a) =
)
1 0
a 1
(c) : GL2 (R) R defined by

((
))
a b
=a+d
c d
(d) : GL2 (R) R defined by
((
))
a b
= ad bc
c d
(e) : M2 (R) R defined by
((
))
a b
= b,
c d
where M2 (R) is the additive group of 2 2 matrices with
entries in R.
11.3. EXERCISES
165
3. Let A be an m n matrix. Show that matrix multiplication,

x 7 Ax, defines a homomorphism : Rn Rm .
4. Let : Z Z be given by (n) = 7n. Prove that is a group
homomorphism. Find the kernel and the image of .
5. Describe all of the homomorphisms from Z24 to Z18 .
6. Describe all of the homomorphisms from Z to Z12 .
7. In the group Z24 , let H = 4 and N = 6.
(a) List the elements in HN (we usually write H + N for these
additive groups) and H N .
(b) List the cosets in HN /N , showing the elements in each coset.
(c) List the cosets in H/(H N ), showing the elements in each
coset.
(d) Give the correspondence between HN /N and H/(H N )
described in the proof of the Second Isomorphism Theorem.
8. If G is an abelian group and n N, show that : G G
defined by g 7 g n is a group homomorphism.
9. If : G H is a group homomorphism and G is abelian, prove
that (G) is also abelian.
10. If : G H is a group homomorphism and G is cyclic, prove
that (G) is also cyclic.
11. Show that a homomorphism defined on a cyclic group is completely determined by its action on the generator of the group.
12. If a group G has exactly one subgroup H of order k, prove
that H is normal in G.
13. Prove or disprove: Q/Z
= Q.
14. Let G be a finite group and N a normal subgroup of G. If H is
a subgroup of G/N , prove that 1 (H) is a subgroup in G of order
|H| |N |, where : G G/N is the canonical homomorphism.
15. Let G1 and G2 be groups, and let H1 and H2 be normal
subgroups of G1 and G2 respectively. Let : G1 G2 be a
homomorphism. Show that induces a natural homomorphism
: (G1 /H1 ) (G2 /H2 ) if (H1 ) H2 .
16. If H and K are normal subgroups of G and H K = {e},
prove that G is isomorphic to a subgroup of G/H G/K.
166
17. Let : G1 G2 be a surjective group homomorphism. Let

H1 be a normal subgroup of G1 and suppose that (H1 ) = H2 .
Prove or disprove that G1 /H1
= G2 /H2 .
18. Let : G H be a group homomorphism. Show that is
one-to-one if and only if 1 (e) = {e}.
19. Given a homomorphism : G H define a relation on
G by a b if (a) = (b) for a, b G. Show this relation is an
equivalence relation and describe the equivalence classes.
11.4
Additional Exercises: Automorphisms
1. Let Aut(G) be the set of all automorphisms of G; that is, isomorphisms from G to itself. Prove this set forms a group and is a
subgroup of the group of permutations of G; that is, Aut(G) SG .
2. An inner automorphism of G,
ig : G G,
is defined by the map
ig (x) = gxg 1 ,
for g G. Show that ig Aut(G).
3. The set of all inner automorphisms is denoted by Inn(G). Show
that Inn(G) is a subgroup of Aut(G).
4. Find an automorphism of a group G that is not an inner automorphism.
5. Let G be a group and ig be an inner automorphism of G, and
define a map
G Aut(G)
by
g 7 ig .
Prove that this map is a homomorphism with image Inn(G) and
kernel Z(G). Use this result to conclude that
G/Z(G)
= Inn(G).
6. Compute Aut(S3 ) and Inn(S3 ). Do the same thing for D4 .
7. Find all of the homomorphisms : Z Z. What is Aut(Z)?
11.4. ADDITIONAL EXERCISES: AUTOMORPHISMS
167
8. Find all of the automorphisms of Z8 . Prove that Aut(Z8 )

=
U (8).
9. For k Zn , define a map k : Zn Zn by a 7 ka. Prove that
k is a homomorphism.
10. Prove that k is an isomorphism if and only if k is a generator
of Zn .
11. Show that every automorphism of Zn is of the form k , where
k is a generator of Zn .
12. Prove that : U (n) Aut(Zn ) is an isomorphism, where
: k 7 k .
12
Matrix Groups and
Symmetry
When Felix Klein (18491925) accepted a chair at the University of

Erlangen, he outlined in his inaugural address a program to classify
different geometries. Central to Kleins program was the theory of
groups: he considered geometry to be the study of properties that
are left invariant under transformation groups. Groups, especially
matrix groups, have now become important in the study of symmetry and have found applications in such disciplines as chemistry
and physics. In the first part of this chapter, we will examine some
of the classical matrix groups, such as the general linear group,
the special linear group, and the orthogonal group. We will then
use these matrix groups to investigate some of the ideas behind
geometric symmetry.
12.1
Matrix Groups
Some Facts from Linear Algebra

Before we study matrix groups, we must recall some basic facts
from linear algebra. One of the most fundamental ideas of linear
algebra is that of a linear transformation. A linear transformation or linear map T : Rn Rm is a map that preserves vector
addition and scalar multiplication; that is, for vectors x and y in
Rn and a scalar R,
T (x + y) = T (x) + T (y)
T (y) = T (y).
An m n matrix with entries in R represents a linear transformation from Rn to Rm . If we write vectors x = (x1 , . . . , xn )t and
y = (y1 , . . . , yn )t in Rn as column matrices, then an m n matrix
a11 a12 a1n

a21 a22 a2n
A= .
..
..
..
..
.
.
.
am1 am2 amn
168
12.1. MATRIX GROUPS
169
maps the vectors to Rm linearly by matrix multiplication. Observe

that if is a real number,
A(x + y) = Ax + Ay
where
and
Ax = A(x),
x1
x2

x = . .
..
xn
We will often abbreviate the matrix A by writing (aij ).

Conversely, if T : Rn Rm is a linear map, we can associate a
matrix A with T by considering what T does to the vectors
e1 = (1, 0, . . . , 0)t
e2 = (0, 1, . . . , 0)t
..
.
en = (0, 0, . . . , 1)t .
We can write any vector x = (x1 , . . . , xn )t as
x1 e1 + x2 e2 + + xn en .
Consequently, if
T (e1 ) = (a11 , a21 , . . . , am1 )t ,
T (e2 ) = (a12 , a22 , . . . , am2 )t ,
..
.
T (en ) = (a1n , a2n , . . . , amn )t ,
then
T (x) = T (x1 e1 + x2 e2 + + xn en )
= x1 T (e1 ) + x2 T (e2 ) + + xn T (en )
)t
( n
n
=
a1k xk , . . . ,
amk xk
k=1
k=1
= Ax.
Example 12.1. If we let T : R2 R2 be the map given by
T (x1 , x2 ) = (2x1 + 5x2 , 4x1 + 3x2 ),
the axioms that T must satisfy to be a linear transformation are
easily verified. The column vectors T e1 = (2, 4)t and T e2 =
(5, 3)t tell us that T is given by the matrix
(
)
2 5
A=
.
4 3
170
CHAPTER 12. MATRIX GROUPS AND SYMMETRY
Since we are interested in groups of matrices, we need to know

which matrices have multiplicative inverses. Recall that an n n
matrix A is invertible exactly when there exists another matrix
A1 such that AA1 = A1 A = I, where
1 0 0
0 1 0
I = . . .
.
.. .. . . ..
0 0 1
is the n n identity matrix. From linear algebra we know that A is

invertible if and only if the determinant of A is nonzero. Sometimes
an invertible matrix is said to be nonsingular.
Example 12.2. If A is the matrix
(
)
2 1
,
5 3
then the inverse of A is
1
(
=
)
3 1
.
5 2
We are guaranteed that A1 exists, since det(A) = 2 3 5 1 = 1

is nonzero.
Some other facts about determinants will also prove useful in
the course of this chapter. Let A and B be n n matrices. From
linear algebra we have the following properties of determinants.
The determinant is a homomorphism into the multiplicative
group of real numbers; that is, det(AB) = (det A)(det B).
If A is an invertible matrix, then det(A1 ) = 1/ det A.
If we define the transpose of a matrix A = (aij ) to be At =
(aji ), then det(At ) = det A.
Let T be the linear transformation associated with an n n
matrix A. Then T multiplies volumes by a factor of | det A|.
In the case of R2 , this means that T multiplies areas by
| det A|.
Linear maps, matrices, and determinants are covered in any
elementary linear algebra text; however, if you have not had a
course in linear algebra, it is a straightforward process to verify
these properties directly for 2 2 matrices, the case with which we
are most concerned.
12.1. MATRIX GROUPS
171
The General and Special Linear Groups

The set of all n n invertible matrices forms a group called the
general linear group. We will denote this group by GLn (R).
The general linear group has several important subgroups. The
multiplicative properties of the determinant imply that the set of
matrices with determinant one is a subgroup of the general linear
group. Stated another way, suppose that det(A) = 1 and det(B) =
1. Then det(AB) = det(A) det(B) = 1 and det(A1 ) = 1/ det A =
1. This subgroup is called the special linear group and is denoted
by SLn (R).
Example 12.3. Given a 2 2 matrix
(
)
a b
A=
,
c d
the determinant of A is ad bc. The group GL2 (R) consists of
those matrices in which ad bc = 0. The inverse of A is
1
1
=
ad bc
)
d b
.
c a
If A is in SL2 (R), then

A
(
=
)
d b
.
c a
Geometrically, SL2 (R) is the group that preserves the areas of

parallelograms. Let
(
)
1 1
A=
0 1
be in SL2 (R). In Figure 12.4, the unit square corresponding to
the vectors x = (1, 0)t and y = (0, 1)t is taken by A to the parallelogram with sides (1, 0)t and (1, 1)t ; that is, Ax = (1, 0)t and
Ay = (1, 1)t . Notice that these two parallelograms have the same
area.
y
y
(1, 1)
(0, 1)
(1, 0)
(1, 0)
Figure 12.4: SL2 (R) acting on the unit square
172
The Orthogonal Group O(n)

Another subgroup of GLn (R) is the orthogonal group. A matrix
A is orthogonal if A1 = At . The orthogonal group consists
of the set of all orthogonal matrices. We write O(n) for the n n
orthogonal group. We leave as an exercise the proof that O(n) is
a subgroup of GLn (R).
Example 12.5. The following matrices are orthogonal:

(
)
(
)
1/ 2
0 1/2
3/5 4/5
1/2 3/2 , 1/ 6 2/ 6 1/ 6 .
,
4/5 3/5
3/2
1/2
1/ 3
1/ 3 1/ 3
There is a more geometric way of viewing the group O(n). The
orthogonal matrices are exactly those matrices that preserve the
length of vectors. We can define the length of a vector using the
Euclidean inner product, or dot product, of two vectors. The
Euclidean inner product of two vectors x = (x1 , . . . , xn )t and y =
(y1 , . . . , yn )t is

y1
y2

x, y = xt y = (x1 , x2 , . . . , xn ) . = x1 y1 + + xn yn .
..
yn
We define the length of a vector x = (x1 , . . . , xn )t to be
x = x, x = x21 + + x2n .
Associated with the notion of the length of a vector is the idea of
the distance between two vectors. We define the distance between
two vectors x and y to be x y. We leave as an exercise the
proof of the following proposition about the properties of Euclidean
inner products.
Proposition 12.6. Let x, y, and w be vectors in Rn and R.
Then
1. x, y = y, x.
2. x, y + w = x, y + x, w.
3. x, y = x, y = x, y.
4. x, x 0 with equality exactly when x = 0.
5. If x, y = 0 for all x in Rn , then y = 0.
Example 12.7. The vector x = (3, 4)t has length
We can also see that the orthogonal matrix
(
)
3/5 4/5
A=
4/5 3/5
32 + 42 = 5.
12.1. MATRIX GROUPS
173
preserves the length of this vector. The vector Ax = (7/5, 24/5)t

also has length 5.
Since det(AAt ) = det(I) = 1 and det(A) = det(At ), the determinant of any orthogonal matrix is either 1 or 1. Consider the
column vectors

a1j
a2j

aj = .
..
anj
of the orthogonal matrix A = (aij ). Since AAt = I, ar , as = rs ,
where
{
1 r=s
rs =
0 r = s
is the Kronecker delta. Accordingly, column vectors of an orthogonal matrix all have length 1; and the Euclidean inner product of
distinct column vectors is zero. Any set of vectors satisfying these
properties is called an orthonormal set. Conversely, given an
n n matrix A whose columns form an orthonormal set, it follows
that A1 = At .
We say that a matrix A is distance-preserving, length-preserving,
or inner product-preserving when T xT y = xy, T x =
x, or T x, T y = x, y, respectively. The following theorem,
which characterizes the orthogonal group, says that these notions
are the same.
Theorem 12.8. Let A be an n n matrix. The following statements are equivalent.
1. The columns of the matrix A form an orthonormal set.
2. A1 = At .
3. For vectors x and y, Ax, Ay = x, y.
4. For vectors x and y, Ax Ay = x y.
5. For any vector x, Ax = x.
Proof. We have already shown (1) and (2) to be equivalent.
(2) (3).
Ax, Ay = (Ax)t Ay
= xt At Ay
= xt y
= x, y.
174

(3) (2). Since
x, x = Ax, Ax
= xt At Ax
= x, At Ax,
we know that x, (At A I)x = 0 for all x. Therefore, At A I = 0

or A1 = At .
(3) (4). If A is inner product-preserving, then A is distancepreserving, since
Ax Ay2 = A(x y)2
= A(x y), A(x y)
= x y, x y
= x y2 .
(4) (5). If A is distance-preserving, then A is length-preserving.
Letting y = 0, we have
Ax = Ax Ay = x y = x.
(5) (3). We use the following identity to show that lengthpreserving implies inner product-preserving:
x, y =
]
1[
x + y2 x2 y2 .
2
Observe that
]
1[
Ax + Ay2 Ax2 Ay2
2
]
1[
=
A(x + y)2 Ax2 Ay2
2
]
1[
x + y2 x2 y2
=
2
= x, y.
Ax, Ay =
y
(sin , cos )
(cos , sin )
(a, b)
x
(a, b)
Figure 12.9: O(2) acting on R2
12.1. MATRIX GROUPS
175
Example 12.10. Let us examine the orthogonal group on R2 a

bit more closely. An element T O(2) is determined by its action
on e1 = (1, 0)t and e2 = (0, 1)t . If T (e1 ) = (a, b)t , then a2 + b2 = 1
and T (e2 ) = (b, a)t . Hence, T can be represented by
(
) (
)
a b
cos sin
A=
=
,
b a
sin cos
where 0 < 2. A matrix T in O(2) either reflects or rotates a
vector in R2 (Figure 12.9). A reflection about the horizontal axis
is given by the matrix
(
)
1 0
,
0 1
whereas a rotation by an angle in a counterclockwise direction
must come from a matrix of the form
(
)
cos sin
.
sin cos
A reflection about a line is simply a reflection about the horizontal
axis followed by a rotation. If det A = 1, then A gives a reflection.
Two of the other matrix or matrix-related groups that we will
consider are the special orthogonal group and the group of Euclidean motions. The special orthogonal group, SO(n), is just
the intersection of O(n) and SLn (R); that is, those elements in
O(n) with determinant one. The Euclidean group, E(n), can be
written as ordered pairs (A, x), where A is in O(n) and x is in Rn .
We define multiplication by
(A, x)(B, y) = (AB, Ay + x).
The identity of the group is (I, 0); the inverse of (A, x) is (A1 , A1 x).
In Exercise 12.3.6, you are asked to check that E(n) is indeed a
group under this operation.
y
y
x+y
x
x
Figure 12.11: Translations in R2
176
12.2
Symmetry
An isometry or rigid motion in Rn is a distance-preserving function f from Rn to Rn . This means that f must satisfy
f (x) f (y) = x y
for all x, y Rn . It is not difficult to show that f must be a oneto-one map. By Theorem 12.8, any element in O(n) is an isometry
on Rn ; however, O(n) does not include all possible isometries on
Rn . Translation by a vector x, Ty (x) = x + y is also an isometry
(Figure 12.11); however, T cannot be in O(n) since it is not a linear
map.
We are mostly interested in isometries in R2 . In fact, the only
isometries in R2 are rotations and reflections about the origin,
translations, and combinations of the two. For example, a glide
reflection is a translation followed by a reflection (Figure 12.12).
In Rn all isometries are given in the same manner. The proof is
very easy to generalize.
y
x
x
x
T (x)
Figure 12.12: Glide reflections

Lemma 12.13. An isometry f that fixes the origin in R2 is a
linear transformation. In particular, f is given by an element in
O(2).
Proof. Let f be an isometry in R2 fixing the origin. We will first
show that f preserves inner products. Since f (0) = 0, f (x) =
x; therefore,
x2 2f (x), f (y) + y2 = f (x)2 2f (x), f (y) + f (y)2
= f (x) f (y), f (x) f (y)
= f (x) f (y)2
= x y2
= x y, x y
= x2 2x, y + y2 .
12.2. SYMMETRY
177
Consequently,
f (x), f (y) = x, y.
Now let e1 and e2 be (1, 0)t and (0, 1)t , respectively. If
x = (x1 , x2 ) = x1 e1 + x2 e2 ,
then
f (x) = f (x), f (e1 )f (e1 )+f (x), f (e2 )f (e2 ) = x1 f (e1 )+x2 f (e2 ).
The linearity of f easily follows.
For any arbitrary isometry, f , Tx f will fix the origin for some
vector x in R2 ; hence, Tx f (y) = Ay for some matrix A O(2).
Consequently, f (y) = Ay + x. Given the isometries
f (y) = Ay + x1
g(y) = By + x2 ,
their composition is
f (g(y)) = f (By + x2 ) = ABy + Ax2 + x1 .
This last computation allows us to identify the group of isometries
on R2 with E(2).
Theorem 12.14. The group of isometries on R2 is the Euclidean
group, E(2).
A symmetry group in Rn is a subgroup of the group of isometries on Rn that fixes a set of points X R2 . It is important to
realize that the symmetry group of X depends both on Rn and on
X. For example, the symmetry group of the origin in R1 is Z2 , but
the symmetry group of the origin in R2 is O(2).
Theorem 12.15. The only finite symmetry groups in R2 are Zn
and Dn .
Proof. Any finite symmetry group G in R2 must be a finite subgroup of O(2); otherwise, G would have an element in E(2) of the
form (A, x), where x = 0. Such an element must have infinite
order.
By Example 12.10, elements in O(2) are either rotations of the
form
(
)
cos sin
R =
sin cos
or reflections of the form
(
)(
) (
)
cos sin
1 0
cos sin
T =
=
.
sin cos
0 1
sin cos
178
Notice that det(R ) = 1, det(T ) = 1, and T2 = I. We can divide

the proof up into two cases. In the first case, all of the elements in
G have determinant one. In the second case, there exists at least
one element in G with determinant 1.
Case 1. The determinant of every element in G is one. In this
case every element in G must be a rotation. Since G is finite, there
is a smallest angle, say 0 , such that the corresponding element
R0 is the smallest rotation in the positive direction. We claim
that R0 generates G. If not, then for some positive integer n there
is an angle 1 between n0 and (n + 1)0 . If so, then (n + 1)0 1
corresponds to a rotation smaller than 0 , which contradicts the
minimality of 0 .
Case 2. The group G contains a reflection T . The kernel of
the homomorphism : G {1, 1} given by A 7 det(A) consists
of elements whose determinant is 1. Therefore, |G/ ker | = 2. We
know that the kernel is cyclic by the first case and is a subgroup
of G of, say, order n. Hence, |G| = 2n. The elements of G are
R , . . . , Rn1 , T R , . . . , T Rn1 .
These elements satisfy the relation
T R T = R1 .
Consequently, G must be isomorphic to Dn in this case.
The Wallpaper Groups

Suppose that we wish to study wallpaper patterns in the plane
or crystals in three dimensions. Wallpaper patterns are simply
repeating patterns in the plane (Figure 12.16). The analogs of
wallpaper patterns in R3 are crystals, which we can think of as
repeating patterns of molecules in three dimensions (Figure 12.17).
The mathematical equivalent of a wallpaper or crystal pattern is
called a lattice.
Figure 12.16: A wallpaper pattern in R2
12.2. SYMMETRY
179
Figure 12.17: A crystal structure in R3

Let us examine wallpaper patterns in the plane a little more
closely. Suppose that x and y are linearly independent vectors in
R2 ; that is, one vector cannot be a scalar multiple of the other. A
lattice of x and y is the set of all linear combinations mx + ny,
where m and n are integers. The vectors x and y are said to be a
basis for the lattice.
Notice that a lattice can have several bases. For example,
the vectors (1, 1)t and (2, 0)t have the same lattice as the vectors (1, 1)t and (1, 1)t (Figure 12.18). However, any lattice is
completely determined by a basis. Given two bases for the same
lattice, say {x1 , x2 } and {y1 , y2 }, we can write
y1 = 1 x1 + 2 x2
y2 = 1 x1 + 2 x2 ,
where 1 , 2 , 1 , and 2 are integers. The matrix corresponding
to this transformation is
)
(
1 2
.
U=
1 2
If we wish to give x1 and x2 in terms of y1 and y2 , we need only
calculate U 1 ; that is,
( ) ( )
x1
1 y1
.
=
U
y2
x2
Since U has integer entries, U 1 must also have integer entries;
hence the determinants of both U and U 1 must be integers. Because U U 1 = I,
det(U U 1 ) = det(U ) det(U 1 ) = 1;
consequently, det(U ) = 1. A matrix with determinant 1 and
integer entries is called unimodular. For example, the matrix
(
)
3 1
5 2
180
is unimodular. It should be clear that there is a minimum length

for vectors in a lattice.
(1, 1)
(1, 1)
(2, 0)
(1, 1)
Figure 12.18: A lattice in R2

We can classify lattices by studying their symmetry groups.
The symmetry group of a lattice is the subgroup of E(2) that maps
the lattice to itself. We consider two lattices in R2 to be equivalent
if they have the same symmetry group. Similarly, classification of
crystals in R3 is accomplished by associating a symmetry group,
called a space group, with each type of crystal. Two lattices are
considered different if their space groups are not the same. The
natural question that now arises is how many space groups exist.
A space group is composed of two parts: a translation subgroup and a point. The translation subgroup is an infinite abelian
subgroup of the space group made up of the translational symmetries of the crystal; the point group is a finite group consisting of
rotations and reflections of the crystal about a point. More specifically, a space group is a subgroup of G E(2) whose translations
are a set of the form {(I, t) : t L}, where L is a lattice. Space
groups are, of course, infinite. Using geometric arguments, we can
prove the following theorem (see [5] or [6]).
Theorem 12.19. Every translation group in R2 is isomorphic to
Z Z.
The point group of G is G0 = {A : (A, b) G for some b}. In
particular, G0 must be a subgroup of O(2). Suppose that x is a
vector in a lattice L with space group G, translation group H, and
point group G0 . For any element (A, y) in G,
(A, y)(I, x)(A, y)1 = (A, Ax + y)(A1 , A1 y)
= (AA1 , AA1 y + Ax + y)
= (I, Ax);
hence, (I, Ax) is in the translation group of G. More specifically,
Ax must be in the lattice L. It is important to note that G0 is
12.2. SYMMETRY
181
not usually a subgroup of the space group G; however, if T is the

translation subgroup of G, then G/T
= G0 . The proof of the
following theorem can be found in [2], [5], or [6].
Theorem 12.20. The point group in the wallpaper groups is isomorphic to Zn or Dn , where n = 1, 2, 3, 4, 6.
To answer the question of how the point groups and the translation groups can be combined, we must look at the different types
of lattices. Lattices can be classified by the structure of a single
lattice cell. The possible cell shapes are parallelogram, rectangular, square, rhombic, and hexagonal (Figure 12.21). The wallpaper
groups can now be classified according to the types of reflections
that occur in each group: these are ordinarily reflections, glide
reflections, both, or none.
Rectangular
Square
Rhombic
Parallelogram
Hexagonal
Figure 12.21: Types of lattices in R2
182
Notation and
Space Groups
p1
p2
p3
p4
p6
pm
pg
cm
pmm
pmg
pgg
c2mm
p3m1, p31m
p4m, p4g
p6m
Point Group
Z1
Z2
Z3
Z4
Z6
D1
D1
D1
D2
D2
D2
D2
D3
D4
D6
Lattice Type
parallelogram
parallelogram
hexagonal
square
hexagonal
rectangular
rectangular
rhombic
rectangular
rectangular
rectangular
rhombic
hexagonal
square
hexagonal
Reflections or
Glide Reflections?
none
none
none
none
none
reflections
glide reflections
both
reflections
glide reflections
both
both
both
both
both
Table 12.22: The 17 wallpaper groups

Theorem 12.23. There are exactly 17 wallpaper groups.
p4m
p4g
Figure 12.24: The wallpaper groups p4m and p4g

The 17 wallpaper groups are listed in Table 12.22. The groups
p3m1 and p31m can be distinguished by whether or not all of their
threefold centers lie on the reflection axes: those of p3m1 must,
whereas those of p31m may not. Similarly, the fourfold centers of
p4m must lie on the reflection axes whereas those of p4g need not
(Figure 12.24). The complete proof of this theorem can be found
in several of the references at the end of this chapter, including [5],
[6], [10], and [11].
Sage We have not yet included any Sage material related to this
chapter.
12.3. EXERCISES
183
Historical Note
Symmetry groups have intrigued mathematicians for a long

time. Leonardo da Vinci was probably the first person to know
all of the point groups. At the International Congress of Mathematicians in 1900, David Hilbert gave a now-famous address outlining 23 problems to guide mathematics in the twentieth century.
Hilberts eighteenth problem asked whether or not crystallographic
groups in n dimensions were always finite. In 1910, L. Bieberbach
proved that crystallographic groups are finite in every dimension.
Finding out how many of these groups there are in each dimension
is another matter. In R3 there are 230 different space groups; in
R4 there are 4783. No one has been able to compute the number
of space groups for R5 and beyond. It is interesting to note that
the crystallographic groups were found mathematically for R3 before the 230 different types of crystals were actually discovered in
nature.
12.3
Exercises
1. Prove the identity

x, y =
]
1[
x + y2 x2 y2 .
2
2. Show that O(n) is a group.

3. Prove that the following matrices are orthogonal. Are any of
these matrices in SO(n)?
(a)
(c)

4/ 5
0 3/5
3/ 5 0 4/ 5
0
1
0
)
(
1/2 1/ 2
1/ 2 1/ 2
(d)
(b)
)
1/ 5 2/5
2/ 5 1/ 5
1/3 2/3 2/3

2/3 2/3 1/3
2/3 1/3 2/3
4. Determine the symmetry group of each of the figures in Figure 12.25.
184
(a)
(c)
(b)
Figure 12.25
5. Let x, y, and w be vectors in Rn and R. Prove each of the

following properties of inner products.
(a) x, y = y, x.
(b) x, y + w = x, y + x, w.
(c) x, y = x, y = x, y.
(d) x, x 0 with equality exactly when x = 0.
(e) If x, y = 0 for all x in Rn , then y = 0.
6. Verify that
E(n) = {(A, x) : A O(n) and x Rn }
is a group.
7. Prove that {(2, 1), (1, 1)} and {(12, 5), (7, 3)} are bases for the
same lattice.
8. Let G be a subgroup of E(2) and suppose that T is the translation subgroup of G. Prove that the point group of G is isomorphic
to G/T .
9. Let A SL2 (R) and suppose that the vectors x and y form
two sides of a parallelogram in R2 . Prove that the area of this
parallelogram is the same as the area of the parallelogram with
sides Ax and Ay.
10. Prove that SO(n) is a normal subgroup of O(n).
11. Show that any isometry f in Rn is a one-to-one map.
12. Show that an element in E(2) of the form (A, x), where x = 0,
has infinite order.
185
13. Prove or disprove: There exists an infinite abelian subgroup

of O(n).
14. Let x = (x1 , x2 ) be a point on the unit circle in R2 ; that is,
x21 + x22 = 1. If A O(2), show that Ax is also a point on the unit
circle.
15. Let G be a group with a subgroup H (not necessarily normal)
and a normal subgroup N . Then G is a semidirect product of
N by H if
H N = {id};
HN = G.
Show that each of the following is true.
(a) S3 is the semidirect product of A3 by H = {(1), (12)}.
(b) The quaternion group, Q8 , cannot be written as a semidirect
product.
(c) E(2) is the semidirect product of O(2) by H, where H consists
of all translations in R2 .
16. Determine which of the 17 wallpaper groups preserves the symmetry of the pattern in Figure 12.16.
17. Determine which of the 17 wallpaper groups preserves the symmetry of the pattern in Figure 12.26.
Figure 12.26
18. Find the rotation group of a dodecahedron.

19. For each of the 17 wallpaper groups, draw a wallpaper pattern
having that group as a symmetry group.
12.4
186
[1]
Coxeter, H. M. and Moser, W. O. J. Generators and Relations for Discrete Groups, 3rd ed. Springer-Verlag, New
York, 1972.
[2]
Grove, L. C. and Benson, C. T. Finite Reflection Groups.

2nd ed. Springer-Verlag, New York, 1985.
[3]
Hiller, H. Crystallography and Cohomology of Groups, American Mathematical Monthly 93 (1986), 76579.
[4]
Lockwood, E. H. and Macmillan, R. H. Geometric Symmetry.

Cambridge University Press, Cambridge, 1978.
[5]
Mackiw, G. Applications of Abstract Algebra. Wiley, New

York, 1985.
[6]
Martin, G. Transformation Groups: An Introduction to Symmetry. Springer-Verlag, New York, 1982.
[7]
Milnor, J. Hilberts Problem 18: On Crystallographic Groups,

Fundamental Domains, and Sphere Packing, t Proceedings
of Symposia in Pure Mathematics 18, American Mathematical Society, 1976.
[8]
Phillips, F. C. An Introduction to Crystallography. 4th ed.

Wiley, New York, 1971.
[9]
Rose, B. I. and Stafford, R. D. An Elementary Course in

Mathematical Symmetry, American Mathematical Monthly
88 (1980), 5464.
[10] Schattschneider, D. The Plane Symmetry Groups: Their

Recognition and Their Notation, American Mathematical
Monthly 85(1978), 43950.
[11] Schwarzenberger, R. L. The 17 Plane Symmetry Groups,
Mathematical Gazette 58(1974), 12331.
[12] Weyl, H. Symmetry. Princeton University Press, Princeton,
NJ, 1952.
13
The Structure of Groups
The ultimate goal of group theory is to classify all groups up to

isomorphism; that is, given a particular group, we should be able to
match it up with a known group via an isomorphism. For example,
we have already proved that any finite cyclic group of order n is
isomorphic to Zn ; hence, we know all finite cyclic groups. It
is probably not reasonable to expect that we will ever know all
groups; however, we can often classify certain types of groups or
distinguish between groups in special cases.
In this chapter we will characterize all finite abelian groups.
We shall also investigate groups with sequences of subgroups. If a
group has a sequence of subgroups, say
G = Hn Hn1 H1 H0 = {e},
where each subgroup Hi is normal in Hi+1 and each of the factor
groups Hi+1 /Hi is abelian, then G is a solvable group. In addition
to allowing us to distinguish between certain classes of groups,
solvable groups turn out to be central to the study of solutions to
polynomial equations.
13.1
Finite Abelian Groups
In our investigation of cyclic groups we found that every group of

prime order was isomorphic to Zp , where p was a prime number.
We also determined that Zmn
= Zm Zn when gcd(m, n) = 1. In
fact, much more is true. Every finite abelian group is isomorphic
to a direct product of cyclic groups of prime power order; that is,
every finite abelian group is isomorphic to a group of the type
Zp1 Zpnn ,
1
where each pk is prime (not necessarily distinct).

First, let us examine a slight generalization of finite abelian
groups. Suppose that G is a group and let {gi } be a set of elements
in G, where i is in some index set I (not necessarily finite). The
smallest subgroup of G containing all of the gi s is the subgroup of
G generated by the gi s. If this subgroup of G is in fact all of G,
187
188
CHAPTER 13. THE STRUCTURE OF GROUPS
then G is generated by the set {gi : i I}. In this case the gi s are
said to be the generators of G. If there is a finite set {gi : i I}
that generates G, then G is finitely generated.
Example 13.1. Obviously, all finite groups are finitely generated.
For example, the group S3 is generated by the permutations (12)
and (123). The group Z Zn is an infinite group but is finitely
generated by {(1, 0), (0, 1)}.
Example 13.2. Not all groups are finitely generated. Consider
the rational numbers Q under the operation of addition. Suppose
that Q is finitely generated with generators p1 /q1 , . . . , pn /qn , where
each pi /qi is a fraction expressed in its lowest terms. Let p be some
prime that does not divide any of the denominators q1 , . . . , qn . We
claim that 1/p cannot be in the subgroup of Q that is generated by
p1 /q1 , . . . , pn /qn , since p does not divide the denominator of any
element in this subgroup. This fact is easy to see since the sum of
any two generators is
pi /qi + pj /qj = (pi qj + pj qi )/(qi qj ).
Theorem 13.3. Let H be the subgroup of a group G that is generated by {gi G : i I}. Then h H exactly when it is a product
of the form
h = gi11 ginn ,
where the gik s are not necessarily distinct.
Proof. Let K be the set of all products of the form gi11 ginn ,
where the gik s are not necessarily distinct. Certainly K is a subset
of H. We need only show that K is a subgroup of G. If this is the
case, then K = H, since H is the smallest subgroup containing all
the gi s.
Clearly, the set K is closed under the group operation. Since
gi0 = 1, the identity is in K. It remains to show that the inverse of
an element g = gik11 giknn in K must also be in K. However,
n
1
g 1 = (gik11 giknn )1 = (gik
gik
).
n
1
Now let us restrict our attention to finite abelian groups. We

can express any finite abelian group as a finite direct product of
cyclic groups. More specifically, letting p be prime, we define a
group G to be a p-group if every element in G has as its order
a power of p. For example, both Z2 Z2 and Z4 are 2-groups,
whereas Z27 is a 3-group. We shall prove that every finite abelian
group is isomorphic to a direct product of cyclic p-groups. Before
we state the main theorem concerning finite abelian groups, we
shall consider a special case.
13.1. FINITE ABELIAN GROUPS
189
Theorem 13.4. Every finite abelian group G is the internal direct

product of p-groups.
Proof. If |G| = 1, then the theorem is trivial. Suppose that the
order of G is greater than 1, say
|G| = p1 1 pnn ,
where p1 , . . . , pn are all prime, and define Gi to be the set of
elements in G of order pki for some integer k. Since G is an
abelian group, we are guaranteed that Gi is a subgroup of G for
i = 1, . . . , n. We must show that
G = G1 G2 Gn .
That is, we must be able to write every g G as a unique product
gp1 gpn where gpi is of the order of some power of pi . Since the
order of g divides the order of G, we know that
|g| = p1 1 p2 2 pnn
for some integers 1 , . . . , n . Letting ai = |g|/pi i , the ai s are
relatively prime; hence, there exist integers b1 , . . . , bn such that
a1 b1 + + an bn = 1. Consequently,
g = g a1 b1 ++an bn = g a1 b1 g an bn .
Since
g (ai bi )pi = g bi |g| = e,
it follows that g ai bi must be in Gi . Let gi = g ai bi . Then g = g1 gn

and Gi Gj = {e} for i = j.
To show uniqueness, suppose that g = g1 gn = h1 hn ,
with hi Gi . Then
e = (g1 gn )(h1 hn )1 = g1 h11 gn h1
n .
1
1
The order of gi h1
i is a power of pi ; hence, the order of g1 h1 gn hn
1
is the least common multiple of the orders of the gi hi . This must
be 1, since the order of the identity is 1. Therefore, |gi h1
i | = 1 or
gi = hi for i = 1, . . . , n.
We shall now state the Fundamental Theorem of Finite Abelian

Groups.
Theorem 13.5 (Fundamental Theorem of Finite Abelian Groups).
Every finite abelian group G is isomorphic to a direct product of
cyclic groups of the form
Zp1 Zp2 Zpnn
1
here the pi s are primes (not necessarily distinct).
190
Example 13.6. Suppose that we wish to classify all abelian groups

of order 540 = 22 33 5. The Fundamental Theorem of Finite
Abelian Groups tells us that we have the following six possibilities.
Z2 Z2 Z3 Z3 Z3 Z5 ;
Z2 Z2 Z3 Z9 Z5 ;
Z2 Z2 Z27 Z5 ;
Z4 Z3 Z3 Z3 Z5 ;
Z4 Z3 Z9 Z5 ;
Z4 Z27 Z5 .
The proof of the Fundamental Theorem relies on the following
lemma.
Lemma 13.7. Let G be a finite abelian p-group and suppose that
g G has maximal order. Then G is isomorphic to g H for
some subgroup H of G.
Proof. Suppose that the order of G is pn . We shall induct on n.
If n = 1, then G is cyclic of order p and must be generated by g.
Suppose now that the statement of the lemma holds for all integers
k with 1 k < n and let g be of maximal order in G, say |g| = pm .
m
Then ap = e for all a G. Now choose h in G such that h
/ g,
where h has the smallest possible order. Certainly such an h exists;
otherwise, G = g and we are done. Let H = h.
We claim that g H = {e}. It suffices to show that |H| = p.
Since |hp | = |h|/p, the order of hp is smaller than the order of h
and must be in g by the minimality of h; that is, hp = g r for
some number r. Hence,
m1
(g r )p
= (hp )p
m1
= hp = e,
and the order of g r must be less than or equal to pm1 . Therefore,

g r cannot generate g. Notice that p must occur as a factor of
r, say r = ps, and hp = g r = g ps . Define a to be g s h. Then a
cannot be in g; otherwise, h would also have to be in g. Also,
ap = g sp hp = g r hp = hp hp = e.
We have now formed an element a with order p such that a
/ g.
Since h was chosen to have the smallest order of all of the elements
that are not in g, |H| = p.
Now we will show that the order of gH in the factor group G/H
must be the same as the order of g in G. If |gH| < |g| = pm , then
m1
H = (gH)p
= gp
m1
H;
13.2. SOLVABLE GROUPS
191
m1
hence, g p
must be in g H = {e}, which contradicts the
fact that the order of g is pm . Therefore, gH must have maximal
order in G/H. By the Correspondence Theorem and our induction
hypothesis,
G/H
= gH K/H
for some subgroup K of G containing H. We claim that g K =
{e}. If b g K, then bH gH K/H = {H} and b g
H = {e}. It follows that G = gK implies that G
= g K.
The proof of the Fundamental Theorem of Finite Abelian Groups
follows very quickly from Lemma 13.7. Suppose that G is a finite
abelian group and let g be an element of maximal order in G. If
g = G, then we are done; otherwise, G
= Z|g| H for some subgroup H contained in G by the lemma. Since |H| < |G|, we can
apply mathematical induction.
We now state the more general theorem for all finitely generated
abelian groups. The proof of this theorem can be found in any of
the references at the end of this chapter.
Theorem 13.8 (The Fundamental Theorem of Finitely Generated Abelian Groups). Every finitely generated abelian group G is
isomorphic to a direct product of cyclic groups of the form
Zp1 Zp2 Zpnn Z Z,
1
where the pi s are primes (not necessarily distinct).
13.2
Solvable Groups
A subnormal series of a group G is a finite sequence of subgroups

G = Hn Hn1 H1 H0 = {e},
where Hi is a normal subgroup of Hi+1 . If each subgroup Hi is
normal in G, then the series is called a normal series. The
length of a subnormal or normal series is the number of proper
inclusions.
Example 13.9. Any series of subgroups of an abelian group is a
normal series. Consider the following series of groups:
Z 9Z 45Z 180Z {0},
Z24 2 6 12 {0}.
Example 13.10. A subnormal series need not be a normal series.
Consider the following subnormal series of the group D4 :
D4 {(1), (12)(34), (13)(24), (14)(23)} {(1), (12)(34)} {(1)}.
The subgroup {(1), (12)(34)} is not normal in D4 ; consequently,
this series is not a normal series.
192
A subnormal (normal) series {Kj } is a refinement of a subnormal (normal) series {Hi } if {Hi } {Kj }. That is, each Hi
is one of the Kj .
Example 13.11. The series
Z 3Z 9Z 45Z 90Z 180Z {0}
is a refinement of the series
Z 9Z 45Z 180Z {0}.
The best way to study a subnormal or normal series of subgroups, {Hi } of G, is actually to study the factor groups Hi+1 /Hi .
We say that two subnormal (normal) series {Hi } and {Kj } of a
group G are isomorphic if there is a one-to-one correspondence
between the collections of factor groups {Hi+1 /Hi } and {Kj+1 /Kj }.
Example 13.12. The two normal series
Z60 3 15 {0}
Z60 4 20 {0}
of the group Z60 are isomorphic since
Z60 /3
= 20/{0}
= Z3
3/15
= 4/20
= Z5
15/{0}
= Z60 /4
= Z4 .
A subnormal series {Hi } of a group G is a composition series
if all the factor groups are simple; that is, if none of the factor
groups of the series contains a normal subgroup. A normal series
{Hi } of G is a principal series if all the factor groups are simple.
Example 13.13. The group Z60 has a composition series
Z60 3 15 30 {0}
with factor groups
Z60 /3
= Z3
3/15
= Z5
15/30
= Z2
30/{0}
= Z2 .
Since Z60 is an abelian group, this series is automatically a principal
series. Notice that a composition series need not be unique. The
series
Z60 2 4 20 {0}
is also a composition series.
13.2. SOLVABLE GROUPS
193
Example 13.14. For n 5, the series

Sn An {(1)}
is a composition series for Sn since Sn /An
= Z2 and An is simple.
Example 13.15. Not every group has a composition series or a
principal series. Suppose that
{0} = H0 H1 Hn1 Hn = Z
is a subnormal series for the integers under addition. Then H1
must be of the form kZ for some k N. In this case H1 /H0
=
kZ is an infinite cyclic group with many nontrivial proper normal
subgroups.
Although composition series need not be unique as in the case
of Z60 , it turns out that any two composition series are related.
The factor groups of the two composition series for Z60 are Z2 , Z2 ,
Z3 , and Z5 ; that is, the two composition series are isomorphic. The
Jordan-Hlder Theorem says that this is always the case.
Theorem 13.16 (Jordan-Hlder). Any two composition series of
G are isomorphic.
Proof. We shall employ mathematical induction on the length of
the composition series. If the length of a composition series is 1,
then G must be a simple group. In this case any two composition
series are isomorphic.
Suppose now that the theorem is true for all groups having a
composition series of length k, where 1 k < n. Let
G = Hn Hn1 H1 H0 = {e}
G = Km Km1 K1 K0 = {e}
be two composition series for G. We can form two new subnormal
series for G since Hi Km1 is normal in Hi+1 Km1 and Kj Hn1
is normal in Kj+1 Hn1 :
G = Hn Hn1 Hn1 Km1 H0 Km1 = {e}
G = Km Km1 Km1 Hn1 K0 Hn1 = {e}.
Since Hi Km1 is normal in Hi+1 Km1 , the Second Isomorphism
Theorem (Theorem 11.12) implies that
(Hi+1 Km1 )/(Hi Km1 ) = (Hi+1 Km1 )/(Hi (Hi+1 Km1 ))
= Hi (Hi+1 Km1 )/Hi ,

where Hi is normal in Hi (Hi+1 Km1 ). Since {Hi } is a composition series, Hi+1 /Hi must be simple; consequently, Hi (Hi+1
194
Km1 )/Hi is either Hi+1 /Hi or Hi /Hi . That is, Hi (Hi+1 Km1 )
must be either Hi or Hi+1 . Removing any nonproper inclusions
from the series
Hn1 Hn1 Km1 H0 Km1 = {e},
we have a composition series for Hn1 . Our induction hypothesis
says that this series must be equivalent to the composition series
Hn1 H1 H0 = {e}.
Hence, the composition series
G = Hn Hn1 H1 H0 = {e}
and
are equivalent. If Hn1 = Km1 , then the composition series {Hi }
and {Kj } are equivalent and we are done; otherwise, Hn1 Km1
is a normal subgroup of G properly containing Hn1 . In this case
Hn1 Km1 = G and we can apply the Second Isomorphism Theorem once again; that is,
Km1 /(Km1 Hn1 )
= (Hn1 Km1 )/Hn1 = G/Hn1 .
Therefore,
and
G = Km Km1 Km1 Hn1 K0 Hn1 = {e}
are equivalent and the proof of the theorem is complete.
A group G is solvable if it has a subnormal series {Hi } such
that all of the factor groups Hi+1 /Hi are abelian. Solvable groups
will play a fundamental role when we study Galois theory and the
solution of polynomial equations.
Example 13.17. The group S4 is solvable since
S4 A4 {(1), (12)(34), (13)(24), (14)(23)} {(1)}
has abelian factor groups; however, for n 5 the series
Sn An {(1)}
is a composition series for Sn with a nonabelian factor group.
Therefore, Sn is not a solvable group for n 5.
13.3. EXERCISES
195
Sage Sage is able to create direct products of cyclic groups, though

they are realized as permutation groups. This is a situation that
should improve. However, with a classification of finite abelian
groups, we can describe how to construct in Sage every group of
order less than 16.
13.3
Exercises
1. Find all of the abelian groups of order less than or equal to 40

up to isomorphism.
2. Find all of the abelian groups of order 200 up to isomorphism.
3. Find all of the abelian groups of order 720 up to isomorphism.
4. Find all of the composition series for each of the following
groups.
(a) Z12
(e) S3 Z4
(b) Z48
(f) S4
(c) The quaternions, Q8
(g) Sn , n 5
(d) D4
(h) Q
5. Show that the infinite direct product G = Z2 Z2 is not

finitely generated.
6. Let G be an abelian group of order m. If n divides m, prove
that G has a subgroup of order n.
7. A group G is a torsion group if every element of G has finite
order. Prove that a finitely generated abelian torsion group must
be finite.
8. Let G, H, and K be finitely generated abelian groups. Show
that if G H
= G K, then H
= K. Give a counterexample to
show that this cannot be true in general.
9. Let G and H be solvable groups. Show that G H is also
solvable.
10. If G has a composition (principal) series and if N is a proper
normal subgroup of G, show there exists a composition (principal)
series containing N .
11. Prove or disprove: Let N be a normal subgroup of G. If N and
G/N have composition series, then G must also have a composition
series.
196
12. Let N be a normal subgroup of G. If N and G/N are solvable

groups, show that G is also a solvable group.
13. Prove that G is a solvable group if and only if G has a series
of subgroups
G = Pn Pn1 P1 P0 = {e}
where Pi is normal in Pi+1 and the order of Pi+1 /Pi is prime.
14. Let G be a solvable group. Prove that any subgroup of G is
also solvable.
15. Let G be a solvable group and N a normal subgroup of G.
Prove that G/N is solvable.
16. Prove that Dn is solvable for all integers n.
17. Suppose that G has a composition series. If N is a normal
subgroup of G, show that N and G/N also have composition series.
18. Let G be a cyclic p-group with subgroups H and K. Prove
that either H is contained in K or K is contained in H.
19. Suppose that G is a solvable group with order n 2. Show
that G contains a normal nontrivial abelian subgroup.
20. Recall that the commutator subgroup G of a group G is defined as the subgroup of G generated by elements of the form
a1 b1 ab for a, b G. We can define a series of subgroups of
G by G(0) = G, G(1) = G , and G(i+1) = (G(i) ) .
(a) Prove that G(i+1) is normal in (G(i) ) . The series of subgroups
G(0) = G G(1) G(2)
is called the derived series of G.
(b) Show that G is solvable if and only if G(n) = {e} for some
integer n.
21. Suppose that G is a solvable group with order n 2. Show
that G contains a normal nontrivial abelian factor group.
22. (Zassenhaus Lemma) Let H and K be subgroups of a group
G. Suppose also that H and K are normal subgroups of H and
K respectively. Then
(a) H (H K ) is a normal subgroup of H (H K).
(b) K (H K) is a normal subgroup of K (H K).
197
(c) H (H K)/H (H K )
= K (H K)/K (H K)
= (H
K)/(H K)(H K ).
23. (Schreiers Theorem) Use the Zassenhaus Lemma to prove
that two subnormal (normal) series of a group G have isomorphic
refinements.
24. Use Schreiers Theorem to prove the Jordan-Hlder Theorem.
13.4
1. Write a program that will compute all possible abelian groups

of order n. What is the largest n for which your program will work?
13.5
[1]
Hungerford, T. W. Algebra. Springer, New York, 1974.
[2]
Lang, S. Algebra. 3rd ed. Springer, New York, 2002.
[3]
Rotman, J. J. An Introduction to the Theory of Groups. 4th

ed. Springer, New York, 1995.
14
Group Actions
Group actions generalize group multiplication. If G is a group and

X is an arbitrary set, a group action of an element g G and
x X is a product, gx, living in X. Many problems in algebra
are best be attacked via group actions. For example, the proofs
of the Sylow theorems and of Burnsides Counting Theorem are
most easily understood when they are formulated in terms of group
actions.
14.1
Groups Acting on Sets
Let X be a set and G be a group. A (left) action of G on X is a

map G X X given by (g, x) 7 gx, where
1. ex = x for all x X;
2. (g1 g2 )x = g1 (g2 x) for all x X and all g1 , g2 G.
Under these considerations X is called a G-set. Notice that we
are not requiring X to be related to G in any way. It is true that
every group G acts on every set X by the trivial action (g, x) 7 x;
however, group actions are more interesting if the set X is somehow
related to the group G.
Example 14.1. Let G = GL2 (R) and X = R2 . Then G acts on X
by left multiplication. If v R2 and I is the identity matrix, then
Iv = v. If A and B are 2 2 invertible matrices, then (AB)v =
A(Bv) since matrix multiplication is associative.
Example 14.2. Let G = D4 be the symmetry group of a square.
If X = {1, 2, 3, 4} is the set of vertices of the square, then we can
consider D4 to consist of the following permutations:
{(1), (13), (24), (1432), (1234), (12)(34), (14)(23), (13)(24)}.
The elements of D4 act on X as functions. The permutation
(13)(24) acts on vertex 1 by sending it to vertex 3, on vertex 2
by sending it to vertex 4, and so on. It is easy to see that the
axioms of a group action are satisfied.
198
14.1. GROUPS ACTING ON SETS
199
In general, if X is any set and G is a subgroup of SX , the group

of all permutations acting on X, then X is a G-set under the group
action
(, x) 7 (x)
for G and x X.
Example 14.3. If we let X = G, then every group G acts on itself
by the left regular representation; that is, (g, x) 7 g (x) = gx,
where g is left multiplication:
e x = e x = ex = x
(gh) x = gh x = g h x = g (hx) = g (h x).
If H is a subgroup of G, then G is an H-set under left multiplication
by elements of H.
Example 14.4. Let G be a group and suppose that X = G. If H
is a subgroup of G, then G is an H-set under conjugation; that
is, we can define an action of H on G,
H G G,
via
(h, g) 7 hgh1
for h H and g G. Clearly, the first axiom for a group action
holds. Observing that
(h1 h2 , g) = h1 h2 g(h1 h2 )1
1
= h1 (h2 gh1
2 )h1
= (h1 , (h2 , g)),

we see that the second condition is also satisfied.
Example 14.5. Let H be a subgroup of G and LH the set of left
cosets of H. The set LH is a G-set under the action
(g, xH) 7 gxH.
Again, it is easy to see that the first axiom is true. Since (gg )xH =
g(g xH), the second axiom is also true.
If G acts on a set X and x, y X, then x is said to be Gequivalent to y if there exists a g G such that gx = y. We write
x G y or x y if two elements are G-equivalent.
Proposition 14.6. Let X be a G-set. Then G-equivalence is an
equivalence relation on X.
200
CHAPTER 14. GROUP ACTIONS
Proof. The relation is reflexive since ex = x. Suppose that

x y for x, y X. Then there exists a g such that gx = y.
In this case g 1 y = x; hence, y x. To show that the relation
is transitive, suppose that x y and y z. Then there must
exist group elements g and h such that gx = y and hy = z. So
z = hy = (hg)x, and x is equivalent to z.
If X is a G-set, then each partition of X associated with Gequivalence is called an orbit of X under G. We will denote the
orbit that contains an element x of X by Ox .
Example 14.7. Let G be the permutation group defined by
G = {(1), (123), (132), (45), (123)(45), (132)(45)}
and X = {1, 2, 3, 4, 5}. Then X is a G-set. The orbits are O1 =
O2 = O3 = {1, 2, 3} and O4 = O5 = {4, 5}.
Now suppose that G is a group acting on a set X and let g
be an element of G. The fixed point set of g in X, denoted by
Xg , is the set of all x X such that gx = x. We can also study
the group elements g that fix a given x X. This set is more
than a subset of G, it is a subgroup. This subgroup is called the
stabilizer subgroup or isotropy subgroup of x. We will denote
the stabilizer subgroup of x by Gx .
Remark 14.8. It is important to remember that Xg X and
Gx G.
Example 14.9. Let X = {1, 2, 3, 4, 5, 6} and suppose that G is
the permutation group given by the permutations
{(1), (12)(3456), (35)(46), (12)(3654)}.
Then the fixed point sets of X under the action of G are
X(1) = X,
X(35)(46) = {1, 2},
X(12)(3456) = X(12)(3654) = ,
and the stabilizer subgroups are
G1 = G2 = {(1), (35)(46)},
G3 = G4 = G5 = G6 = {(1)}.
It is easily seen that Gx is a subgroup of G for each x X.
Proposition 14.10. Let G be a group acting on a set X and
x X. The stabilizer group of x, Gx , is a subgroup of G.
14.2. THE CLASS EQUATION
201
Proof. Clearly, e Gx since the identity fixes every element in

the set X. Let g, h Gx . Then gx = x and hx = x. So (gh)x =
g(hx) = gx = x; hence, the product of two elements in Gx is also in
Gx . Finally, if g Gx , then x = ex = (g 1 g)x = (g 1 )gx = g 1 x.
So g 1 is in Gx .
We will denote the number of elements in the fixed point set of
an element g G by |Xg | and denote the number of elements in
the orbit of x X by |Ox |. The next theorem demonstrates the
relationship between orbits of an element x X and the left cosets
of Gx in G.
Theorem 14.11. Let G be a finite group and X a finite G-set. If
x X, then |Ox | = [G : Gx ].
Proof. We know that |G|/|Gx | is the number of left cosets of
Gx in G by Lagranges Theorem (Theorem 6.10). We will define
a bijective map between the orbit Ox of X and the set of left
cosets LGx of Gx in G. Let y Ox . Then there exists a g in G
such that gx = y. Define by (y) = gGx . First we must show
that this map is well-defined and does not depend on our selection
of y. Suppose that y is another element in Ox such that hx = y
for some h G. Then gx = hx or x = g 1 hx; hence, g 1 h is in
the stabilizer subgroup of x. Therefore, h gGx or gGx = hGx .
Thus, y gets mapped to the same coset regardless of the choice of
the representative from that coset.
To show that is one-to-one, assume that (y1 ) = (y2 ). Then
there exist g1 , g2 G such that y1 = g1 x and y2 = g2 x. Since there
exists a g Gx such that g2 = g1 g,
y2 = g2 x = g1 gx = g1 x = y1 ;
consequently, the map is one-to-one. Finally, we must show that
the map is onto. Let gGx be a left coset. If gx = y, then
(y) = gGx .
14.2
The Class Equation
Let X be a finite G-set and XG be the set of fixed points in X;

that is,
XG = {x X : gx = x for all g G}.
Since the orbits of the action partition X,
|X| = |XG | +
|Oxi |,
i=k
where xk , . . . , xn are representatives from the distinct nontrivial

orbits of X.
202
Now consider the special case in which G acts on itself by conjugation, (g, x) 7 gxg 1 . The center of G,
Z(G) = {x : xg = gx for all g G},
is the set of points that are fixed by conjugation. The nontrivial
orbits of the action are called the conjugacy classes of G. If
x1 , . . . , xk are representatives from each of the nontrivial conjugacy
classes of G and |Ox1 | = n1 , . . . , |Oxk | = nk , then
|G| = |Z(G)| + n1 + + nk .
The stabilizer subgroups of each of the xi s, C(xi ) = {g G :
gxi = xi g}, are called the centralizer subgroups of the xi s.
From Theorem 14.11, we obtain the class equation:
|G| = |Z(G)| + [G : C(x1 )] + + [G : C(xk )].
One of the consequences of the class equation is that the order of
each conjugacy class must divide the order of G.
Example 14.12. It is easy to check that the conjugacy classes in
S3 are the following:
{(1)},
{(123), (132)},
{(12), (13), (23)}.
The class equation is 6 = 1 + 2 + 3.

Example 14.13. The center of D4 is {(1), (13)(24)}, and the conjugacy classes are
{(13), (24)},
{(1432), (1234)},
{(12)(34), (14)(23)}.
Thus, the class equation for D4 is 8 = 2 + 2 + 2 + 2.

Example 14.14. For Sn it takes a bit of work to find the conjugacy
classes. We begin with cycles. Suppose that = (a1 , . . . , ak ) is a
cycle and let Sn . By Theorem 6.16,
1 = ( (a1 ), . . . , (ak )).
Consequently, any two cycles of the same length are conjugate.
Now let = 1 2 r be a cycle decomposition, where the length
of each cycle i is ri . Then is conjugate to every other Sn
whose cycle decomposition has the same lengths.
The number of conjugate classes in Sn is the number of ways
in which n can be partitioned into sums of positive integers. In
the case of S3 for example, we can partition the integer 3 into the
following three sums:
3=1+1+1
3=1+2
3 = 3;
14.3. BURNSIDES COUNTING THEOREM
203
therefore, there are three conjugacy classes. The problem of finding the number of such partitions for any positive integer n is what
computer scientists call NP-complete. This effectively means
that the problem cannot be solved for a large n because the computations would be too time-consuming for even the largest computer.
Theorem 14.15. Let G be a group of order pn where p is prime.
Then G has a nontrivial center.
Proof. We apply the class equation

|G| = |Z(G)| + n1 + + nk .
Since each ni > 1 and ni | |G|, it follows that p must divide each
ni . Also, p | |G|; hence, p must divide |Z(G)|. Since the identity is
always in the center of G, |Z(G)| 1. Therefore, |Z(G)| p, and
there exists some g Z(G) such that g = 1.
Corollary 14.16. Let G be a group of order p2 where p is prime.
Then G is abelian.
Proof. By Theorem 14.15, |Z(G)| = p or p2 . If |Z(G)| = p2 , then

we are done. Suppose that |Z(G)| = p. Then Z(G) and G/Z(G)
both have order p and must both be cyclic groups. Choosing a
generator aZ(G) for G/Z(G), we can write any element gZ(G) in
the quotient group as am Z(G) for some integer m; hence, g = am x
for some x in the center of G. Similarly, if hZ(G) G/Z(G), there
exists a y in Z(G) such that h = an y for some integer n. Since x
and y are in the center of G, they commute with all other elements
of G; therefore,
gh = am xan y = am+n xy = an yam x = hg,
and G must be abelian.
14.3
Burnsides Counting Theorem
Suppose that we wish to color the vertices of a square with two

different colors, say black and white. We might suspect that there
would be 24 = 16 different colorings. However, some of these colorings are equivalent. If we color the first vertex black and the
remaining vertices white, it is the same as coloring the second vertex black and the remaining ones white since we could obtain the
second coloring simply by rotating the square 90 (Figure 14.17).
204

B
Figure 14.17: Equivalent colorings of square

Burnsides Counting Theorem offers a method of computing the
number of distinguishable ways in which something can be done. In
addition to its geometric applications, the theorem has interesting
applications to areas in switching theory and chemistry. The proof
of Burnsides Counting Theorem depends on the following lemma.
Lemma 14.18. Let X be a G-set and suppose that x y. Then
Gx is isomorphic to Gy . In particular, |Gx | = |Gy |.
Proof. Let G act on X by (g, x) 7 g x. Since x y, there exists
a g G such that g x = y. Let a Gx . Since
gag 1 y = ga g 1 y = ga x = g x = y,
we can define a map : Gx Gy by (a) = gag 1 . The map is
a homomorphism since
(ab) = gabg 1 = gag 1 gbg 1 = (a)(b).
Suppose that (a) = (b). Then gag 1 = gbg 1 or a = b; hence,
the map is injective. To show that is onto, let b be in Gy ; then
g 1 bg is in Gx since
g 1 bg x = g 1 b gx = g 1 b y = g 1 y = x;
and (g 1 bg) = b.
Theorem 14.19 (Burnside). Let G be a finite group acting on a
set X and let k denote the number of orbits of X. Then
k=
1
|Xg |.
|G|
gG
Proof. We look at all the fixed points x of all the elements in

g G; that is, we look at all gs and all xs such that gx = x. If
205
viewed in terms of fixed point sets, the number of all gs fixing xs

is
|Xg |.
gG
However, if viewed in terms of the stabilizer subgroups, this number

is
|Gx |;
hence,
gG |Xg |
xX
xX
|Gx |. By Lemma 14.18,
|Gy | = |Ox | |Gx |.
yOx
By Theorem 14.11 and Lagranges Theorem, this expression is

equal to |G|. Summing over all of the k distinct orbits, we conclude
that
|Xg | =
|Gx | = k |G|.
gG
xX
Example 14.20. Let X = {1, 2, 3, 4, 5} and suppose that G is the

permutation group G = {(1), (13), (13)(25), (25)}. The orbits of X
are {1, 3}, {2, 5}, and {4}. The fixed point sets are
X(1) = X
X(13) = {2, 4, 5}
X(13)(25) = {4}
X(25) = {1, 3, 4}.
Burnsides Theorem says that
1
1
k=
|Xg | = (5 + 3 + 1 + 3) = 3.
|G|
4
gG
A Geometric Example
Before we apply Burnsides Theorem to switching-theory problems,
let us examine the number of ways in which the vertices of a square
can be colored black or white. Notice that we can sometimes obtain equivalent colorings by simply applying a rigid motion to the
square. For instance, as we have pointed out, if we color one of
the vertices black and the remaining three white, it does not matter which vertex was colored black since a rotation will give an
equivalent coloring.
The symmetry group of a square, D4 , is given by the following
permutations:
(1)
(13)
(24)
(1432)
(1234)
(12)(34)
(14)(23)
(13)(24)
206
The group G acts on the set of vertices {1, 2, 3, 4} in the usual

manner. We can describe the different colorings by mappings from
X into Y = {B, W } where B and W represent the colors black and
white, respectively. Each map f : X Y describes a way to color
the corners of the square. Every D4 induces a permutation
e
of the possible colorings given by
e(f ) = f for f : X Y . For
example, suppose that f is defined by
f (1) = B
f (2) = W
f (3) = W
f (4) = W
and = (12)(34). Then
e(f ) = f sends vertex 2 to B and the
remaining vertices to W . The set of all such
e is a permutation
e on the set of possible colorings. Let X
e denote the set of all
group G
e is the set of all possible maps from X
possible colorings; that is, X
e
to Y . Now we must compute the number of G-equivalence
classes.
e(1) = X
e since the identity fixes every possible coloring.
1. X
e = 24 = 16.
|X|
e(1234) consists of all f X
e such that f is unchanged by
2. X
the permutation (1234). In this case f (1) = f (2) = f (3) =
f (4), so that all values of f must be the same; that is, either
f (x) = B or f (x) = W for every vertex x of the square. So
e(1234) | = 2.
|X
e(1432) | = 2.
3. |X
e(13)(24) , f (1) = f (3) and f (2) = f (4). Thus, |X
e(13)(24) | =
4. For X
2
2 = 4.
e(12)(34) | = 4.
5. |X
e(14)(23) | = 4.
6. |X
e(13) , f (1) = f (3) and the other corners can be of any
7. For X
e(13) | = 23 = 8.
color; hence, |X
e(24) | = 8.
8. |X
By Burnsides Theorem, we can conclude that there are exactly
1 4
(2 + 21 + 22 + 21 + 22 + 22 + 23 + 23 ) = 6
8
ways to color the vertices of the square.
207
e
Proposition 14.21. Let G be a permutation group of X and X
the set of functions from X to Y . Then there exists a permutation
e acting on X,
e where
e is defined by
group G
eG
e(f ) = f for
e
G and f X. Furthermore, if n is the number of cycles in the
e | = |Y |n .
cycle decomposition of , then |X
e Clearly, f is also in X.
e Suppose
Proof. Let G and f X.
that g is another function from X to Y such that
e(f ) =
e(g).
Then for each x X,
f ((x)) =
e(f )(x) =
e(g)(x) = g((x)).
Since is a permutation of X, every element x in X is the image
of some x in X under ; hence, f and g agree on all elements of
X. Therefore, f = g and
e is injective. The map 7
e is onto,
since the two sets are the same size.
Suppose that is a permutation of X with cycle decomposition
e must have the same value on each
= 1 2 n . Any f in X
cycle of . Since there are n cycles and |Y | possible values for each
e | = |Y |n .
cycle, |X
Example 14.22. Let X = {1, 2, . . . , 7} and suppose that Y =
{A, B, C}. If g is the permutation of X given by (13)(245) =
eg must have the same
(13)(245)(6)(7), then n = 4. Any f X
value on each cycle in g. There are |Y | = 3 such choices for any
eg | = 34 = 81.
value, so |X
Example 14.23. Suppose that we wish to color the vertices of a
square using four different colors. By Proposition 14.21, we can
immediately decide that there are
1 4
(4 + 41 + 42 + 41 + 42 + 42 + 43 + 43 ) = 55
8
possible ways.
Switching Functions
In switching theory we are concerned with the design of electronic
circuits with binary inputs and outputs. The simplest of these
circuits is a switching function that has n inputs and a single output
(Figure 14.24). Large electronic circuits can often be constructed
by combining smaller modules of this kind. The inherent problem
here is that even for a simple circuit a large number of different
switching functions can be constructed. With only four inputs
and a single output, we can construct 65,536 different switching
functions. However, we can often replace one switching function
with another merely by permuting the input leads to the circuit
(Figure 14.25).
208

x1
x2
..
.
xn
f (x1 , x2 , . . . , xn )
Figure 14.24: A switching function of n variables
We define a switching or Boolean function of n variables to

be a function from Zn2 to Z2 . Since any switching function can have
two possible values for each binary n-tuple and there are 2n binary
n
n-tuples, 22 switching functions are possible for n variables. In
general, allowing permutations of the inputs greatly reduces the
number of different kinds of modules that are needed to build a
large circuit.
a
f
f (a, b)
f (b, a) = g(a, b)
b
Figure 14.25: A switching function of two variables
The possible switching functions with two input variables a and

b are listed in Table 14.26. Two switching functions f and g are
equivalent if g can be obtained from f by a permutation of the
input variables. For example, g(a, b, c) = f (b, c, a). In this case
g f via the permutation (acb). In the case of switching functions
of two variables, the permutation (ab) reduces 16 possible switching
functions to 12 equivalent functions since
f2 f4
f3 f5
f10 f12
f11 f13 .

Inputs
0 0
0 1
1 0
1 1
Inputs
0
0
1
1
0
1
0
1
f0
0
0
0
0
f1
0
0
0
1
f2
0
0
1
0
f8
1
0
0
0
f9
1
0
0
1
f10
1
0
1
0
Outputs
f3
f4
f5
0
0
0
0
1
1
1
0
0
1
0
1
Outputs
f11 f12 f13
1
1
1
0
1
1
1
0
0
1
0
1
209
f6
0
1
1
0
f7
0
1
1
1
f14
1
1
1
0
f15
1
1
1
1
Table 14.26: Switching functions in two variables
For three input variables there are 22 = 256 possible switching

4
functions; in the case of four variables there are 22 = 65,536. The
number of equivalence classes is too large to reasonably calculate
directly. It is necessary to employ Burnsides Theorem.
Consider a switching function with three possible inputs, a, b,
and c. As we have mentioned, two switching functions f and g
are equivalent if a permutation of the input variables of f gives
g. It is important to notice that a permutation of the switching
functions is not simply a permutation of the input values {a, b, c}.
A switching function is a set of output values for the inputs a,
b, and c, so when we consider equivalent switching functions, we
are permuting 23 possible outputs, not just three input values. For
example, each binary triple (a, b, c) has a specific output associated
with it. The permutation (acb) changes outputs as follows:
(0, 0, 0) 7 (0, 0, 0)
(0, 0, 1) 7 (0, 1, 0)
(0, 1, 0) 7 (1, 0, 0)
..
.
(1, 1, 0) 7 (1, 0, 1)
(1, 1, 1) 7 (1, 1, 1).
Let X be the set of output values for a switching function in

n variables. Then |X| = 2n . We can enumerate these values as
210
follows:
(0, . . . , 0, 1) 7 0
(0, . . . , 1, 0) 7 1
(0, . . . , 1, 1) 7 2
..
.
(1, . . . , 1, 1) 7 2n 1.
Now let us consider a circuit with four input variables and a single
output. Suppose that we can permute the leads of any circuit
according to the following permutation group:
(a)
(ac) (bd)
(adcb)
(abcd) (ab)(cd) (ad)(bc)
(ac)(bd).
The permutations of the four possible input variables induce the

permutations of the output values in Table 14.27.
Hence, there are
1 16
(2 + 2 212 + 2 26 + 3 210 ) = 9616
8
possible switching functions of four variables under this group of
permutations. This number will be even smaller if we consider the
full symmetric group on four letters.
Group
Permutation
(a)
(ac)
(bd)
(adcb)
(abcd)
(ab)(cd)
(ad)(bc)
(ac)(bd)
Switching Function Permutation

(0)
(2, 8)(3, 9)(6, 12)(7, 13)
(1, 4)(3, 6)(9, 12)(11, 14)
(1, 2, 4, 8)(3, 6.12, 9)(5, 10)(7, 14, 13, 11)
(1, 8, 4, 2)(3, 9, 12, 6)(5, 10)(7, 11, 13, 14)
(1, 2)(4, 8)(5, 10)(6, 9)(7, 11)(13, 14)
(1, 8)(2, 4)(3, 12)(5, 10)(7, 14)(11, 13)
(1, 4)(2, 8)(3, 12)(6, 9)(7, 13)(11, 14)
Number
of Cycles
16
12
12
6
6
10
10
10
Table 14.27: Permutations of switching functions in four variables

Sage Sage has many commands related to conjugacy, which is
a group action. It also has commands for orbits and stabilizers of
permutation groups. In the supplement, we illustrate the automorphism group of a (combinatorial) graph as another example of a
group action on the vertex set of the graph.
Historical Note
William Burnside was born in London in 1852. He attended
Cambridge University from 1871 to 1875 and won the Smiths Prize
14.4. EXERCISES
211
in his last year. After his graduation he lectured at Cambridge.

He was made a member of the Royal Society in 1893. Burnside
wrote approximately 150 papers on topics in applied mathematics,
differential geometry, and probability, but his most famous contributions were in group theory. Several of Burnsides conjectures
have stimulated research to this day. One such conjecture was that
every group of odd order is solvable; that is, for a group G of odd
order, there exists a sequence of subgroups
G = Hn Hn1 H1 H0 = {e}
such that Hi is normal in Hi+1 and Hi+1 /Hi is abelian. This
conjecture was finally proven by W. Feit and J. Thompson in 1963.
Burnsides The Theory of Groups of Finite Order, published in
1897, was one of the first books to treat groups in a modern context
as opposed to permutation groups. The second edition, published
in 1911, is still a classic.
14.4
Exercises
1. Examples 14.114.5 in the first section each describe an action

of a group G on a set X, which will give rise to the equivalence
relation defined by G-equivalence. For each example, compute the
equivalence classes of the equivalence relation, the G-equivalence
classes.
2. Compute all Xg and all Gx for each of the following permutation
groups.
(a) X = {1, 2, 3},
G = S3 = {(1), (12), (13), (23), (123), (132)}
(b) X = {1, 2, 3, 4, 5, 6}, G = {(1), (12), (345), (354), (12)(345), (12)(354)}
3. Compute the G-equivalence classes of X for each of the G-sets
in Exercise 14.4.2. For each x X verify that |G| = |Ox | |Gx |.
4. Let G be the additive group of real numbers. Let the action
of G on the real plane R2 be given by rotating the plane
counterclockwise about the origin through radians. Let P be a
point on the plane other than the origin.
(a) Show that R2 is a G-set.
(b) Describe geometrically the orbit containing P .
(c) Find the group GP .
5. Let G = A4 and suppose that G acts on itself by conjugation;
that is, (g, h) 7 ghg 1 .
212
(a) Determine the conjugacy classes (orbits) of each element of

G.
(b) Determine all of the isotropy subgroups for each element of
G.
6. Find the conjugacy classes and the class equation for each of
the following groups.
(a) S4
(b) D5
(c) Z9
(d) Q8
7. Write the class equation for S5 and for A5 .

8. If a square remains fixed in the plane, how many different ways
can the corners of the square be colored if three colors are used?
9. How many ways can the vertices of an equilateral triangle be
colored using three different colors?
10. Find the number of ways a six-sided die can be constructed if
each side is marked differently with 1, . . . , 6 dots.
11. Up to a rotation, how many ways can the faces of a cube be
colored with three different colors?
12. Consider 12 straight wires of equal lengths with their ends
soldered together to form the edges of a cube. Either silver or
copper wire can be used for each edge. How many different ways
can the cube be constructed?
13. Suppose that we color each of the eight corners of a cube.
Using three different colors, how many ways can the corners be
colored up to a rotation of the cube?
14. Each of the faces of a regular tetrahedron can be painted either
red or white. Up to a rotation, how many different ways can the
tetrahedron be painted?
15. Suppose that the vertices of a regular hexagon are to be colored
either red or white. How many ways can this be done up to a
symmetry of the hexagon?
16. A molecule of benzene is made up of six carbon atoms and
six hydrogen atoms, linked together in a hexagonal shape as in
Figure 14.28.
(a) How many different compounds can be formed by replacing
one or more of the hydrogen atoms with a chlorine atom?
14.4. EXERCISES
213
(b) Find the number of different chemical compounds that can

be formed by replacing three of the six hydrogen atoms in a
benzene ring with a CH3 radical.
H
H
H
H
Figure 14.28: A benzene ring
17. How many equivalence classes of switching functions are there

if the input variables x1 , x2 , and x3 can be permuted by any permutation in S3 ? What if the input variables x1 , x2 , x3 , and x4 can
be permuted by any permutation in S4 ?
18. How many equivalence classes of switching functions are there
if the input variables x1 , x2 , x3 , and x4 can be permuted by any
permutation in the subgroup of S4 generated by the permutation
(x1 x2 x3 x4 )?
19. A striped necktie has 12 bands of color. Each band can be
colored by one of four possible colors. How many possible differentcolored neckties are there?
20. A group acts faithfully on a G-set X if the identity is the only
element of G that leaves every element of X fixed. Show that G
acts faithfully on X if and only if no two distinct elements of G
have the same action on each element of X.
21. Let p be prime. Show that the number of different abelian
groups of order pn (up to isomorphism) is the same as the number
of conjugacy classes in Sn .
22. Let a G. Show that for any g G, gC(a)g 1 = C(gag 1 ).
23. Let |G| = pn and suppose that |Z(G)| = pn1 for p prime.
Prove that G is abelian.
24. Let G be a group with order pn where p is prime and X a
finite G-set. If XG = {x X : gx = x for all g G} is the
214
set of elements in X fixed by the group action, then prove that

|X| |XG | (mod p).
25. If G is a group of order pn , where p is prime and n 2, show
that G must have a proper subgroup of order p. If n 3, is it true
that G will have a proper subgroup of order p2 ?
14.5
Programming Exercise
1. Write a program to compute the number of conjugacy classes

in Sn . What is the largest n for which your program will work?
14.6
References and Suggested Reading
[1]
De Bruijin, N. G. Plyas Theory of Counting, in Applied

Combinatorial Mathematics, Beckenbach, E. F., ed. Wiley,
New York, 1964.
[2]
Eidswick, J. A. Cubelike PuzzlesWhat Are They and How

Do You Solve Them? American Mathematical Monthly 93(1986),
15776.
[3]
Harary, F., Palmer, E. M., and Robinson, R. W. Plyas

Contributions to Chemical Enumeration, in Chemical Applications of Graph Theory, Balaban, A. T., ed. Academic
Press, London, 1976.
[4]
Grding, L. and Tambour, T. Algebra for Computer Science.

Springer-Verlag, New York, 1988.
[5]
Laufer, H. B. Discrete Mathematics and Applied Modern Algebra. PWS-Kent, Boston, 1984.
[6]
Plya, G. and Read, R. C. Combinatorial Enumeration of

Groups, Graphs, and Chemical Compounds. Springer-Verlag,
New York, 1985.
[7]
Shapiro, L. W. Finite Groups Acting on Sets with Applications, Mathematics Magazine, MayJune 1973, 13647.
15
The Sylow Theorems
We already know that the converse of Lagranges Theorem is false.

If G is a group of order m and n divides m, then G does not necessarily possess a subgroup of order n. For example, A4 has order
12 but does not possess a subgroup of order 6. However, the Sylow
Theorems do provide a partial converse for Lagranges Theorem
in certain cases they guarantee us subgroups of specific orders.
These theorems yield a powerful set of tools for the classification
of all finite nonabelian groups.
15.1
The Sylow Theorems
We will use what we have learned about group actions to prove

the Sylow Theorems. Recall for a moment what it means for G
to act on itself by conjugation and how conjugacy classes are distributed in the group according to the class equation, discussed
in Chapter 14. A group G acts on itself by conjugation via the
map (g, x) 7 gxg 1 . Let x1 , . . . , xk be representatives from each
of the distinct conjugacy classes of G that consist of more than one
element. Then the class equation can be written as
|G| = |Z(G)| + [G : C(x1 )] + + [G : C(xk )],
where Z(G) = {g G : gx = xg for all x G} is the center of G
and C(xi ) = {g G : gxi = xi g} is the centralizer subgroup of xi .
We begin our investigation of the Sylow Theorems by examining
subgroups of order p, where p is prime. A group G is a p-group
if every element in G has as its order a power of p, where p is a
prime number. A subgroup of a group G is a p-subgroup if it is a
p-group.
Theorem 15.1 (Cauchy). Let G be a finite group and p a prime
such that p divides the order of G. Then G contains a subgroup of
order p.
Proof. We will use induction on the order of G. If |G| = p, then
clearly order k, where p k < n and p divides k, has an element
215
216
CHAPTER 15. THE SYLOW THEOREMS
of order p. Assume that |G| = n and p | n and consider the class

equation of G:
|G| = |Z(G)| + [G : C(x1 )] + + [G : C(xk )].
We have two cases.
Case 1. The order of one of the centralizer subgroups, C(xi ), is
divisible by p for some i, i = 1, . . . , k. In this case, by our induction
hypothesis, we are done. Since C(xi ) is a proper subgroup of G
and p divides |C(xi )|, C(xi ) must contain an element of order p.
Hence, G must contain an element of order p.
Case 2. The order of no centralizer subgroup is divisible by p.
Then p divides [G : C(xi )], the order of each conjugacy class in
the class equation; hence, p must divide the center of G, Z(G).
Since Z(G) is abelian, it must have a subgroup of order p by the
Fundamental Theorem of Finite Abelian Groups. Therefore, the
center of G contains an element of order p.
Corollary 15.2. Let G be a finite group. Then G is a p-group if
and only if |G| = pn .
Example 15.3. Let us consider the group A5 . We know that
|A5 | = 60 = 22 3 5. By Cauchys Theorem, we are guaranteed
that A5 has subgroups of orders 2, 3 and 5. The Sylow Theorems
will give us even more information about the possible subgroups of
A5 .
We are now ready to state and prove the first of the Sylow Theorems. The proof is very similar to the proof of Cauchys Theorem.
Theorem 15.4 (First Sylow Theorem). Let G be a finite group and
p a prime such that pr divides |G|. Then G contains a subgroup of
order pr .
Proof. We induct on the order of G once again. If |G| = p, then
we are done. Now suppose that the order of G is n with n > p and
that the theorem is true for all groups of order less than n, where
p divides n. We shall apply the class equation once again:
|G| = |Z(G)| + [G : C(x1 )] + + [G : C(xk )].
First suppose that p does not divide [G : C(xi )] for some i. Then
pr | |C(xi )|, since pr divides |G| = |C(xi )| [G : C(xi )]. Now we
can apply the induction hypothesis to C(xi ).
Hence, we may assume that p divides [G : C(xi )] for all i. Since
p divides |G|, the class equation says that p must divide |Z(G)|;
hence, by Cauchys Theorem, Z(G) has an element of order p, say
g. Let N be the group generated by g. Clearly, N is a normal
subgroup of Z(G) since Z(G) is abelian; therefore, N is normal
in G since every element in Z(G) commutes with every element
15.1. THE SYLOW THEOREMS
217
in G. Now consider the factor group G/N of order |G|/p. By

the induction hypothesis, G/N contains a subgroup H of order
pr1 . The inverse image of H under the canonical homomorphism
: G G/N is a subgroup of order pr in G.
A Sylow p-subgroup P of a group G is a maximal p-subgroup
of G. To prove the other two Sylow Theorems, we need to consider
conjugate subgroups as opposed to conjugate elements in a group.
For a group G, let S be the collection of all subgroups of G. For
any subgroup H, S is a H-set, where H acts on S by conjugation.
That is, we have an action
H S S
defined by
h K 7 hKh1
for K in S.
The set
N (H) = {g G : gHg 1 = H}
is a subgroup of G called the the normalizer of H in G. Notice
that H is a normal subgroup of N (H). In fact, N (H) is the largest
subgroup of G in which H is normal.
Lemma 15.5. Let P be a Sylow p-subgroup of a finite group G and
let x have as its order a power of p. If x1 P x = P , then x P .
Proof. Certainly x N (P ), and the cyclic subgroup, xP
N (P )/P , has as its order a power of p. By the Correspondence
Theorem there exists a subgroup H of N (P ) containing P such
that H/P = xP . Since |H| = |P | |xP |, the order of H must be
a power of p. However, P is a Sylow p-subgroup contained in H.
Since the order of P is the largest power of p dividing |G|, H = P .
Therefore, H/P is the trivial subgroup and xP = P , or x P .
Lemma 15.6. Let H and K be subgroups of G. The number of
distinct H-conjugates of K is [H : N (K) H].
Proof. We define a bijection between the conjugacy classes of K
and the right cosets of N (K) H by h1 Kh 7 (N (K) H)h. To
show that this map is a bijection, let h1 , h2 H and suppose that
(N (K) H)h1 = (N (K) H)h2 . Then h2 h1
1 N (K). Therefore,
1
1
1
1
K = h2 h1 Kh1 h2 or h1 Kh1 = h2 Kh2 , and the map is an
injection. It is easy to see that this map is surjective; hence, we
have a one-to-one and onto map between the H-conjugates of K
and the right cosets of N (K) H in H.
218
Theorem 15.7 (Second Sylow Theorem). Let G be a finite group

and p a prime dividing |G|. Then all Sylow p-subgroups of G are
conjugate. That is, if P1 and P2 are two Sylow p-subgroups, there
exists a g G such that gP1 g 1 = P2 .
Proof. Let P be a Sylow p-subgroup of G and suppose that |G| =
pr m with |P | = pr . Let
S = {P = P1 , P2 , . . . , Pk }
consist of the distinct conjugates of P in G. By Lemma 15.6,
k = [G : N (P )]. Notice that
|G| = pr m = |N (P )| [G : N (P )] = |N (P )| k.
Since pr divides |N (P )|, p cannot divide k.
Given any other Sylow p-subgroup Q, we must show that Q
S. Consider the Q-conjugacy classes of each Pi . Clearly, these conjugacy classes partition S. The size of the partition containing Pi
is [Q : N (Pi )Q] by Lemma 15.6, and Lagranges Theorem tells us
that |Q| = [Q : N (Pi ) Q]|N (Pi ) Q|. Thus, [Q : N (Pi ) Q] must
be a divisor of |Q| = pr . Hence, the number of conjugates in every
equivalence class of the partition is a power of p. However, since
p does not divide k, one of these equivalence classes must contain
only a single Sylow p-subgroup, say Pj . In this case, x1 Pj x = Pj
for all x Q. By Lemma 15.5, Pj = Q.
Theorem 15.8 (Third Sylow Theorem). Let G be a finite group
and let p be a prime dividing the order of G. Then the number of
Sylow p-subgroups is congruent to 1 (mod p) and divides |G|.
Proof. Let P be a Sylow p-subgroup acting on the set of Sylow
p-subgroups,
S = {P = P1 , P2 , . . . , Pk },
by conjugation. From the proof of the Second Sylow Theorem,
the only P -conjugate of P is itself and the order of the other P conjugacy classes is a power of p. Each P -conjugacy class contributes a positive power of p toward |S| except the equivalence
class {P }. Since |S| is the sum of positive powers of p and 1,
|S| 1 (mod p).
Now suppose that G acts on S by conjugation. Since all Sylow
p-subgroups are conjugate, there can be only one orbit under this
action. For P S,
|S| = |orbit of P | = [G : N (P )]
by Lemma 15.6. But [G : N (P )] is a divisor of |G|; consequently,
the number of Sylow p-subgroups of a finite group must divide the
order of the group.
15.2. EXAMPLES AND APPLICATIONS
219
Historical Note
Peter Ludvig Mejdell Sylow was born in 1832 in Christiania,
Norway (now Oslo). After attending Christiania University, Sylow
taught high school. In 1862 he obtained a temporary appointment at Christiania University. Even though his appointment was
relatively brief, he influenced students such as Sophus Lie (1842
1899). Sylow had a chance at a permanent chair in 1869, but failed
to obtain the appointment. In 1872, he published a 10-page paper
presenting the theorems that now bear his name. Later Lie and Sylow collaborated on a new edition of Abels works. In 1898, a chair
at Christiania University was finally created for Sylow through the
efforts of his student and colleague Lie. Sylow died in 1918.
15.2
Examples and Applications
Example 15.9. Using the Sylow Theorems, we can determine that

A5 has subgroups of orders 2, 3, 4, and 5. The Sylow p-subgroups
of A5 have orders 3, 4, and 5. The Third Sylow Theorem tells us
exactly how many Sylow p-subgroups A5 has. Since the number
of Sylow 5-subgroups must divide 60 and also be congruent to 1
(mod 5), there are either one or six Sylow 5-subgroups in A5 . All
Sylow 5-subgroups are conjugate. If there were only a single Sylow
5-subgroup, it would be conjugate to itself; that is, it would be a
normal subgroup of A5 . Since A5 has no normal subgroups, this is
impossible; hence, we have determined that there are exactly six
distinct Sylow 5-subgroups of A5 .
The Sylow Theorems allow us to prove many useful results
about finite groups. By using them, we can often conclude a great
deal about groups of a particular order if certain hypotheses are
satisfied.
Theorem 15.10. If p and q are distinct primes with p < q, then
every group G of order pq has a single subgroup of order q and this
subgroup is normal in G. Hence, G cannot be simple. Furthermore,
if q 1 (mod p), then G is cyclic.
Proof. We know that G contains a subgroup H of order q. The
number of conjugates of H divides pq and is equal to 1 + kq for
k = 0, 1, . . .. However, 1 + q is already too large to divide the order
of the group; hence, H can only be conjugate to itself. That is, H
must be normal in G.
The group G also has a Sylow p-subgroup, say K. The number
of conjugates of K must divide q and be equal to 1 + kp for k =
0, 1, . . .. Since q is prime, either 1 + kp = q or 1 + kp = 1. If
1 + kp = 1, then K is normal in G. In this case, we can easily show
that G satisfies the criteria, given in Chapter 9, for the internal
220
direct product of H and K. Since H is isomorphic to Zq and K is

isomorphic to Zp , G
= Zp Zq
= Zpq by Theorem 9.21.
Example 15.11. Every group of order 15 is cyclic. This is true
because 15 = 5 3 and 5
1 (mod 3).
Example 15.12. Let us classify all of the groups of order 99 =
32 11 up to isomorphism. First we will show that every group G of
order 99 is abelian. By the Third Sylow Theorem, there are 1 + 3k
Sylow 3-subgroups, each of order 9, for some k = 0, 1, 2, . . .. Also,
1 + 3k must divide 11; hence, there can only be a single normal
Sylow 3-subgroup H in G. Similarly, there are 1 + 11k Sylow
11-subgroups and 1 + 11k must divide 9. Consequently, there is
only one Sylow 11-subgroup K in G. By Corollary 14.16, any
group of order p2 is abelian for p prime; hence, H is isomorphic
either to Z3 Z3 or to Z9 . Since K has order 11, it must be
isomorphic to Z11 . Therefore, the only possible groups of order 99
are Z3 Z3 Z11 or Z9 Z11 up to isomorphism.
To determine all of the groups of order 5 7 47 = 1645, we need
the following theorem.
Theorem 15.13. Let G = aba1 b1 : a, b G be the subgroup
consisting of all finite products of elements of the form aba1 b1
in a group G. Then G is a normal subgroup of G and G/G is
abelian.
The subgroup G of G is called the commutator subgroup
of G. We leave the proof of this theorem as an exercise (Exercise 10.3.14 in Chapter 10).
Example 15.14. We will now show that every group of order
5 7 47 = 1645 is abelian, and cyclic by Corollary 9.21. By the
Third Sylow Theorem, G has only one subgroup H1 of order 47. So
G/H1 has order 35 and must be abelian by Theorem 15.10. Hence,
the commutator subgroup of G is contained in H which tells us
that |G | is either 1 or 47. If |G | = 1, we are done. Suppose that
|G | = 47. The Third Sylow Theorem tells us that G has only one
subgroup of order 5 and one subgroup of order 7. So there exist
normal subgroups H2 and H3 in G, where |H2 | = 5 and |H3 | = 7.
In either case the quotient group is abelian; hence, G must be a
subgroup of Hi , i = 1, 2. Therefore, the order of G is 1, 5, or
7. However, we already have determined that |G | = 1 or 47. So
the commutator subgroup of G is trivial, and consequently G is
abelian.
Finite Simple Groups

Given a finite group, one can ask whether or not that group has
any normal subgroups. Recall that a simple group is one with no
15.2. EXAMPLES AND APPLICATIONS
221
proper nontrivial normal subgroups. As in the case of A5 , proving

a group to be simple can be a very difficult task; however, the
Sylow Theorems are useful tools for proving that a group is not
simple. Usually, some sort of counting argument is involved.
Example 15.15. Let us show that no group G of order 20 can
be simple. By the Third Sylow Theorem, G contains one or more
Sylow 5-subgroups. The number of such subgroups is congruent to
1 (mod 5) and must also divide 20. The only possible such number
is 1. Since there is only a single Sylow 5-subgroup and all Sylow
5-subgroups are conjugate, this subgroup must be normal.
Example 15.16. Let G be a finite group of order pn , n > 1 and
p prime. By Theorem 14.15, G has a nontrivial center. Since the
center of any group G is a normal subgroup, G cannot be a simple
group. Therefore, groups of orders 4, 8, 9, 16, 25, 27, 32, 49, 64,
and 81 are not simple. In fact, the groups of order 4, 9, 25, and 49
are abelian by Corollary 14.16.
Example 15.17. No group of order 56 = 23 7 is simple. We have
seen that if we can show that there is only one Sylow p-subgroup
for some prime p dividing 56, then this must be a normal subgroup
and we are done. By the Third Sylow Theorem, there are either
one or eight Sylow 7-subgroups. If there is only a single Sylow
7-subgroup, then it must be normal.
On the other hand, suppose that there are eight Sylow 7-subgroups.
Then each of these subgroups must be cyclic; hence, the intersection of any two of these subgroups contains only the identity of the
group. This leaves 8 6 = 48 distinct elements in the group, each of
order 7. Now let us count Sylow 2-subgroups. There are either one
or seven Sylow 2-subgroups. Any element of a Sylow 2-subgroup
other than the identity must have as its order a power of 2; and
therefore cannot be one of the 48 elements of order 7 in the Sylow
7-subgroups. Since a Sylow 2-subgroup has order 8, there is only
enough room for a single Sylow 2-subgroup in a group of order 56.
If there is only one Sylow 2-subgroup, it must be normal.
For other groups G, it is more difficult to prove that G is not
simple. Suppose G has order 48. In this case the technique that we
employed in the last example will not work. We need the following
lemma to prove that no group of order 48 is simple.
Lemma 15.18. Let H and K be finite subgroups of a group G.
Then
|H| |K|
.
|HK| =
|H K|
Proof. Recall that
HK = {hk : h H, k K}.
222
Certainly, |HK| |H| |K| since some element in HK could be

written as the product of different elements in H and K. It is quite
possible that h1 k1 = h2 k2 for h1 , h2 H and k1 , k2 K. If this is
the case, let
a = (h1 )1 h2 = k1 (k2 )1 .
Notice that a H K, since (h1 )1 h2 is in H and k2 (k1 )1 is in
K; consequently,
h2 = h1 a1
k2 = ak1 .
Conversely, let h = h1 b1 and k = bk1 for b H K. Then
hk = h1 k1 , where h H and k K. Hence, any element hk HK
can be written in the form hi ki for hi H and ki K, as many
times as there are elements in H K; that is, |H K| times.
Therefore, |HK| = (|H| |K|)/|H K|.
Example 15.19. To demonstrate that a group G of order 48 is
not simple, we will show that G contains either a normal subgroup
of order 8 or a normal subgroup of order 16. By the Third Sylow
Theorem, G has either one or three Sylow 2-subgroups of order 16.
If there is only one subgroup, then it must be a normal subgroup.
Suppose that the other case is true, and two of the three Sylow
2-subgroups are H and K. We claim that |H K| = 8. If |H K|
4, then by Lemma 15.18,
|HK| =
16 16
= 64,
4
which is impossible. Notice that H K has index two in both of

H and K, so is normal in both, and thus H and K are each in the
normalizer of H K. Because H is a subgroup of N (H K) and
because N (H K) has strictly more than 16 elements, |N (H K)|
must be a multiple of 16 greater than 1, as well as dividing 48. The
only possibility is that |N (H K)| = 48. Hence, N (H K) = G.
The following famous conjecture of Burnside was proved in a
long and difficult paper by Feit and Thompson [2].
Theorem 15.20 (Odd Order Theorem). Every finite simple group
of nonprime order must be of even order.
The proof of this theorem laid the groundwork for a program
in the 1960s and 1970s that classified all finite simple groups. The
success of this program is one of the outstanding achievements of
modern mathematics.
Sage Sage will compute a single Sylow p-subgroup for each prime
divisor p of the order of the group. Then, with conjugacy, all of
the Sylow p-subgroups can be enumerated. It is also possible to
compute the normalizer of a subgroup.
15.3. EXERCISES
15.3
223
Exercises
1. What are the orders of all Sylow p-subgroups where G has order
18, 24, 54, 72, and 80?
2. Find all the Sylow 3-subgroups of S4 and show that they are all
conjugate.
3. Show that every group of order 45 has a normal subgroup of
order 9.
4. Let H be a Sylow p-subgroup of G. Prove that H is the only
Sylow p-subgroup of G contained in N (H).
5. Prove that no group of order 96 is simple.
6. Prove that no group of order 160 is simple.
7. If H is a normal subgroup of a finite group G and |H| = pk for
some prime p, show that H is contained in every Sylow p-subgroup
of G.
8. Let G be a group of order p2 q 2 , where p and q are distinct
primes such that q p2 1 and p q 2 1. Prove that G must be
abelian. Find a pair of primes for which this is true.
9. Show that a group of order 33 has only one Sylow 3-subgroup.
10. Let H be a subgroup of a group G. Prove or disprove that the
normalizer of H is normal in G.
11. Let G be a finite group divisible by a prime p. Prove that
if there is only one Sylow p-subgroup in G, it must be a normal
subgroup of G.
12. Let G be a group of order pr , p prime. Prove that G contains
a normal subgroup of order pr1 .
13. Suppose that G is a finite group of order pn k, where k < p.
Show that G must contain a normal subgroup.
14. Let H be a subgroup of a finite group G. Prove that gN (H)g 1 =
N (gHg 1 ) for any g G.
15. Prove that a group of order 108 must have a normal subgroup.
16. Classify all the groups of order 175 up to isomorphism.
17. Show that every group of order 255 is cyclic.
224
18. Let G have order pe11 penn and suppose that G has n Sylow
p-subgroups P1 , . . . , Pn where |Pi | = pei i . Prove that G is isomorphic to P1 Pn .
19. Let P be a normal Sylow p-subgroup of G. Prove that every
inner automorphism of G fixes P .
20. What is the smallest possible order of a group G such that G
is nonabelian and |G| is odd? Can you find such a group?
21. (The Frattini Lemma) If H is a normal subgroup of a finite
group G and P is a Sylow p-subgroup of H, for each g G show
that there is an h in H such that gP g 1 = hP h1 . Also, show
that if N is the normalizer of P , then G = HN .
22. Show that if the order of G is pn q, where p and q are primes
and p > q, then G contains a normal subgroup.
23. Prove that the number of distinct conjugates of a subgroup H
of a finite group G is [G : N (H)].
24. Prove that a Sylow 2-subgroup of S5 is isomorphic to D4 .
25. Another Proof of the Sylow Theorems.
(a) Suppose p is prime and p does not divide m. Show that
( k )
p m
p
.
pk
(b) Let S denote the set of all pk element subsets of G. Show that
p does not divide |S|.
(c) Define an action of G on S by left multiplication, aT = {at :
t T } for a G and T S. Prove that this is a group action.
(d) Prove p |OT | for some T S.
(e) Let {T1 , . . . , Tu } be an orbit such that p u and H = {g G :
gT1 = T1 }. Prove that H is a subgroup of G and show that
|G| = u|H|.
(f) Show that pk divides |H| and pk |H|.
(g) Show that |H| = |OT | pk ; conclude that therefore pk = |H|.
26. Let G be a group. Prove that G = aba1 b1 : a, b G is
a normal subgroup of G and G/G is abelian. Find an example to
show that {aba1 b1 : a, b G} is not necessarily a group.
15.4. A PROJECT
15.4
225
A Project
The main objective of finite group theory is to classify all possible

finite groups up to isomorphism. This problem is very difficult even
if we try to classify the groups of order less than or equal to 60.
However, we can break the problem down into several intermediate
problems. This is a challenging project that requires a working
knowledge of the group theory you have learned up to this point.
Even if you do not complete it, it will teach you a great deal about
finite groups. You can use Table 15.21 as a guide.
Order
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Number
?
?
?
?
?
?
?
?
?
?
?
5
?
?
1
Order
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Number
14
1
?
?
5
?
2
1
?
2
2
5
?
1
4
Order
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Number
1
51
1
?
1
14
1
?
2
14
1
?
1
4
?
Order
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Table 15.21: Numbers of distinct groups G, |G| 60
1. Find all simple groups G ( |G| 60). Do not use the Odd Order
Theorem unless you are prepared to prove it.
2. Find the number of distinct groups G, where the order of G is
n for n = 1, . . . , 60.
3. Find the actual groups (up to isomorphism) for each n.
15.5
[1]
Edwards, H. A Short History of the Fields Medal, Mathematical Intelligencer 1(1978), 12729.
[2]
Feit, W. and Thompson, J. G. Solvability of Groups of Odd

Order, Pacific Journal of Mathematics 13(1963), 7751029.
Number
2
1
52
?
5
?
?
?
15
2
?
2
?
1
13
226
[3]
Gallian, J. A. The Search for Finite Simple Groups, Mathematics Magazine 49(1976), 16379.
[4]
Gorenstein, D. Classifying the Finite Simple Groups, Bulletin of the American Mathematical Society 14(1986), 198.
[5]
Gorenstein, D. Finite Groups.

Providence RI, 1968.
[6]
Gorenstein, D., Lyons, R., and Solomon, R. The Classification of Finite Simple Groups. American Mathematical Society, Providence RI, 1994.
AMS Chelsea Publishing,
16
Rings
Up to this point we have studied sets with a single binary operation satisfying certain axioms, but we are often more interested in
working with sets that have two binary operations. For example,
one of the most natural algebraic structures to study is the integers
with the operations of addition and multiplication. These operations are related to one another by the distributive property. If we
consider a set with two such related binary operations satisfying
certain axioms, we have an algebraic structure called a ring. In a
ring we add and multiply elements such as real numbers, complex
numbers, matrices, and functions.
16.1
Rings
A nonempty set R is a ring if it has two closed binary operations,

addition and multiplication, satisfying the following conditions.
1. a + b = b + a for a, b R.
2. (a + b) + c = a + (b + c) for a, b, c R.
3. There is an element 0 in R such that a + 0 = a for all a R.
4. For every element a R, there exists an element a in R
such that a + (a) = 0.
5. (ab)c = a(bc) for a, b, c R.
6. For a, b, c R,
a(b + c) = ab + ac
(a + b)c = ac + bc.
This last condition, the distributive axiom, relates the binary
operations of addition and multiplication. Notice that the first
four axioms simply require that a ring be an abelian group under
addition, so we could also have defined a ring to be an abelian
group (R, +) together with a second binary operation satisfying
the fifth and sixth conditions given above.
227
228
CHAPTER 16. RINGS
If there is an element 1 R such that 1 = 0 and 1a = a1 = a

for each element a R, we say that R is a ring with unity or
identity. A ring R for which ab = ba for all a, b in R is called a
commutative ring. A commutative ring R with identity is called
an integral domain if, for every a, b R such that ab = 0, either
a = 0 or b = 0. A division ring is a ring R, with an identity,
in which every nonzero element in R is a unit; that is, for each
a R with a = 0, there exists a unique element a1 such that
a1 a = aa1 = 1. A commutative division ring is called a field.
The relationship among rings, integral domains, division rings, and
fields is shown in Figure 16.1.
Rings
Commutative
Rings
Rings with
Identity
Integral
Domains
Division
Rings
Fields
Figure 16.1: Types of rings

Example 16.2. As we have mentioned previously, the integers
form a ring. In fact, Z is an integral domain. Certainly if ab = 0
for two integers a and b, either a = 0 or b = 0. However, Z is not
a field. There is no integer that is the multiplicative inverse of 2,
since 1/2 is not an integer. The only integers with multiplicative
inverses are 1 and 1.
Example 16.3. Under the ordinary operations of addition and
multiplication, all of the familiar number systems are rings: the
rationals, Q; the real numbers, R; and the complex numbers, C.
Each of these rings is a field.
Example 16.4. We can define the product of two elements a and
b in Zn by ab (mod n). For instance, in Z12 , 5 7 11 (mod 12).
This product makes the abelian group Zn into a ring. Certainly
Zn is a commutative ring; however, it may fail to be an integral
domain. If we consider 3 4 0 (mod 12) in Z12 , it is easy to see
that a product of two nonzero elements in the ring can be equal to
zero.
A nonzero element a in a ring R is called a zero divisor if
there is a nonzero element b in R such that ab = 0. In the previous
example, 3 and 4 are zero divisors in Z12 .
16.1. RINGS
229
Example 16.5. In calculus the continuous real-valued functions

on an interval [a, b] form a commutative ring. We add or multiply
two functions by adding or multiplying the values of the functions.
If f (x) = x2 and g(x) = cos x, then (f + g)(x) = f (x) + g(x) =
x2 + cos x and (f g)(x) = f (x)g(x) = x2 cos x.
Example 16.6. The 2 2 matrices with entries in R form a ring
under the usual operations of matrix addition and multiplication.
This ring is noncommutative, since it is usually the case that AB =
BA. Also, notice that we can have AB = 0 when neither A nor B
is zero.
Example
ring, let
(
1
1=
0
16.7. For an example of a noncommutative division

)
0
,
1
(
i=
)
0 1
,
1 0
j=
(
)
0 i
,
i 0
(
k=
)
i 0
,
0 i
where i2 = 1. These elements satisfy the following relations:

i2 = j2 = k2 = 1
ij = k
jk = i
ki = j
ji = k
kj = i
ik = j.
Let H consist of elements of the form a+bi+cj+dk, where a, b, c, d
are real numbers. Equivalently, H can be considered to be the set
of all 2 2 matrices of the form
)
(

,

where = a + di and = b + ci are complex numbers. We can
define addition and multiplication on H either by the usual matrix
operations or in terms of the generators 1, i, j, and k:
(a1 + b1 i + c1 j + d1 k) + (a2 + b2 i + c2 j + d2 k)
= (a1 + a2 ) + (b1 + b2 )i + (c1 + c2 )j + (d1 + d2 )k
and
(a1 + b1 i + c1 j + d1 k)(a2 + b2 i + c2 j + d2 k) = + i + j + k,
where
= a1 a2 b1 b2 c1 c2 d1 d2
= a1 b2 + a2 b1 + c1 d2 d1 c2
= a1 c2 b1 d2 + c1 a2 d1 b2
= a1 d2 + b1 c2 c1 b2 d1 a2 .
230
CHAPTER 16. RINGS
Though multiplication looks complicated, it is actually a straightforward computation if we remember that we just add and multiply
elements in H like polynomials and keep in mind the relationships
between the generators i, j, and k. The ring H is called the ring of
quaternions.
To show that the quaternions are a division ring, we must be
able to find an inverse for each nonzero element. Notice that
(a + bi + cj + dk)(a bi cj dk) = a2 + b2 + c2 + d2 .
This element can be zero only if a, b, c, and d are all zero. So if
a + bi + cj + dk = 0,
(
)
a bi cj dk
(a + bi + cj + dk)
= 1.
a2 + b2 + c2 + d2
Proposition 16.8. Let R be a ring with a, b R. Then
1. a0 = 0a = 0;
2. a(b) = (a)b = ab;
3. (a)(b) = ab.
Proof. To prove (1), observe that
a0 = a(0 + 0) = a0 + a0;
hence, a0 = 0. Similarly, 0a = 0. For (2), we have ab + a(b) =
a(b b) = a0 = 0; consequently, ab = a(b). Similarly, ab =
(a)b. Part (3) follows directly from (2) since (a)(b) = (a(b)) =
(ab) = ab.
Just as we have subgroups of groups, we have an analogous class
of substructures for rings. A subring S of a ring R is a subset S
of R such that S is also a ring under the inherited operations from
R.
Example 16.9. The ring nZ is a subring of Z. Notice that even
though the original ring may have an identity, we do not require
that its subring have an identity. We have the following chain of
subrings:
Z Q R C.
The following proposition gives us some easy criteria for determining whether or not a subset of a ring is indeed a subring. (We
will leave the proof of this proposition as an exercise.)
Proposition 16.10. Let R be a ring and S a subset of R. Then S
is a subring of R if and only if the following conditions are satisfied.
1. S = .
16.2. INTEGRAL DOMAINS AND FIELDS
231
2. rs S for all r, s S.
3. r s S for all r, s S.
Example 16.11. Let R = M2 (R) be the ring of 2 2 matrices
with entries in R. If T is the set of upper triangular matrices in R;
i.e.,
{(
)
}
a b
T =
: a, b, c R ,
0 c
then T is a subring of R. If
(
)
a b
A=
0 c
and
( )
a b
B=
0 c
are in T , then clearly A B is also in T . Also,

(
)
aa ab + bc
AB =
0
cc
is in T .
16.2 Integral Domains and Fields

Let us briefly recall some definitions. If R is a ring and r is a
nonzero element in R, then r is said to be a zero divisor if there
is some nonzero element s R such that rs = 0. A commutative
ring with identity is said to be an integral domain if it has no
zero divisors. If an element a in a ring R with identity has a
multiplicative inverse, we say that a is a unit. If every nonzero
element in a ring R is a unit, then R is called a division ring. A
commutative division ring is called a field.
Example 16.12. If i2 = 1, then the set Z[i] = {m + ni : m, n
Z} forms a ring known as the Gaussian integers. It is easily seen
that the Gaussian integers are a subring of the complex numbers
since they are closed under addition and multiplication. Let =
a + bi be a unit in Z[i]. Then = a bi is also a unit since if
= 1, then = 1. If = c + di, then
1 = = (a2 + b2 )(c2 + d2 ).
Therefore, a2 + b2 must either be 1 or 1; or, equivalently, a + bi =
1 or a + bi = i. Therefore, units of this ring are 1 and i;
hence, the Gaussian integers are not a field. We will leave it as an
exercise to prove that the Gaussian integers are an integral domain.
Example 16.13. The set of matrices
{(
) (
) (
) (
)}
1 0
1 1
0 1
0 0
F =
,
,
,
0 1
1 0
1 1
0 0
with entries in Z2 forms a field.
232
CHAPTER 16. RINGS
Example 16.14. The set Q( 2) = {a +b 2 : a, b Q} is a field.

The inverse of an element a + b 2 in Q( 2 ) is
a2
a
b
2.
+ 2
2
2b
a 2b2
We have the following alternative characterization of integral

domains.
Proposition 16.15 (Cancellation Law). Let D be a commutative
ring with identity. Then D is an integral domain if and only if for
all nonzero elements a D with ab = ac, we have b = c.
Proof. Let D be an integral domain. Then D has no zero divisors.
Let ab = ac with a = 0. Then a(b c) = 0. Hence, b c = 0 and
b = c.
Conversely, let us suppose that cancellation is possible in D.
That is, suppose that ab = ac implies b = c. Let ab = 0. If a = 0,
then ab = a0 or b = 0. Therefore, a cannot be a zero divisor.
The following surprising theorem is due to Wedderburn.
Theorem 16.16. Every finite integral domain is a field.
Proof. Let D be a finite integral domain and D be the set of
nonzero elements of D. We must show that every element in D
has an inverse. For each a D we can define a map a : D D
by a (d) = ad. This map makes sense, because if a = 0 and d = 0,
then ad = 0. The map a is one-to-one, since for d1 , d2 D ,
ad1 = a (d1 ) = a (d2 ) = ad2
implies d1 = d2 by left cancellation. Since D is a finite set, the
map a must also be onto; hence, for some d D , a (d) = ad = 1.
Therefore, a has a left inverse. Since D is commutative, d must
also be a right inverse for a. Consequently, D is a field.
For any nonnegative integer n and any element r in a ring R
we write r + + r (n times) as nr. We define the characteristic
of a ring R to be the least positive integer n such that nr = 0 for
all r R. If no such integer exists, then the characteristic of R is
defined to be 0. We will denote the characteristic of R by char R.
Example 16.17. For every prime p, Zp is a field of characteristic
p. By Proposition 3.4, every nonzero element in Zp has an inverse;
hence, Zp is a field. If a is any nonzero element in the field, then
pa = 0, since the order of any nonzero element in the abelian group
Zp is p.
Lemma 16.18. Let R be a ring with identity. If 1 has order n,
then the characteristic of R is n.
16.3. RING HOMOMORPHISMS AND IDEALS
233
Proof. If 1 has order n, then n is the least positive integer such

that n1 = 0. Thus, for all r R,
nr = n(1r) = (n1)r = 0r = 0.
On the other hand, if no positive n exists such that n1 = 0, then
the characteristic of R is zero.
Theorem 16.19. The characteristic of an integral domain is either
prime or zero.
Proof. Let D be an integral domain and suppose that the characteristic of D is n with n = 0. If n is not prime, then n = ab,
where 1 < a < n and 1 < b < n. By Lemma 16.18, we need only
consider the case n1 = 0. Since 0 = n1 = (ab)1 = (a1)(b1) and
there are no zero divisors in D, either a1 = 0 or b1 = 0. Hence, the
characteristic of D must be less than n, which is a contradiction.
Therefore, n must be prime.
16.3
Ring Homomorphisms and Ideals
In the study of groups, a homomorphism is a map that preserves

the operation of the group. Similarly, a homomorphism between
rings preserves the operations of addition and multiplication in
the ring. More specifically, if R and S are rings, then a ring
homomorphism is a map : R S satisfying
(a + b) = (a) + (b)
(ab) = (a)(b)
for all a, b R. If : R S is a one-to-one and onto homomorphism, then is called an isomorphism of rings.
The set of elements that a ring homomorphism maps to 0 plays
a fundamental role in the theory of rings. For any ring homomorphism : R S, we define the kernel of a ring homomorphism
to be the set
ker = {r R : (r) = 0}.
Example 16.20. For any integer n we can define a ring homomorphism : Z Zn by a 7 a (mod n). This is indeed a ring
homomorphism, since
(a + b) = (a + b)
=a
(mod n)
(mod n) + b
= (a) + (b)
(mod n)
234
CHAPTER 16. RINGS
and
(ab) = ab
=a
(mod n)
(mod n) b (mod n)
= (a)(b).
The kernel of the homomorphism is nZ.
Example 16.21. Let C[a, b] be the ring of continuous real-valued
functions on an interval [a, b] as in Example 16.5. For a fixed
[a, b], we can define a ring homomorphism : C[a, b] R by
(f ) = f (). This is a ring homomorphism since
(f + g) = (f + g)() = f () + g() = (f ) + (g)
(f g) = (f g)() = f ()g() = (f ) (g).
Ring homomorphisms of the type are called evaluation homomorphisms.
In the next proposition we will examine some fundamental
properties of ring homomorphisms. The proof of the proposition is
left as an exercise.
Proposition 16.22. Let : R S be a ring homomorphism.
1. If R is a commutative ring, then (R) is a commutative ring.
2. (0) = 0.
3. Let 1R and 1S be the identities for R and S, respectively. If
is onto, then (1R ) = 1S .
4. If R is a field and (R) = {0}, then (R) is a field.
In group theory we found that normal subgroups play a special
role. These subgroups have nice characteristics that make them
more interesting to study than arbitrary subgroups. In ring theory
the objects corresponding to normal subgroups are a special class
of subrings called ideals. An ideal in a ring R is a subring I of R
such that if a is in I and r is in R, then both ar and ra are in I;
that is, rI I and Ir I for all r R.
Example 16.23. Every ring R has at least two ideals, {0} and R.
These ideals are called the trivial ideals.
Let R be a ring with identity and suppose that I is an ideal
in R such that 1 is in I. Since for any r R, r1 = r I by the
definition of an ideal, I = R.
Example 16.24. If a is any element in a commutative ring R with
identity, then the set
a = {ar : r R}
16.3. RING HOMOMORPHISMS AND IDEALS
235
is an ideal in R. Certainly, a is nonempty since both 0 = a0 and

a = a1 are in a. The sum of two elements in a is again in a
since ar + ar = a(r + r ). The inverse of ar is ar = a(r) a.
Finally, if we multiply an element ar a by an arbitrary element
s R, we have s(ar) = a(sr). Therefore, a satisfies the definition
of an ideal.
If R is a commutative ring with identity, then an ideal of the
form a = {ar : r R} is called a principal ideal.
Theorem 16.25. Every ideal in the ring of integers Z is a principal
ideal.
Proof. The zero ideal {0} is a principal ideal since 0 = {0}. If I
is any nonzero ideal in Z, then I must contain some positive integer
m. There exists a least positive integer n in I by the Principle of
Well-Ordering. Now let a be any element in I. Using the division
algorithm, we know that there exist integers q and r such that
a = nq + r
where 0 r < n. This equation tells us that r = a nq I, but
r must be 0 since n is the least positive element in I. Therefore,
a = nq and I = n.
Example 16.26. The set nZ is ideal in the ring of integers. If na
is in nZ and b is in Z, then nab is in nZ as required. In fact, by
Theorem 16.25, these are the only ideals of Z.
Proposition 16.27. The kernel of any ring homomorphism :
R S is an ideal in R.
Proof. We know from group theory that ker is an additive subgroup of R. Suppose that r R and a ker . Then we must
show that ar and ra are in ker . However,
(ar) = (a)(r) = 0(r) = 0
and
(ra) = (r)(a) = (r)0 = 0.
Remark 16.28. In our definition of an ideal we have required that

rI I and Ir I for all r R. Such ideals are sometimes referred
to as two-sided ideals. We can also consider one-sided ideals;
that is, we may require only that either rI I or Ir I for r R
hold but not both. Such ideals are called left ideals and right
ideals, respectively. Of course, in a commutative ring any ideal
must be two-sided. In this text we will concentrate on two-sided
ideals.
236
CHAPTER 16. RINGS
Theorem 16.29. Let I be an ideal of R. The factor group R/I is

a ring with multiplication defined by
(r + I)(s + I) = rs + I.
Proof. We already know that R/I is an abelian group under addition. Let r + I and s + I be in R/I. We must show that the
product (r +I)(s+I) = rs+I is independent of the choice of coset;
that is, if r r + I and s s + I, then r s must be in rs + I.
Since r r + I, there exists an element a in I such that r = r + a.
Similarly, there exists a b I such that s = s + b. Notice that
r s = (r + a)(s + b) = rs + as + rb + ab
and as + rb + ab I since I is an ideal; consequently, r s rs + I.
We will leave as an exercise the verification of the associative law
for multiplication and the distributive laws.
The ring R/I in Theorem 16.29 is called the factor or quotient
ring. Just as with group homomorphisms and normal subgroups,
there is a relationship between ring homomorphisms and ideals.
Theorem 16.30. Let I be an ideal of R. The map : R R/I
defined by (r) = r + I is a ring homomorphism of R onto R/I
with kernel I.
Proof. Certainly : R R/I is a surjective abelian group homomorphism. It remains to show that works correctly under
ring multiplication. Let r and s be in R. Then
(r)(s) = (r + I)(s + I) = rs + I = (rs),
which completes the proof of the theorem.
The map : R R/I is often called the natural or canonical
homomorphism. In ring theory we have isomorphism theorems
relating ideals and ring homomorphisms similar to the isomorphism
theorems for groups that relate normal subgroups and homomorphisms in Chapter 11. We will prove only the First Isomorphism
Theorem for rings in this chapter and leave the proofs of the other
two theorems as exercises. All of the proofs are similar to the proofs
of the isomorphism theorems for groups.
Theorem 16.31 (First Isomorphism Theorem). Let : R S be
a ring homomorphism. Then ker is an ideal of R. If : R
R/ ker is the canonical homomorphism, then there exists a unique
isomorphism : R/ ker (R) such that = .
16.4. MAXIMAL AND PRIME IDEALS
237
Proof. Let K = ker . By the First Isomorphism Theorem for

groups, there exists a well-defined group homomorphism : R/K
(R) defined by (r + K) = (r) for the additive abelian groups
R and R/K. To show that this is a ring homomorphism, we need
only show that ((r + K)(s + K)) = (r + K)(s + K); but
((r + K)(s + K)) = (rs + K)
= (rs)
= (r)(s)
= (r + K)(s + K).
Theorem 16.32 (Second Isomorphism Theorem). Let I be a subring of a ring R and J an ideal of R. Then I J is an ideal of I
and
I/I J
= (I + J)/J.
Theorem 16.33 (Third Isomorphism Theorem). Let R be a ring
and I and J be ideals of R where J I. Then
R/J
R/I
.
=
I/J
Theorem 16.34 (Correspondence Theorem). Let I be an ideal of
a ring R. Then S S/I is a one-to-one correspondence between
the set of subrings S containing I and the set of subrings of R/I.
Furthermore, the ideals of R containing I correspond to ideals of
R/I.
16.4
Maximal and Prime Ideals
In this particular section we are especially interested in certain

ideals of commutative rings. These ideals give us special types of
factor rings. More specifically, we would like to characterize those
ideals I of a commutative ring R such that R/I is an integral
domain or a field.
A proper ideal M of a ring R is a maximal ideal of R if the
ideal M is not a proper subset of any ideal of R except R itself.
That is, M is a maximal ideal if for any ideal I properly containing
M , I = R. The following theorem completely characterizes maximal ideals for commutative rings with identity in terms of their
corresponding factor rings.
Theorem 16.35. Let R be a commutative ring with identity and
M an ideal in R. Then M is a maximal ideal of R if and only if
R/M is a field.
238
CHAPTER 16. RINGS
Proof. Let M be a maximal ideal in R. If R is a commutative

ring, then R/M must also be a commutative ring. Clearly, 1 + M
acts as an identity for R/M . We must also show that every nonzero
element in R/M has an inverse. If a + M is a nonzero element in
R/M , then a
/ M . Define I to be the set {ra + m : r R and m
M }. We will show that I is an ideal in R. The set I is nonempty
since 0a + 0 = 0 is in I. If r1 a + m1 and r2 a + m2 are two elements
in I, then
(r1 a + m1 ) (r2 a + m2 ) = (r1 r2 )a + (m1 m2 )
is in I. Also, for any r R it is true that rI I; hence, I is closed
under multiplication and satisfies the necessary conditions to be
an ideal. Therefore, by Proposition 16.10 and the definition of an
ideal, I is an ideal properly containing M . Since M is a maximal
ideal, I = R; consequently, by the definition of I there must be an
m in M and an element b in R such that 1 = ab + m. Therefore,
1 + M = ab + M = ba + M = (a + M )(b + M ).
Conversely, suppose that M is an ideal and R/M is a field.
Since R/M is a field, it must contain at least two elements: 0+M =
M and 1 + M . Hence, M is a proper ideal of R. Let I be any ideal
properly containing M . We need to show that I = R. Choose a
in I but not in M . Since a + M is a nonzero element in a field,
there exists an element b + M in R/M such that (a + M )(b + M ) =
ab + M = 1 + M . Consequently, there exists an element m M
such that ab + m = 1 and 1 is in I. Therefore, r1 = r I for all
r R. Consequently, I = R.
Example 16.36. Let pZ be an ideal in Z, where p is prime. Then
pZ is a maximal ideal since Z/pZ
= Zp is a field.
A proper ideal P in a commutative ring R is called a prime
ideal if whenever ab P , then either a P or b P .1
Example 16.37. It is easy to check that the set P = {0, 2, 4, 6, 8, 10}
is an ideal in Z12 . This ideal is prime. In fact, it is a maximal ideal.
Proposition 16.38. Let R be a commutative ring with identity 1,
where 1 = 0. Then P is a prime ideal in R if and only if R/P is
an integral domain.
Proof. First let us assume that P is an ideal in R and R/P is
an integral domain. Suppose that ab P . If a + P and b + P are
two elements of R/P such that (a + P )(b + P ) = 0 + P = P , then
1
[3].
It is possible to define prime ideals in a noncommutative ring. See [1] or
16.4. MAXIMAL AND PRIME IDEALS
239
either a + P = P or b + P = P . This means that either a is in P

or b is in P , which shows that P must be prime.
Conversely, suppose that P is prime and
(a + P )(b + P ) = ab + P = 0 + P = P.
Then ab P . If a
/ P , then b must be in P by the definition
of a prime ideal; hence, b + P = 0 + P and R/P is an integral
domain.
Example 16.39. Every ideal in Z is of the form nZ. The factor
ring Z/nZ
= Zn is an integral domain only when n is prime. It is
actually a field. Hence, the nonzero prime ideals in Z are the ideals
pZ, where p is prime. This example really justifies the use of the
word prime in our definition of prime ideals.
Since every field is an integral domain, we have the following
corollary.
Corollary 16.40. Every maximal ideal in a commutative ring with
identity is also a prime ideal.
Historical Note
Amalie Emmy Noether, one of the outstanding mathematicians
of the twentieth century, was born in Erlangen, Germany in 1882.
She was the daughter of Max Noether (18441921), a distinguished
mathematician at the University of Erlangen. Together with Paul
Gordon (18371912), Emmy Noethers father strongly influenced
her early education. She entered the University of Erlangen at the
age of 18. Although women had been admitted to universities in
England, France, and Italy for decades, there was great resistance
to their presence at universities in Germany. Noether was one
of only two women among the universitys 986 students. After
completing her doctorate under Gordon in 1907, she continued to
do research at Erlangen, occasionally lecturing when her father was
ill.
Noether went to Gttingen to study in 1916. David Hilbert
and Felix Klein tried unsuccessfully to secure her an appointment
at Gttingen. Some of the faculty objected to women lecturers,
saying, What will our soldiers think when they return to the university and are expected to learn at the feet of a woman? Hilbert,
annoyed at the question, responded, Meine Herren, I do not see
that the sex of a candidate is an argument against her admission
as a Privatdozent. After all, the Senate is not a bathhouse. At
the end of World War I, attitudes changed and conditions greatly
improved for women. After Noether passed her habilitation examination in 1919, she was given a title and was paid a small sum for
her lectures.
240
CHAPTER 16. RINGS
In 1922, Noether became a Privatdozent at Gttingen. Over

the next 11 years she used axiomatic methods to develop an abstract theory of rings and ideals. Though she was not good at
lecturing, Noether was an inspiring teacher. One of her many students was B. L. van der Waerden, author of the first text treating
abstract algebra from a modern point of view. Some of the other
mathematicians Noether influenced or closely worked with were
Alexandroff, Artin, Brauer, Courant, Hasse, Hopf, Pontryagin, von
Neumann, and Weyl. One of the high points of her career was an
invitation to address the International Congress of Mathematicians
in Zurich in 1932. In spite of all the recognition she received from
her colleagues, Noethers abilities were never recognized as they
should have been during her lifetime. She was never promoted to
full professor by the Prussian academic bureaucracy.
In 1933, Noether, a Jew, was banned from participation in
all academic activities in Germany. She emigrated to the United
States, took a position at Bryn Mawr College, and became a member of the Institute for Advanced Study at Princeton. Noether died
suddenly on April 14, 1935. After her death she was eulogized by
such notable scientists as Albert Einstein.
16.5
An Application to Software Design
The Chinese Remainder Theorem is a result from elementary number theory about the solution of systems of simultaneous congruences. The Chinese mathematician Sun-ts wrote about the theorem in the first century A.D. This theorem has some interesting
consequences in the design of software for parallel processors.
Lemma 16.41. Let m and n be positive integers such that gcd(m, n) =
1. Then for a, b Z the system
x a (mod m)
x b (mod n)
has a solution. If x1 and x2 are two solutions of the system, then
x1 x2 (mod mn).
Proof. The equation x a (mod m) has a solution since a + km
satisfies the equation for all k Z. We must show that there exists
an integer k1 such that
a + k1 m b (mod n).
This is equivalent to showing that
k1 m (b a) (mod n)
16.5. AN APPLICATION TO SOFTWARE DESIGN
241
has a solution for k1 . Since m and n are relatively prime, there

exist integers s and t such that ms + nt = 1. Consequently,
(b a)ms = (b a) (b a)nt,
or
[(b a)s]m (b a) (mod n).
Now let k1 = (b a)s.
To show that any two solutions are congruent modulo mn, let
c1 and c2 be two solutions of the system. That is,
ci a
(mod m)
ci b (mod n)
for i = 1, 2. Then
c2 c1
(mod m)
c2 c1
(mod n).
Therefore, both m and n divide c1 c2 . Consequently, c2 c1

(mod mn).
Example 16.42. Let us solve the system
x3
(mod 4)
x4
(mod 5).
Using the Euclidean algorithm, we can find integers s and t such

that 4s + 5t = 1. Two such integers are s = 4 and t = 3.
Consequently,
x = a + k1 m = 3 + 4k1 = 3 + 4[(5 4)4] = 19.
Theorem 16.43 (Chinese Remainder Theorem). Let n1 , n2 , . . . , nk
be positive integers such that gcd(ni , nj ) = 1 for i = j. Then for
any integers a1 , . . . , ak , the system
x a1
(mod n1 )
x a2
..
.
(mod n2 )
x ak
(mod nk )
has a solution. Furthermore, any two solutions of the system are

congruent modulo n1 n2 nk .
Proof. We will use mathematical induction on the number of
equations in the system. If there are k = 2 equations, then the
theorem is true by Lemma 16.41. Now suppose that the result is
242
CHAPTER 16. RINGS
true for a system of k equations or less and that we wish to find a

solution of
x a1
(mod n1 )
x a2
..
.
(mod n2 )
x ak+1
(mod nk+1 ).
Considering the first k equations, there exists a solution that is

unique modulo n1 nk , say a. Since n1 nk and nk+1 are relatively prime, the system
xa
(mod n1 nk )
x ak+1
(mod nk+1 )
has a solution that is unique modulo n1 . . . nk+1 by the lemma.

Example 16.44. Let us solve the system
x3
(mod 4)
x4
(mod 5)
x1
(mod 9)
x5
(mod 7).
From Example 16.42 we know that 19 is a solution of the first two

congruences and any other solution of the system is congruent to
19 (mod 20). Hence, we can reduce the system to a system of three
congruences:
x 19
(mod 20)
x1
(mod 9)
x5
(mod 7).
Solving the next two equations, we can reduce the system to

x 19 (mod 180)
x 5 (mod 7).
Solving this last system, we find that 19 is a solution for the system
that is unique up to modulo 1260.
One interesting application of the Chinese Remainder Theorem
in the design of computer software is that the theorem allows us
to break up a calculation involving large integers into several less
formidable calculations. A computer will handle integer calculations only up to a certain size due to the size of its processor chip,
which is usually a 32 or 64-bit processor chip. For example, the
16.5. AN APPLICATION TO SOFTWARE DESIGN
243
largest integer available on a computer with a 64-bit processor chip

is
263 1 = 9,223,372,036,854,775,807.
Larger processors such as 128 or 256-bit have been proposed or are
under development. There is even talk of a 512-bit processor chip.
The largest integer that such a chip could store with be 2511 1,
which would be a 154 digit number. However, we would need to
deal with much larger numbers to break sophisticated encryption
schemes.
Special software is required for calculations involving larger integers which cannot be added directly by the machine. By using
the Chinese Remainder Theorem we can break down large integer
additions and multiplications into calculations that the computer
can handle directly. This is especially useful on parallel processing
computers which have the ability to run several programs concurrently.
Most computers have a single central processing unit (CPU)
containing one processor chip and can only add two numbers at
a time. To add a list of ten numbers, the CPU must do nine
additions in sequence. However, a parallel processing computer
has more than one CPU. A computer with 10 CPUs, for example,
can perform 10 different additions at the same time. If we can
take a large integer and break it down into parts, sending each
part to a different CPU, then by performing several additions or
multiplications simultaneously on those parts, we can work with an
integer that the computer would not be able to handle as a whole.
Example 16.45. Suppose that we wish to multiply 2134 by 1531.
We will use the integers 95, 97, 98, and 99 because they are relatively prime. We can break down each integer into four parts:
2134 44
(mod 95)
2134 0 (mod 97)

2134 76
(mod 98)
2134 55
(mod 99)
and
1531 11 (mod 95)
1531 76 (mod 97)
1531 61 (mod 98)
1531 46 (mod 99).
Multiplying the corresponding equations, we obtain
2134 1531 44 11 9 (mod 95)
2134 1531 0 76 0
(mod 97)
2134 1531 76 61 30 (mod 98)

2134 1531 55 46 55 (mod 99).
244
CHAPTER 16. RINGS
Each of these four computations can be sent to a different processor

if our computer has several CPUs. By the above calculation, we
know that 2134 1531 is a solution of the system
x 9 (mod 95)
x 0 (mod 97)
x 30 (mod 98)
x 55 (mod 99).
The Chinese Remainder Theorem tells us that solutions are unique
up to modulo 95 97 98 99 = 89,403,930. Solving this system of
congruences for x tells us that 2134 1531 = 3,267,154.
The conversion of the computation into the four subcomputations will take some computing time. In addition, solving the
system of congruences can also take considerable time. However, if
we have many computations to be performed on a particular set of
numbers, it makes sense to transform the problem as we have done
above and to perform the necessary calculations simultaneously.
Sage Rings are at the heart of Sages design, so you will find
a wide range of possibilities for computing with rings and fields.
Ideals, quotients, and homomorphisms are all available.
16.6
Exercises
1. Which of the following sets are rings with respect to the usual
operations of addition and multiplication? If the set is a ring, is it
also a field?
(a) 7Z
(b) Z18
(c) Q( 2 ) = {a + b 2 : a, b Q}

(d) Q( 2, 3 ) = {a + b 2 + c 3 + d 6 : a, b, c, d Q}
(e) Z[ 3 ] = {a + b 3 : a, b Z}
(f) R = {a + b 3 3 : a, b Q}
(g) Z[i] = {a + bi : a, b Z and i2 = 1}
(h) Q( 3 3 ) = {a + b 3 3 + c 3 9 : a, b, c Q}
2. Let R be the ring of 2 2 matrices of the form
(
)
a b
,
0 0
where a, b R. Show that although R is a ring that has no identity,
we can find a subring S of R with an identity.
16.6. EXERCISES
245
3. List or characterize all of the units in each of the following rings.

(a)
(b)
(c)
(d)
(e)
Z10
Z12
Z7
M2 (Z), the 2 2 matrices with entries in Z
M2 (Z2 ), the 2 2 matrices with entries in Z2
4. Find all of the ideals in each of the following rings. Which of

these ideals are maximal and which are prime?
(a)
(b)
(c)
(d)
(e)
Z18
Z25
M2 (R), the 2 2 matrices with entries in R
M2 (Z), the 2 2 matrices with entries in Z
Q
5. For each of the following rings R with ideal I, give an addition

table and a multiplication table for R/I.
(a) R = Z and I = 6Z
(b) R = Z12 and I = {0, 3, 6, 9}
6. Find all homomorphisms : Z/6Z Z/15Z.
7. Prove that R is not isomorphic to C.
8. Prove or disprove: Thering Q( 2 )= {a + b 2 : a, b Q} is

isomorphic to the ring Q( 3 ) = {a + b 3 : a, b Q}.
9. What is the characteristic of the field formed by the set of matrices
)}
) (
) (
) (
{(
0 0
0 1
1 1
1 0
,
,
,
F =
0 0
1 1
0 1
1 0
with entries in Z2 ?
10. Define a map : C M2 (R) by
(
)
a b
(a + bi) =
.
b a
Show that is an isomorphism of C with its image in M2 (R).
11. Prove that the Gaussian integers, Z[i], are an integral domain.
12. Prove that Z[ 3 i] = {a + b 3 i : a, b Z} is an integral

domain.
13. Solve each of the following systems of congruences.
246
CHAPTER 16. RINGS
(a)
(c)
x2
(mod 4)
x 2 (mod 5)
x4
(mod 7)
x 6 (mod 11)
x7
(mod 9)
x5
(mod 11)
x3
(mod 5)
x 3 (mod 7)
x0
(mod 8)
x 0 (mod 8)
x1
(mod 11)
x 5 (mod 15)
x5
(mod 13)
(d)
(b)
14. Use the method of parallel computation outlined in the text to

calculate 2234 + 4121 by dividing the calculation into four separate
additions modulo 95, 97, 98, and 99.
15. Explain why the method of parallel computation outlined in
the text fails for 2134 1531 if we attempt to break the calculation
down into two smaller calculations modulo 98 and 99.
16. If R is a field, show that the only two ideals of R are {0} and
R itself.
17. Let a be any element in a ring R with identity. Show that
(1)a = a.
18. Let : R S be a ring homomorphism. Prove each of the
following statements.
(a) If R is a commutative ring, then (R) is a commutative ring.
(b) (0) = 0.
(c) Let 1R and 1S be the identities for R and S, respectively. If
is onto, then (1R ) = 1S .
(d) If R is a field and (R) = 0, then (R) is a field.
19. Prove that the associative law for multiplication and the distributive laws hold in R/I.
20. Prove the Second Isomorphism Theorem for rings: Let I be a
subring of a ring R and J an ideal in R. Then I J is an ideal in
I and
I/I J
= I + J/J.
16.6. EXERCISES
247
21. Prove the Third Isomorphism Theorem for rings: Let R be a

ring and I and J be ideals of R, where J I. Then
R/J
R/I
.
=
I/J
22. Prove the Correspondence Theorem: Let I be an ideal of a
ring R. Then S S/I is a one-to-one correspondence between
the set of subrings S containing I and the set of subrings of R/I.
Furthermore, the ideals of R correspond to ideals of R/I.
23. Let R be a ring and S a subset of R. Show that S is a subring
of R if and only if each of the following conditions is satisfied.
(a) S = .
(b) rs S for all r, s S.
(c) r s S for all r, s S.
24. Let R be a ring with a collection of subrings {R }. Prove that
R is a subring of R. Give an example to show that the union

of two subrings cannot be a subring.
25. Let {I }A be a collection of ideals in a ring R. Prove that
A I is also an ideal in R. Give an example to show that if I1

and I2 are ideals in R, then I1 I2 may not be an ideal.
26. Let R be an integral domain. Show that if the only ideals in
R are {0} and R itself, R must be a field.
27. Let R be a commutative ring. An element a in R is nilpotent
if an = 0 for some positive integer n. Show that the set of all
nilpotent elements forms an ideal in R.
28. A ring R is a Boolean ring if for every a R, a2 = a. Show
that every Boolean ring is a commutative ring.
29. Let R be a ring, where a3 = a for all a R. Prove that R
must be a commutative ring.
30. Let R be a ring with identity 1R and S a subring of R with
identity 1S . Prove or disprove that 1R = 1S .
31. If we do not require the identity of a ring to be distinct from
0, we will not have a very interesting mathematical structure. Let
R be a ring such that 1 = 0. Prove that R = {0}.
32. Let S be a nonempty subset of a ring R. Prove that there is
a subring R of R that contains S.
248
CHAPTER 16. RINGS
33. Let R be a ring. Define the center of R to be

Z(R) = {a R : ar = ra for all r R}.
Prove that Z(R) is a commutative subring of R.
34. Let p be prime. Prove that
Z(p) = {a/b : a, b Z and gcd(b, p) = 1}
is a ring. The ring Z(p) is called the ring of integers localized
at p.
35. Prove or disprove: Every finite integral domain is isomorphic
to Zp .
36. Let R be a ring with identity.
(a) Let u be a unit in R. Define a map iu : R R by r 7
uru1 . Prove that iu is an automorphism of R. Such an
automorphism of R is called an inner automorphism of R.
Denote the set of all inner automorphisms of R by Inn(R).
(b) Denote the set of all automorphisms of R by Aut(R). Prove
that Inn(R) is a normal subgroup of Aut(R).
(c) Let U (R) be the group of units in R. Prove that the map
: U (R) Inn(R)
defined by u 7 iu is a homomorphism. Determine the kernel
of .
(d) Compute Aut(Z), Inn(Z), and U (Z).
37. Let R and S be arbitrary rings. Show that their Cartesian
product is a ring if we define addition and multiplication in R S
by
(a) (r, s) + (r , s ) = (r + r , s + s )
(b) (r, s)(r , s ) = (rr , ss )
38. An element x in a ring is called an idempotent if x2 = x. Prove
that the only idempotents in an integral domain are 0 and 1. Find
a ring with a idempotent x not equal to 0 or 1.
39. Let gcd(a, n) = d and gcd(b, d) = 1. Prove that ax b
(mod n) does not have a solution.
40. (The Chinese Remainder Theorem for Rings) Let R be a ring
and I and J be ideals in R such that I + J = R.
16.7. PROGRAMMING EXERCISE
249
(a) Show that for any r and s in R, the system of equations

xr
(mod I)
x s (mod J)
has a solution.
(b) In addition, prove that any two solutions of the system are
congruent modulo I J.
(c) Let I and J be ideals in a ring R such that I + J = R. Show
that there exists a ring isomorphism
R/(I J)
= R/I R/J.
16.7
Programming Exercise
1. Write a computer program implementing fast addition and multiplication using the Chinese Remainder Theorem and the method
outlined in the text.
16.8
[1]
Anderson, F. W. and Fuller, K. R. Rings and Categories of

Modules. 2nd ed. Springer, New York, 1992.
[2]
Atiyah, M. F. and MacDonald, I. G. Introduction to Commutative Algebra. Westview Press, Boulder, CO, 1994.
[3]
Herstein, I. N. Noncommutative Rings. Mathematical Association of America, Washington, DC, 1994.
[4]
Kaplansky, I. Commutative Rings. Revised edition. University of Chicago Press, Chicago, 1974.
[5]
Knuth, D. E. The Art of Computer Programming: SemiNumerical Algorithms, vol. 2. 3rd ed. Addison-Wesley Professional, Boston, 1997.
[6]
Lidl, R. and Pilz, G. Applied Abstract Algebra. 2nd ed.

Springer, New York, 1998. A good source for applications.
[7]

York, 1985.
250
CHAPTER 16. RINGS
[8]
McCoy, N. H. Rings and Ideals. Carus Monograph Series,

No. 8. Mathematical Association of America, Washington,
DC, 1968.
[9]
McCoy, N. H. The Theory of Rings. Chelsea, New York,

1972.
[10] Zariski, O. and Samuel, P. Commutative Algebra, vols. I and

II. Springer, New York, 1975, 1960.
17
Polynomials
Most people are fairly familiar with polynomials by the time they
begin to study abstract algebra. When we examine polynomial
expressions such as
p(x) = x3 3x + 2
q(x) = 3x2 6x + 5,
we have a pretty good idea of what p(x) + q(x) and p(x)q(x) mean.
We just add and multiply polynomials as functions; that is,
(p + q)(x) = p(x) + q(x)
= (x3 3x + 2) + (3x2 6x + 5)
= x3 + 3x2 9x + 7
and
(pq)(x) = p(x)q(x)
= (x3 3x + 2)(3x2 6x + 5)
= 3x5 6x4 4x3 + 24x2 27x + 10.
It is probably no surprise that polynomials form a ring. In this
chapter we shall emphasize the algebraic structure of polynomials by studying polynomial rings. We can prove many results for
polynomial rings that are similar to the theorems we proved for the
integers. Analogs of prime numbers, the division algorithm, and
the Euclidean algorithm exist for polynomials.
17.1
Polynomial Rings
Throughout this chapter we shall assume that R is a commutative

ring with identity. Any expression of the form
f (x) =
ai xi = a0 + a1 x + a2 x2 + + an xn ,
i=0
251
252
CHAPTER 17. POLYNOMIALS
where ai R and an = 0, is called a polynomial over R with

indeterminate x. The elements a0 , a1 , . . . , an are called the coefficients of f . The coefficient an is called the leading coefficient.
A polynomial is called monic if the leading coefficient is 1. If n
is the largest nonnegative number for which an = 0, we say that
the degree of f is n and write deg f (x) = n. If no such n exists
that is, if f = 0 is the zero polynomialthen the degree of f is
defined to be . We will denote the set of all polynomials with
coefficients in a ring R by R[x]. Two polynomials are equal exactly
when their corresponding coefficients are equal; that is, if we let
p(x) = a0 + a1 x + + an xn
q(x) = b0 + b1 x + + bm xm ,
then p(x) = q(x) if and only if ai = bi for all i 0.
To show that the set of all polynomials forms a ring, we must
first define addition and multiplication. We define the sum of two
polynomials as follows. Let
p(x) = a0 + a1 x + + an xn
q(x) = b0 + b1 x + + bm xm .
Then the sum of p(x) and q(x) is
p(x) + q(x) = c0 + c1 x + + ck xk ,
where ci = ai + bi for each i. We define the product of p(x) and
q(x) to be
p(x)q(x) = c0 + c1 x + + cm+n xm+n ,
where
ci =
ak bik = a0 bi + a1 bi1 + + ai1 b1 + ai b0
k=0
for each i. Notice that in each case some of the coefficients may be
zero.
p(x) = 3 + 0x + 0x2 + 2x3 + 0x4
and
q(x) = 2 + 0x x2 + 0x3 + 4x4
are polynomials in Z[x]. If the coefficient of some term in a polynomial is zero, then we usually just omit that term. In this case
we would write p(x) = 3 + 2x3 and q(x) = 2 x2 + 4x4 . The sum
of these two polynomials is
p(x) + q(x) = 5 x2 + 2x3 + 4x4 .
17.1. POLYNOMIAL RINGS
253
The product,
p(x)q(x) = (3+2x3 )(2x2 +4x4 ) = 63x2 +4x3 +12x4 2x5 +8x7 ,
can be calculated either by determining the ci s in the definition

or by simply multiplying polynomials in the same way as we have
always done.
Example 17.2. Let
p(x) = 3 + 3x3
q(x) = 4 + 4x2 + 4x4
and
be polynomials in Z12 [x]. The sum of p(x) and q(x) is 7+4x2 +3x3 +
4x4 . The product of the two polynomials is the zero polynomial.
This example tells us that we can not expect R[x] to be an integral
domain if R is not an integral domain.
Theorem 17.3. Let R be a commutative ring with identity. Then

R[x] is a commutative ring with identity.
Proof. Our first task is to show that R[x] is an abelian group

under polynomial addition. The zero polynomial,f (x) = 0, is
the additive identity. Given a polynomial p(x) = ni=0 ai xi , the
n
i
inverse
is easily verified to be p(x) =
i=0 (ai )x =
n of p(x)
i
i=0 ai x . Commutativity and associativity follow immediately
from the definition of polynomial addition and from the fact that
addition in R is both commutative and associative.
To show that polynomial multiplication is associative, let
p(x) =
q(x) =
r(x) =
i=0
n
i=0
p
i=0
ai xi ,
bi xi ,
ci xi .
254
Then
[(
[p(x)q(x)]r(x) =
m+n+p
m+n+p
(
i
aj bij x
)
ci x
i=0
p
)
i
ci x
i=0
( j
)
i
ak bjk cij xi
k=0
aj bk cl xi
)
( ij
i
aj
bk cijk xi
j=0
k=0

) n+p i
m
ai xi
bj cij xi
i=0
bi x
j+k+l=i
m+n+p
i=0
)] (
i=0
i
j=0
i=0
j=0
i=0
ai x
i=0
m+n
i=0
)(
i
i=0
) [(
ai xi
i=0
j=0
)(
bi xi
i=0
)]
ci xi
i=0
= p(x)[q(x)r(x)]
The commutativity and distribution properties of polynomial multiplication are proved in a similar manner. We shall leave the proofs
of these properties as an exercise.
Proposition 17.4. Let p(x) and q(x) be polynomials in R[x],
where R is an integral domain. Then deg p(x)+deg q(x) = deg(p(x)q(x)).
Furthermore, R[x] is an integral domain.
Proof. Suppose that we have two nonzero polynomials
p(x) = am xm + + a1 x + a0
and
q(x) = bn xn + + b1 x + b0
with am = 0 and bn = 0. The degrees of p(x) and q(x) are m
and n, respectively. The leading term of p(x)q(x) is am bn xm+n ,
which cannot be zero since R is an integral domain; hence, the
degree of p(x)q(x) is m + n, and p(x)q(x) = 0. Since p(x) = 0 and
q(x) = 0 imply that p(x)q(x) = 0, we know that R[x] must also be
an integral domain.
We also want to consider polynomials in two or more variables,
such as x2 3xy + 2y 3 . Let R be a ring and suppose that we are
255
given two indeterminates x and y. Certainly we can form the ring

(R[x])[y]. It is straightforward but perhaps tedious to show that
(R[x])[y]
= R([y])[x]. We shall identify these two rings by this
isomorphism and simply write R[x, y]. The ring R[x, y] is called
the ring of polynomials in two indeterminates x and y
with coefficients in R. We can define the ring of polynomials
in n indeterminates with coefficients in R similarly. We shall
denote this ring by R[x1 , x2 , . . . , xn ].
Theorem 17.5. Let R be a commutative ring with identity and
R. Then we have a ring homomorphism : R[x] R defined
by
(p(x)) = p() = an n + + a1 + a0 ,
where p(x) = an xn + + a1 x + a0 .
i
Proof. Let p(x) = ni=0 ai xi and q(x) = m
i=0 bi x . It is easy to
show that (p(x) + q(x)) = (p(x)) + (q(x)). To show that
multiplication is preserved under the map , observe that
(p(x)) (q(x)) = p()q()
( n
)( m
)
i
i
ai
bi
=
i=0
( i
m+n

i=0
i=0
ak bik
k=0
= (p(x)q(x)).
The map : R[x] R is called the evaluation homomorphism at .
17.2
The Division Algorithm
Recall that the division algorithm for integers (Theorem 2.9) says
that if a and b are integers with b > 0, then there exist unique
integers q and r such that a = bq + r, where 0 r < b. The
algorithm by which q and r are found is just long division. A
similar theorem exists for polynomials. The division algorithm for
polynomials has several important consequences. Since its proof is
very similar to the corresponding proof for integers, it is worthwhile
to review Theorem 2.9 at this point.
Theorem 17.6 (Division Algorithm). Let f (x) and g(x) be polynomials in F [x], where F is a field and g(x) is a nonzero polynomial.
Then there exist unique polynomials q(x), r(x) F [x] such that
f (x) = g(x)q(x) + r(x),
256
where either deg r(x) < deg g(x) or r(x) is the zero polynomial.
Proof. We will first consider the existence of q(x) and r(x). If
f (x) is the zero polynomial, then
0 = 0 g(x) + 0;
hence, both q and r must also be the zero polynomial. Now suppose
that f (x) is not the zero polynomial and that deg f (x) = n and
deg g(x) = m. If m > n, then we can let q(x) = 0 and r(x) = f (x).
Hence, we may assume that m n and proceed by induction on
n. If
f (x) = an xn + an1 xn1 + + a1 x + a0
g(x) = bm xm + bm1 xm1 + + b1 x + b0
the polynomial
f (x) = f (x)
an nm
x
g(x)
bm
has degree less than n or is the zero polynomial. By induction,

there exist polynomials q (x) and r(x) such that
f (x) = q (x)g(x) + r(x),
where r(x) = 0 or the degree of r(x) is less than the degree of g(x).
Now let
an nm
x
.
q(x) = q (x) +
bm
Then
f (x) = g(x)q(x) + r(x),
with r(x) the zero polynomial or deg r(x) < deg g(x).
To show that q(x) and r(x) are unique, suppose that there exist
two other polynomials q1 (x) and r1 (x) such that f (x) = g(x)q1 (x)+
r1 (x) with deg r1 (x) < deg g(x) or r1 (x) = 0, so that
f (x) = g(x)q(x) + r(x) = g(x)q1 (x) + r1 (x),
and
g(x)[q(x) q1 (x)] = r1 (x) r(x).
If g(x) is not the zero polynomial, then
deg(g(x)[q(x) q1 (x)]) = deg(r1 (x) r(x)) deg g(x).
However, the degrees of both r(x) and r1 (x) are strictly less than
the degree of g(x); therefore, r(x) = r1 (x) and q(x) = q1 (x).
257
Example 17.7. The division algorithm merely formalizes long division of polynomials, a task we have been familiar with since high
school. For example, suppose that we divide x3 x2 + 2x 3 by
x 2.
x2
x3
x3
x
x2
2x2
x2
x2
+
+
4
2x
2x
2x
4x
4x
3
8
5
Hence, x3 x2 + 2x 3 = (x 2)(x2 + x + 4) + 5.
Let p(x) be a polynomial in F [x] and F . We say that
is a zero or root of p(x) if p(x) is in the kernel of the evaluation
homomorphism . All we are really saying here is that is a zero
of p(x) if p() = 0.
Corollary 17.8. Let F be a field. An element F is a zero of
p(x) F [x] if and only if x is a factor of p(x) in F [x].
Proof. Suppose that F and p() = 0. By the division algorithm, there exist polynomials q(x) and r(x) such that
p(x) = (x )q(x) + r(x)
and the degree of r(x) must be less than the degree of x . Since
the degree of r(x) is less than 1, r(x) = a for a F ; therefore,
p(x) = (x )q(x) + a.
But
0 = p() = 0 q() + a = a;
consequently, p(x) = (x )q(x), and x is a factor of p(x).
Conversely, suppose that x is a factor of p(x); say p(x) =
(x )q(x). Then p() = 0 q() = 0.
Corollary 17.9. Let F be a field. A nonzero polynomial p(x) of
degree n in F [x] can have at most n distinct zeros in F .
Proof. We will use induction on the degree of p(x). If deg p(x) =
0, then p(x) is a constant polynomial and has no zeros. Let deg p(x) =
1. Then p(x) = ax + b for some a and b in F . If 1 and 2 are
zeros of p(x), then a1 + b = a2 + b or 1 = 2 .
258
Now assume that deg p(x) > 1. If p(x) does not have a zero in
F , then we are done. On the other hand, if is a zero of p(x), then
p(x) = (x )q(x) for some q(x) F [x] by Corollary 17.8. The
degree of q(x) is n1 by Proposition 17.4. Let be some other zero
of p(x) that is distinct from . Then p() = ( )q() = 0. Since
= and F is a field, q() = 0. By our induction hypothesis,
p(x) can have at most n 1 zeros in F that are distinct from .
Therefore, p(x) has at most n distinct zeros in F .
Let F be a field. A monic polynomial d(x) is a greatest common divisor of polynomials p(x), q(x) F [x] if d(x) evenly divides both p(x) and q(x); and, if for any other polynomial d (x) dividing both p(x) and q(x), d (x) | d(x). We write d(x) = gcd(p(x), q(x)).
Two polynomials p(x) and q(x) are relatively prime if gcd(p(x), q(x)) =
1.
Proposition 17.10. Let F be a field and suppose that d(x) is a
greatest common divisor of two polynomials p(x) and q(x) in F [x].
Then there exist polynomials r(x) and s(x) such that
d(x) = r(x)p(x) + s(x)q(x).
Furthermore, the greatest common divisor of two polynomials is
unique.
Proof. Let d(x) be the monic polynomial of smallest degree in
the set
S = {f (x)p(x) + g(x)q(x) : f (x), g(x) F [x]}.
We can write d(x) = r(x)p(x) + s(x)q(x) for two polynomials r(x)
and s(x) in F [x]. We need to show that d(x) divides both p(x)
and q(x). We shall first show that d(x) divides p(x). By the
division algorithm, there exist polynomials a(x) and b(x) such that
p(x) = a(x)d(x) + b(x), where b(x) is either the zero polynomial or
deg b(x) < deg d(x). Therefore,
b(x) = p(x) a(x)d(x)
= p(x) a(x)(r(x)p(x) + s(x)q(x))
= p(x) a(x)r(x)p(x) a(x)s(x)q(x)
= p(x)(1 a(x)r(x)) + q(x)(a(x)s(x))
is a linear combination of p(x) and q(x) and therefore must be
in S. However, b(x) must be the zero polynomial since d(x) was
chosen to be of smallest degree; consequently, d(x) divides p(x). A
symmetric argument shows that d(x) must also divide q(x); hence,
d(x) is a common divisor of p(x) and q(x).
To show that d(x) is a greatest common divisor of p(x) and
q(x), suppose that d (x) is another common divisor of p(x) and
17.3. IRREDUCIBLE POLYNOMIALS
259
q(x). We will show that d (x) | d(x). Since d (x) is a common

divisor of p(x) and q(x), there exist polynomials u(x) and v(x)
such that p(x) = u(x)d (x) and q(x) = v(x)d (x). Therefore,
d(x) = r(x)p(x) + s(x)q(x)
= r(x)u(x)d (x) + s(x)v(x)d (x)
= d (x)[r(x)u(x) + s(x)v(x)].
Since d (x) | d(x), d(x) is a greatest common divisor of p(x) and
q(x).
Finally, we must show that the greatest common divisor of
p(x) and q(x) is unique. Suppose that d (x) is another greatest common divisor of p(x) and q(x). We have just shown that
there exist polynomials u(x) and v(x) in F [x] such that d(x) =
d (x)[r(x)u(x) + s(x)v(x)]. Since
deg d(x) = deg d (x) + deg[r(x)u(x) + s(x)v(x)]
and d(x) and d (x) are both greatest common divisors, deg d(x) =
deg d (x). Since d(x) and d (x) are both monic polynomials of the
same degree, it must be the case that d(x) = d (x).
Notice the similarity between the proof of Proposition 17.10
and the proof of Theorem 2.10.
17.3
Irreducible Polynomials
A nonconstant polynomial f (x) F [x] is irreducible over a field

F if f (x) cannot be expressed as a product of two polynomials
g(x) and h(x) in F [x], where the degrees of g(x) and h(x) are both
smaller than the degree of f (x). Irreducible polynomials function
as the prime numbers of polynomial rings.
Example 17.11. The polynomial x2 2 Q[x] is irreducible
since it cannot be factored any further over the rational numbers.
Similarly, x2 + 1 is irreducible over the real numbers.
Example 17.12. The polynomial p(x) = x3 + x2 + 2 is irreducible
over Z3 [x]. Suppose that this polynomial was reducible over Z3 [x].
By the division algorithm there would have to be a factor of the
form x a, where a is some element in Z3 [x]. Hence, it would have
to be true that p(a) = 0. However,
p(0) = 2
p(1) = 1
p(2) = 2.
Therefore, p(x) has no zeros in Z3 and must be irreducible.
260
Lemma 17.13. Let p(x) Q[x]. Then

r
p(x) = (a0 + a1 x + + an xn ),
s
where r, s, a0 , . . . , an are integers, the ai s are relatively prime, and
r and s are relatively prime.
Proof. Suppose that
p(x) =
b0 b1
bn
+ x + + xn ,
c0 c1
cn
where the bi s and the ci s are integers. We can rewrite p(x) as

p(x) =
1
(d0 + d1 x + + dn xn ),
c0 cn
where d0 , . . . , dn are integers. Let d be the greatest common divisor

of d0 , . . . , dn . Then
p(x) =
d
(a0 + a1 x + + an xn ),
c0 cn
where di = dai and the ai s are relatively prime. Reducing d/(c0 cn )

to its lowest terms, we can write
r
p(x) = (a0 + a1 x + + an xn ),
s
where gcd(r, s) = 1.
Theorem 17.14 (Gausss Lemma). Let p(x) Z[x] be a monic
polynomial such that p(x) factors into a product of two polynomials
(x) and (x) in Q[x], where the degrees of both (x) and (x)
are less than the degree of p(x). Then p(x) = a(x)b(x), where a(x)
and b(x) are monic polynomials in Z[x] with deg (x) = deg a(x)
and deg (x) = deg b(x).
Proof. By Lemma 17.13, we can assume that
c1
c1
(a0 + a1 x + + am xm ) = 1 (x)
d1
d1
c2
c2
n
(x) = (b0 + b1 x + + bn x ) = 1 (x),
d2
d2
(x) =
where the ai s are relatively prime and the bi s are relatively prime.
Consequently,
p(x) = (x)(x) =
c1 c2
c
1 (x)1 (x) = 1 (x)1 (x),
d1 d2
d
where c/d is the product of c1 /d1 and c2 /d2 expressed in lowest

terms. Hence, dp(x) = c1 (x)1 (x).
261
If d = 1, then cam bn = 1 since p(x) is a monic polynomial.

Hence, either c = 1 or c = 1. If c = 1, then either am = bn = 1
or am = bn = 1. In the first case p(x) = 1 (x)1 (x), where
1 (x) and 1 (x) are monic polynomials with deg (x) = deg 1 (x)
and deg (x) = deg 1 (x). In the second case a(x) = 1 (x) and
b(x) = 1 (x) are the correct monic polynomials since p(x) =
(1 (x))(1 (x)) = a(x)b(x). The case in which c = 1 can be
handled similarly.
Now suppose that d = 1. Since gcd(c, d) = 1, there exists a
prime p such that p | d and p |c. Also, since the coefficients of
1 (x) are relatively prime, there exists a coefficient ai such that
p |ai . Similarly, there exists a coefficient bj of 1 (x) such that
p |bj . Let 1 (x) and 1 (x) be the polynomials in Zp [x] obtained by
reducing the coefficients of 1 (x) and 1 (x) modulo p. Since p | d,
1 (x)1 (x) = 0 in Zp [x]. However, this is impossible since neither
1 (x) nor 1 (x) is the zero polynomial and Zp [x] is an integral
domain. Therefore, d = 1 and the theorem is proven.
Corollary 17.15. Let p(x) = xn + an1 xn1 + + a0 be a polynomial with coefficients in Z and a0 = 0. If p(x) has a zero in Q,
then p(x) also has a zero in Z. Furthermore, divides a0 .
Proof. Let p(x) have a zero a Q. Then p(x) must have a linear
factor x a. By Gausss Lemma, p(x) has a factorization with a
linear factor in Z[x]. Hence, for some Z
p(x) = (x )(xn1 + a0 /).
Thus a0 / Z and so | a0 .
Example 17.16. Let p(x) = x4 2x3 + x + 1. We shall show that
p(x) is irreducible over Q[x]. Assume that p(x) is reducible. Then
either p(x) has a linear factor, say p(x) = (x )q(x), where q(x)
is a polynomial of degree three, or p(x) has two quadratic factors.
If p(x) has a linear factor in Q[x], then it has a zero in Z.
By Corollary 17.15, any zero must divide 1 and therefore must be
1; however, p(1) = 1 and p(1) = 3. Consequently, we have
eliminated the possibility that p(x) has any linear factors.
Therefore, if p(x) is reducible it must factor into two quadratic
polynomials, say
p(x) = (x2 + ax + b)(x2 + cx + d)
= x4 + (a + c)x3 + (ac + b + d)x2 + (ad + bc)x + bd,
where each factor is in Z[x] by Gausss Lemma. Hence,
a + c = 2
ac + b + d = 0
ad + bc = 1
bd = 1.
262
Since bd = 1, either b = d = 1 or b = d = 1. In either case b = d

and so
ad + bc = b(a + c) = 1.
Since a + c = 2, we know that 2b = 1. This is impossible since
b is an integer. Therefore, p(x) must be irreducible over Q.
Theorem 17.17 (Eisensteins Criterion). Let p be a prime and
suppose that
f (x) = an xn + + a0 Z[x].
If p | ai for i = 0, 1, . . . , n 1, but p |an and p2 |a0 , then f (x) is
irreducible over Q.
Proof. By Gausss Lemma, we need only show that f (x) does
not factor into polynomials of lower degree in Z[x]. Let
f (x) = (br xr + + b0 )(cs xs + + c0 )
be a factorization in Z[x], with br and cs not equal to zero and
r, s < n. Since p2 does not divide a0 = b0 c0 , either b0 or c0 is
not divisible by p. Suppose that p |b0 and p | c0 . Since p |an and
an = br cs , neither br nor cs is divisible by p. Let m be the smallest
value of k such that p |ck . Then
am = b0 cm + b1 cm1 + + bm c0
is not divisible by p, since each term on the right-hand side of the
equation is divisible by p except for b0 cm . Therefore, m = n since
ai is divisible by p for m < n. Hence, f (x) cannot be factored into
polynomials of lower degree and therefore must be irreducible.
Example 17.18. The polynomial
f (x) = 16x5 9x4 + 3x2 + 6x 21
is easily seen to be irreducible over Q by Eisensteins Criterion if
we let p = 3.
Eisensteins Criterion is more useful in constructing irreducible
polynomials of a certain degree over Q than in determining the
irreducibility of an arbitrary polynomial in Q[x]: given an arbitrary
polynomial, it is not very likely that we can apply Eisensteins
Criterion. The real value of Theorem 17.17 is that we now have an
easy method of generating irreducible polynomials of any degree.
Ideals in F [x]
Let F be a field. Recall that a principal ideal in F [x] is an ideal
p(x) generated by some polynomial p(x); that is,
p(x) = {p(x)q(x) : q(x) F [x]}.
263
Example 17.19. The polynomial x2 in F [x] generates the ideal

x2 consisting of all polynomials with no constant term or term of
degree 1.
Theorem 17.20. If F is a field, then every ideal in F [x] is a
principal ideal.
Proof. Let I be an ideal of F [x]. If I is the zero ideal, the theorem
is easily true. Suppose that I is a nontrivial ideal in F [x], and let
p(x) I be a nonzero element of minimal degree. If deg p(x) =
0, then p(x) is a nonzero constant and 1 must be in I. Since 1
generates all of F [x], 1 = I = F [x] and I is again a principal
ideal.
Now assume that deg p(x) 1 and let f (x) be any element
in I. By the division algorithm there exist q(x) and r(x) in F [x]
such that f (x) = p(x)q(x) + r(x) and deg r(x) < deg p(x). Since
f (x), p(x) I and I is an ideal, r(x) = f (x) p(x)q(x) is also
in I. However, since we chose p(x) to be of minimal degree, r(x)
must be the zero polynomial. Since we can write any element f (x)
in I as p(x)q(x) for some q(x) F [x], it must be the case that
I = p(x).
Example 17.21. It is not the case that every ideal in the ring
F [x, y] is a principal ideal. Consider the ideal of F [x, y] generated
by the polynomials x and y. This is the ideal of F [x, y] consisting
of all polynomials with no constant term. Since both x and y are
in the ideal, no single polynomial can generate the entire ideal.
Theorem 17.22. Let F be a field and suppose that p(x) F [x].
Then the ideal generated by p(x) is maximal if and only if p(x) is
irreducible.
Proof. Suppose that p(x) generates a maximal ideal of F [x].
Then p(x) is also a prime ideal of F [x]. Since a maximal ideal
must be properly contained inside F [x], p(x) cannot be a constant
polynomial. Let us assume that p(x) factors into two polynomials
of lesser degree, say p(x) = f (x)g(x). Since p(x) is a prime ideal
one of these factors, say f (x), is in p(x) and therefore be a multiple of p(x). But this would imply that p(x) f (x), which is
impossible since p(x) is maximal.
Conversely, suppose that p(x) is irreducible over F [x]. Let I
be an ideal in F [x] containing p(x). By Theorem 17.20, I is a
principal ideal; hence, I = f (x) for some f (x) F [x]. Since
p(x) I, it must be the case that p(x) = f (x)g(x) for some g(x)
F [x]. However, p(x) is irreducible; hence, either f (x) or g(x) is a
constant polynomial. If f (x) is constant, then I = F [x] and we are
done. If g(x) is constant, then f (x) is a constant multiple of I and
I = p(x). Thus, there are no proper ideals of F [x] that properly
contain p(x).
264
Sage Polynomial rings are very important for computational approaches to algebra, and so Sage makes it very easy to compute
with polynomials, over rings, or over fields. And it is trivial to
check if a polynomial is irreducible.
Historical Note
Throughout history, the solution of polynomial equations has
been a challenging problem. The Babylonians knew how to solve
the equation ax2 +bx+c = 0. Omar Khayyam (10481131) devised
methods of solving cubic equations through the use of geometric
constructions and conic sections. The algebraic solution of the
general cubic equation ax3 + bx2 + cx + d = 0 was not discovered
until the sixteenth century. An Italian mathematician, Luca Pacioli
(ca. 14451509), wrote in Summa de Arithmetica that the solution
of the cubic was impossible. This was taken as a challenge by the
rest of the mathematical community.
Scipione del Ferro (14651526), of the University of Bologna,
solved the depressed cubic,
ax3 + cx + d = 0.
He kept his solution an absolute secret. This may seem surprising today, when mathematicians are usually very eager to publish
their results, but in the days of the Italian Renaissance secrecy was
customary. Academic appointments were not easy to secure and
depended on the ability to prevail in public contests. Such challenges could be issued at any time. Consequently, any major new
discovery was a valuable weapon in such a contest. If an opponent
presented a list of problems to be solved, del Ferro could in turn
present a list of depressed cubics. He kept the secret of his discovery throughout his life, passing it on only on his deathbed to his
student Antonio Fior (ca. 1506?).
Although Fior was not the equal of his teacher, he immediately
issued a challenge to Niccolo Fontana (14991557). Fontana was
known as Tartaglia (the Stammerer). As a youth he had suffered
a blow from the sword of a French soldier during an attack on his
village. He survived the savage wound, but his speech was permanently impaired. Tartaglia sent Fior a list of 30 various mathematical problems; Fior countered by sending Tartaglia a list of 30 depressed cubics. Tartaglia would either solve all 30 of the problems
or absolutely fail. After much effort Tartaglia finally succeeded
in solving the depressed cubic and defeated Fior, who faded into
obscurity.
At this point another mathematician, Gerolamo Cardano (1501
1576), entered the story. Cardano wrote to Tartaglia, begging him
for the solution to the depressed cubic. Tartaglia refused several
of his requests, then finally revealed the solution to Cardano after
the latter swore an oath not to publish the secret or to pass it on
17.4. EXERCISES
265
to anyone else. Using the knowledge that he had obtained from

Tartaglia, Cardano eventually solved the general cubic
ax3 + bx2 + cx + d = 0.
Cardano shared the secret with his student, Ludovico Ferrari (1522
1565), who solved the general quartic equation,
ax4 + bx3 + cx2 + dx + e = 0.
In 1543, Cardano and Ferrari examined del Ferros papers and discovered that he had also solved the depressed cubic. Cardano felt
that this relieved him of his obligation to Tartaglia, so he proceeded to publish the solutions in Ars Magna (1545), in which he
gave credit to del Ferro for solving the special case of the cubic.
This resulted in a bitter dispute between Cardano and Tartaglia,
who published the story of the oath a year later.
17.4
Exercises
1. List all of the polynomials of degree 3 or less in Z2 [x].

2. Compute each of the following.
(a) (5x2 + 3x 4) + (4x2 x + 9) in Z12
(b) (5x2 + 3x 4)(4x2 x + 9) in Z12
(c) (7x3 + 3x2 x) + (6x2 8x + 4) in Z9
(d) (3x2 + 2x 4) + (4x2 + 2) in Z5
(e) (3x2 + 2x 4)(4x2 + 2) in Z5
(f) (5x2 + 3x 2)2 in Z12
3. Use the division algorithm to find q(x) and r(x) such that
a(x) = q(x)b(x) + r(x) with deg r(x) < deg b(x) for each of the
following pairs of polynomials.
(a) a(x) = 5x3 + 6x2 3x + 4 and b(x) = x 2 in Z7 [x]
(b) a(x) = 6x4 2x3 + x2 3x + 1 and b(x) = x2 + x 2 in Z7 [x]
(c) a(x) = 4x5 x3 + x2 + 4 and b(x) = x3 2 in Z5 [x]
(d) a(x) = x5 + x3 x2 x and b(x) = x3 + x in Z2 [x]
4. Find the greatest common divisor of each of the following pairs
p(x) and q(x) of polynomials. If d(x) = gcd(p(x), q(x)), find two
polynomials a(x) and b(x) such that a(x)p(x) + b(x)q(x) = d(x).
(a) p(x) = 7x3 + 6x2 8x + 4 and q(x) = x3 + x 2, where
p(x), q(x) Q[x]
266
(b) p(x) = x3 +x2 x+1 and q(x) = x3 +x1, where p(x), q(x)
Z2 [x]
(c) p(x) = x3 + x2 4x + 4 and q(x) = x3 + 3x 2, where
p(x), q(x) Z5 [x]
(d) p(x) = x3 2x + 4 and q(x) = 4x3 + x + 3, where p(x), q(x)
Q[x]
5. Find all of the zeros for each of the following polynomials.
(a) 5x3 + 4x2 x + 9 in Z12
(c) 5x4 + 2x2 3 in Z7
(b) 3x3 4x2 x + 4 in Z5
(d) x3 + x + 1 in Z2
6. Find all of the units in Z[x].

7. Find a unit p(x) in Z4 [x] such that deg p(x) > 1.
8. Which of the following polynomials are irreducible over Q[x]?
(a) x4 2x3 + 2x2 + x + 4
(c) 3x5 4x3 6x2 + 6
(b) x4 5x3 + 3x 2
(d) 5x5 6x4 3x2 + 9x 15
9. Find all of the irreducible polynomials of degrees 2 and 3 in

Z2 [x].
10. Give two different factorizations of x2 + x + 8 in Z10 [x].
11. Prove or disprove: There exists a polynomial p(x) in Z6 [x] of
degree n with more than n distinct zeros.
12. If F is a field, show that F [x1 , . . . , xn ] is an integral domain.
13. Show that the division algorithm does not hold for Z[x]. Why
does it fail?
14. Prove or disprove: xp + a is irreducible for any a Zp , where
p is prime.
15. Let f (x) be irreducible in F [x], where F is a field. If f (x) |
p(x)q(x), prove that either f (x) | p(x) or f (x) | q(x).
16. Suppose that R and S are isomorphic rings. Prove that R[x]
=
S[x].
17. Let F be a field and a F . If p(x) F [x], show that p(a) is
the remainder obtained when p(x) is divided by x a.
17.4. EXERCISES
267
18. (The Rational Root Theorem) Let

p(x) = an xn an1 xn1 + + a0 Z[x],
where an = 0. Prove that if (r/s) = 0, where gcd(r, s) = 1, then
r | a0 and s | an .
19. Let Q be the multiplicative group of positive rational numbers. Prove that Q is isomorphic to (Z[x], +).
20. (Cyclotomic Polynomials) The polynomial
xn 1
= xn1 + xn2 + + x + 1
x1
is called the cyclotomic polynomial. Show that p (x) is irreducible over Q for any prime p.
n (x) =
21. If F is a field, show that there are infinitely many irreducible

polynomials in F [x].
22. Let R be a commutative ring with identity. Prove that multiplication is commutative in R[x].
23. Let R be a commutative ring with identity. Prove that multiplication is distributive in R[x].
24. Show that xp x has p distinct zeros in Zp , for any prime p.
Conclude that
xp x = x(x 1)(x 2) (x (p 1)).
25. Let F be a ring and f (x) = a0 + a1 x + + an xn be in F [x].
Define f (x) = a1 + 2a2 x + + nan xn1 to be the derivative of
f (x).
(a) Prove that
(f + g) (x) = f (x) + g (x).
Conclude that we can define a homomorphism of abelian groups

D : F [x] F [x] by (D(f (x)) = f (x).
(b) Calculate the kernel of D if char F = 0.
(c) Calculate the kernel of D if char F = p.
(d) Prove that
(f g) (x) = f (x)g(x) + f (x)g (x).
(e) Suppose that we can factor a polynomial f (x) F [x] into
linear factors, say
f (x) = a(x a1 )(x a2 ) (x an ).
Prove that f (x) has no repeated factors if and only if f (x)
and f (x) are relatively prime.
268
26. Let F be a field. Show that F [x] is never a field.

27. Let R be an integral domain. Prove that R[x1 , . . . , xn ] is an
integral domain.
28. Let R be a commutative ring with identity. Show that R[x]
has a subring R isomorphic to R.
29. Let p(x) and q(x) be polynomials in R[x], where R is a commutative ring with identity. Prove that deg(p(x)+q(x)) max(deg p(x), deg q(x)).
17.5
Additional Exercises: Solving the Cubic and Quartic Equations
1. Solve the general quadratic equation

ax2 + bx + c = 0
to obtain
b2 4ac
.
2a
The discriminant of the quadratic equation = b2 4ac determines the nature of the solutions of the equation. If > 0, the
equation has two distinct real solutions. If = 0, the equation
has a single repeated real root. If < 0, there are two distinct
imaginary solutions.
x=
2. Show that any cubic equation of the form

x3 + bx2 + cx + d = 0
can be reduced to the form y 3 + py + q = 0 by making the substitution x = y b/3.
3. Prove that the cube roots of 1 are given by
1 + i 3
=
2
1
i 3
2 =
2
3 = 1.
4. Make the substitution
y=z
p
3z
for y in the equation y 3 + py + q = 0 and obtain two solutions A

and B for z 3 .
17.5. ADDITIONAL EXERCISES: SOLVING THE CUBIC AND QUARTIC EQUATIONS269
5. Show that the

product of the solutions obtained in (4) is p3 /27,
3
deducing that AB = p/3.
6. Prove that the possible solutions for z in (4) are given by
3
3
3
3
3
3
A, A, 2 A,
B, B, 2 B
and use this result to show that the three possible solutions for y
are
3
2
p
p3
q
q
q
q2
i 3
2i 3
+
+
+

+ ,
2
27
4
2
27
4
where i = 0, 1, 2.
7. The discriminant of the cubic equation is
=
p3
q2
+ .
27
4
Show that y 3 + py + q = 0
(a) has three real roots, at least two of which are equal, if = 0.
(b) has one real root and two conjugate imaginary roots if > 0.
(c) has three distinct real roots if < 0.
8. Solve the following cubic equations.
(a) x3 4x2 + 11x + 30 = 0
(b) x3 3x + 5 = 0
(c) x3 3x + 2 = 0
(d) x3 + x + 3 = 0
9. Show that the general quartic equation
x4 + ax3 + bx2 + cx + d = 0
can be reduced to
y 4 + py 2 + qy + r = 0
by using the substitution x = y a/4.
10. Show that
)
(
)
(
1 2
1 2
z r .
y 2 + z = (z p)y 2 qy +
2
4
270
11. Show that the right-hand side of Exercise 17.5.10 can be put
in the form (my + k)2 if and only if
(
)
1 2
2
q 4(z p)
z r = 0.
4
12. From Exercise 17.5.11 obtain the resolvent cubic equation
z 3 pz 2 4rz + (4pr q 2 ) = 0.
Solving the resolvent cubic equation, put the equation found in
Exercise 17.5.10 in the form
(
)
1 2
2
y + z = (my + k)2
2
to obtain the solution of the quartic equation.
13. Use this method to solve the following quartic equations.
(a) x4 x2 3x + 2 = 0
(b) x4 + x3 7x2 x + 6 = 0
(c) x4 2x2 + 4x 3 = 0
(d) x4 4x3 + 3x2 5x + 2 = 0
18
Integral Domains
One of the most important rings we study is the ring of integers. It

was our first example of an algebraic structure: the first polynomial
ring that we examined was Z[x]. We also know that the integers
sit naturally inside the field of rational numbers, Q. The ring
of integers is the model for all integral domains. In this chapter
we will examine integral domains in general, answering questions
about the ideal structure of integral domains, polynomial rings over
integral domains, and whether or not an integral domain can be
embedded in a field.
18.1
Fields of Fractions
Every field is also an integral domain; however, there are many

integral domains that are not fields. For example, the integers Z
form an integral domain but not a field. A question that naturally
arises is how we might associate an integral domain with a field.
There is a natural way to construct the rationals Q from the integers: the rationals can be represented as formal quotients of two
integers. The rational numbers are certainly a field. In fact, it can
be shown that the rationals are the smallest field that contains the
integers. Given an integral domain D, our question now becomes
how to construct a smallest field F containing D. We will do this
in the same way as we constructed the rationals from the integers.
An element p/q Q is the quotient of two integers p and q;
however, different pairs of integers can represent the same rational
number. For instance, 1/2 = 2/4 = 3/6. We know that
c
a
=
b
d
if and only if ad = bc. A more formal way of considering this
problem is to examine fractions in terms of equivalence relations.
We can think of elements in Q as ordered pairs in ZZ. A quotient
p/q can be written as (p, q). For instance, (3, 7) would represent
the fraction 3/7. However, there are problems if we consider all
possible pairs in Z Z. There is no fraction 5/0 corresponding to
the pair (5, 0). Also, the pairs (3, 6) and (2, 4) both represent the
271
272
CHAPTER 18. INTEGRAL DOMAINS
fraction 1/2. The first problem is easily solved if we require the

second coordinate to be nonzero. The second problem is solved by
considering two pairs (a, b) and (c, d) to be equivalent if ad = bc.
If we use the approach of ordered pairs instead of fractions, then
we can study integral domains in general. Let D be any integral
domain and let
S = {(a, b) : a, b D and b = 0}.
Define a relation on S by (a, b) (c, d) if ad = bc.
Lemma 18.1. The relation between elements of S is an equivalence relation.
Proof. Since D is commutative, ab = ba; hence, is reflexive on
D. Now suppose that (a, b) (c, d). Then ad = bc or cb = da.
Therefore, (c, d) (a, b) and the relation is symmetric. Finally, to
show that the relation is transitive, let (a, b) (c, d) and (c, d)
(e, f ). In this case ad = bc and cf = de. Multiplying both sides of
ad = bc by f yields
af d = adf = bcf = bde = bed.
Since D is an integral domain, we can deduce that af = be or
(a, b) (e, f ).
We will denote the set of equivalence classes on S by FD . We
now need to define the operations of addition and multiplication
on FD . Recall how fractions are added and multiplied in Q:
a
+
b
a
c
ad + bc
=
;
d
bd
c
ac
= .
d
bd
It seems reasonable to define the operations of addition and multiplication on FD in a similar manner. If we denote the equivalence
class of (a, b) S by [a, b], then we are led to define the operations
of addition and multiplication on FD by
[a, b] + [c, d] = [ad + bc, bd]
and
[a, b] [c, d] = [ac, bd],
respectively. The next lemma demonstrates that these operations
are independent of the choice of representatives from each equivalence class.
Lemma 18.2. The operations of addition and multiplication on
FD are well-defined.
18.1. FIELDS OF FRACTIONS
273
Proof. We will prove that the operation of addition is well-defined.

The proof that multiplication is well-defined is left as an exercise.
Let [a1 , b1 ] = [a2 , b2 ] and [c1 , d1 ] = [c2 , d2 ]. We must show that
[a1 d1 + b1 c1 , b1 d1 ] = [a2 d2 + b2 c2 , b2 d2 ]
or, equivalently, that
(a1 d1 + b1 c1 )(b2 d2 ) = (b1 d1 )(a2 d2 + b2 c2 ).
Since [a1 , b1 ] = [a2 , b2 ] and [c1 , d1 ] = [c2 , d2 ], we know that a1 b2 =
b1 a2 and c1 d2 = d1 c2 . Therefore,
(a1 d1 + b1 c1 )(b2 d2 ) = a1 d1 b2 d2 + b1 c1 b2 d2
= a1 b2 d1 d2 + b1 b2 c1 d2
= b1 a2 d1 d2 + b1 b2 d1 c2
= (b1 d1 )(a2 d2 + b2 c2 ).
Lemma 18.3. The set of equivalence classes of S, FD , under the

equivalence relation , together with the operations of addition and
multiplication defined by
[a, b] + [c, d] = [ad + bc, bd]
[a, b] [c, d] = [ac, bd],
is a field.
Proof. The additive and multiplicative identities are [0, 1] and
[1, 1], respectively. To show that [0, 1] is the additive identity, observe that
[a, b] + [0, 1] = [a1 + b0, b1] = [a, b].
It is easy to show that [1, 1] is the multiplicative identity. Let
[a, b] FD such that a = 0. Then [b, a] is also in FD and [a, b]
[b, a] = [1, 1]; hence, [b, a] is the multiplicative inverse for [a, b].
Similarly, [a, b] is the additive inverse of [a, b]. We leave as exercises the verification of the associative and commutative properties
of multiplication in FD . We also leave it to the reader to show that
FD is an abelian group under addition.
It remains to show that the distributive property holds in FD ;
however,
[a, b][e, f ] + [c, d][e, f ] = [ae, bf ] + [ce, df ]
= [aedf + bf ce, bdf 2 ]
= [aed + bce, bdf ]
= [ade + bce, bdf ]
= ([a, b] + [c, d])[e, f ]
and the lemma is proved.
274
The field FD in Lemma 18.3 is called the field of fractions

or field of quotients of the integral domain D.
Theorem 18.4. Let D be an integral domain. Then D can be
embedded in a field of fractions FD , where any element in FD can
be expressed as the quotient of two elements in D. Furthermore,
the field of fractions FD is unique in the sense that if E is any
field containing D, then there exists a map : FD E giving
an isomorphism with a subfield of E such that (a) = a for all
elements a D.
Proof. We will first demonstrate that D can be embedded in the
field FD . Define a map : D FD by (a) = [a, 1]. Then for a
and b in D,
(a + b) = [a + b, 1] = [a, 1] + [b, 1] = (a) + (b)
and
(ab) = [ab, 1] = [a, 1][b, 1] = (a)(b);
hence, is a homomorphism. To show that is one-to-one, suppose
that (a) = (b). Then [a, 1] = [b, 1], or a = a1 = 1b = b. Finally,
any element of FD can be expressed as the quotient of two elements
in D, since
(a)[(b)]1 = [a, 1][b, 1]1 = [a, 1] [1, b] = [a, b].
Now let E be a field containing D and define a map : FD E
by ([a, b]) = ab1 . To show that is well-defined, let [a1 , b1 ] =
1
[a2 , b2 ]. Then a1 b2 = b1 a2 . Therefore, a1 b1
1 = a2 b2 and ([a1 , b1 ]) =
([a2 , b2 ]).
If [a, b] and [c, d] are in FD , then
([a, b] + [c, d]) = ([ad + bc, bd])
= (ad + bc)(bd)1
= ab1 + cd1
= ([a, b]) + ([c, d])
and
([a, b] [c, d]) = ([ac, bd])
= (ac)(bd)1
= ab1 cd1
= ([a, b])([c, d]).
Therefore, is a homomorphism.
To complete the proof of the theorem, we need to show that
is one-to-one. Suppose that ([a, b]) = ab1 = 0. Then a = 0b = 0
and [a, b] = [0, b]. Therefore, the kernel of is the zero element
[0, b] in FD , and is injective.
18.2. FACTORIZATION IN INTEGRAL DOMAINS
275
Example 18.5. Since Q is a field, Q[x] is an integral domain.

The field of fractions of Q[x] is the set of all rational expressions
p(x)/q(x), where p(x) and q(x) are polynomials over the rationals
and q(x) is not the zero polynomial. We will denote this field by
Q(x).
We will leave the proofs of the following corollaries of Theorem 18.4 as exercises.
Corollary 18.6. Let F be a field of characteristic zero. Then F
contains a subfield isomorphic to Q.
Corollary 18.7. Let F be a field of characteristic p. Then F
contains a subfield isomorphic to Zp .
18.2
Factorization in Integral Domains
The building blocks of the integers are the prime numbers. If F is

a field, then irreducible polynomials in F [x] play a role that is very
similar to that of the prime numbers in the ring of integers. Given
an arbitrary integral domain, we are led to the following series of
definitions.
Let R be a commutative ring with identity, and let a and b be
elements in R. We say that a divides b, and write a | b, if there
exists an element c R such that b = ac. A unit in R is an
element that has a multiplicative inverse. Two elements a and b in
R are said to be associates if there exists a unit u in R such that
a = ub.
Let D be an integral domain. A nonzero element p D that is
not a unit is said to be irreducible provided that whenever p = ab,
either a or b is a unit. Furthermore, p is prime if whenever p | ab
either p | a or p | b.
Example 18.8. It is important to notice that prime and irreducible elements do not always coincide. Let R be the subring
(with identity) of Q[x, y] generated by x2 , y 2 , and xy. Each of
these elements is irreducible in R; however, xy is not prime, since
xy divides x2 y 2 but does not divide either x2 or y 2 .
The Fundamental Theorem of Arithmetic states that every positive integer n > 1 can be factored into a product of prime numbers
p1 pk , where the pi s are not necessarily distinct. We also know
that such factorizations are unique up to the order of the pi s. We
can easily extend this result to the integers. The question arises of
whether or not such factorizations are possible in other rings. Generalizing this definition, we say an integral domain D is a unique
factorization domain, or UFD, if D satisfies the following criteria.
1. Let a D such that a = 0 and a is not a unit. Then a can
be written as the product of irreducible elements in D.
276
2. Let a = p1 pr = q1 qs , where the pi s and the qi s are

irreducible. Then r = s and there is a Sr such that pi
and q(j) are associates for j = 1, . . . , r.
Example 18.9. The integers are a unique factorization domain
by the Fundamental Theorem of Arithmetic.
Example 18.10. Not every integral
domain isa unique factor
ization domain. The subring Z[ 3 i] = {a + b 3 i} of the complex numbers isan integral domain (Exercise
16.6.12, Chapter 16).
Let z = a + b 3 i and define : Z[ 3 i] N {0} by (z) =

|z|2 = a2 + 3b2 . It is clear that (z) 0 with equality when
z = 0. Also, from our knowledge of complex numbers we know
that (zw) = (z)(w). It is easy to show
that if (z) = 1, then z
is a unit, and that the only units of Z[ 3 i] are 1 and 1.
We claim that 4 has two distinct factorizations into irreducible
elements:
4 = 2 2 = (1 3 i)(1 + 3 i).
We must
show that each of these factors is an irreducible element
in
Z[ 3 i]. If 2 is not irreducible, then 2 = zw for elements z, w in
Z[ 3 i] where (z)
= (w) = 2. However, there does not exist an
element in z in Z[ 3 i] such that (z) = 2 because the equation a2 +
3b2 = 2 has no integer solutions. Therefore,2 must be irreducible.
A similar argument shows that both 1 3 i and 1 + 3 i are

irreducible.
Since 2 is not a unit multiple of either 1 3 i or
1 + 3 i, 4 has at least two distinct factorizations into irreducible

elements.
Principal Ideal Domains

Let R be a commutative ring with identity. Recall that a principal
ideal generated by a R is an ideal of the form a = {ra : r R}.
An integral domain in which every ideal is principal is called a
principal ideal domain, or PID.
Lemma 18.11. Let D be an integral domain and let a, b D.
Then
1. a | b if and only if b a.
2. a and b are associates if and only if b = a.
3. a is a unit in D if and only if a = D.
Proof. (1) Suppose that a | b. Then b = ax for some x D.
Hence, for every r in D, br = (ax)r = a(xr) and b a. Conversely, suppose that b a. Then b a. Consequently,
b = ax for some x D. Thus, a | b.
(2) Since a and b are associates, there exists a unit u such that
a = ub. Therefore, b | a and a b. Similarly, b a. It
277
follows that a = b. Conversely, suppose that a = b. By part

(1), a | b and b | a. Then a = bx and b = ay for some x, y D.
Therefore, a = bx = ayx. Since D is an integral domain, xy = 1;
that is, x and y are units and a and b are associates.
(3) An element a D is a unit if and only if a is an associate of
1. However, a is an associate of 1 if and only if a = 1 = D.
Theorem 18.12. Let D be a PID and p be a nonzero ideal in
D. Then p is a maximal ideal if and only if p is irreducible.
Proof. Suppose that p is a maximal ideal. If some element a in
D divides p, then p a. Since p is maximal, either D = a
or p = a. Consequently, either a and p are associates or a is a
unit. Therefore, p is irreducible.
Conversely, let p be irreducible. If a is an ideal in D such
that p a D, then a | p. Since p is irreducible, either a must
be a unit or a and p are associates. Therefore, either D = a or
p = a. Thus, p is a maximal ideal.
Corollary 18.13. Let D be a PID. If p is irreducible, then p is
prime.
Proof. Let p be irreducible and suppose that p | ab. Then ab
p. By Corollary 16.40, since p is a maximal ideal, p must also
be a prime ideal. Thus, either a p or b p. Hence, either
p | a or p | b.
Lemma 18.14. Let D be a PID. Let I1 , I2 , . . . be a set of ideals
such that I1 I2 . Then there exists an integer N such that
In = IN for all n N .
Proof. We claim that I =

i=1 Ii is an ideal of D. Certainly I
is not empty, since I1 I and 0 I. If a, b I, then a Ii and
b Ij for some i and j in N. Without loss of generality we can
assume that i j. Hence, a and b are both in Ij and so a b is
also in Ij . Now let r D and a I. Again, we note that a Ii
for some positive integer i. Since Ii is an ideal, ra Ii and hence
must be in I. Therefore, we have shown that I is an ideal in D.
Since D is a principal ideal domain, there exists an element
a D that generates I. Since a is in IN for some N N, we know
that IN = I = a. Consequently, In = IN for n N .
Any commutative ring satisfying the condition in Lemma 18.14
is said to satisfy the ascending chain condition, or ACC. Such
rings are called Noetherian rings, after Emmy Noether.
Theorem 18.15. Every PID is a UFD.
278
Proof. Existence of a factorization. Let D be a PID and a be a

nonzero element in D that is not a unit. If a is irreducible, then we
are done. If not, then there exists a factorization a = a1 b1 , where
neither a1 nor b1 is a unit. Hence, a a1 . By Lemma 18.11,
we know that a = a1 ; otherwise, a and a1 would be associates
and b1 would be a unit, which would contradict our assumption.
Now suppose that a1 = a2 b2 , where neither a2 nor b2 is a unit. By
the same argument as before, a1 a2 . We can continue with
this construction to obtain an ascending chain of ideals
a a1 a2 .
By Lemma 18.14, there exists a positive integer N such that an =
aN for all n N . Consequently, aN must be irreducible. We have
now shown that a is the product of two elements, one of which must
be irreducible.
Now suppose that a = c1 p1 , where p1 is irreducible. If c1 is
not a unit, we can repeat the preceding argument to conclude that
a c1 . Either c1 is irreducible or c1 = c2 p2 , where p2 is
irreducible and c2 is not a unit. Continuing in this manner, we
obtain another chain of ideals
a c1 c2 .
This chain must satisfy the ascending chain condition; therefore,
a = p1 p2 pr
for irreducible elements p1 , . . . , pr .
Uniqueness of the factorization. To show uniqueness, let
a = p 1 p 2 p r = q1 q2 qs ,
where each pi and each qi is irreducible. Without loss of generality, we can assume that r < s. Since p1 divides q1 q2 qs , by
Corollary 18.13 it must divide some qi . By rearranging the qi s, we
can assume that p1 | q1 ; hence, q1 = u1 p1 for some unit u1 in D.
Therefore,
a = p1 p2 pr = u1 p1 q2 qs
or
p2 pr = u1 q2 qs .
Continuing in this manner, we can arrange the qi s such that p2 =
q2 , p3 = q3 , . . . , pr = qr , to obtain
u1 u2 ur qr+1 qs = 1.
In this case qr+1 qs is a unit, which contradicts the fact that
qr+1 , . . . , qs are irreducibles. Therefore, r = s and the factorization
of a is unique.
279
Corollary 18.16. Let F be a field. Then F [x] is a UFD.

Example 18.17. Every PID is a UFD, but it is not the case that
every UFD is a PID. In Corollary 18.31, we will prove that Z[x]
is a UFD. However, Z[x] is not a PID. Let I = {5f (x) + xg(x) :
f (x), g(x) Z[x]}. We can easily show that I is an ideal of Z[x].
Suppose that I = p(x). Since 5 I, 5 = f (x)p(x). In this case
p(x) = p must be a constant. Since x I, x = pg(x); consequently,
p = 1. However, it follows from this fact that p(x) = Z[x].
But this would mean that 3 is in I. Therefore, we can write 3 =
5f (x) + xg(x) for some f (x) and g(x) in Z[x]. Examining the
constant term of this polynomial, we see that 3 = 5f (x), which is
impossible.
Euclidean Domains
We have repeatedly used the division algorithm when proving results about either Z or F [x], where F is a field. We should now
ask when a division algorithm is available for an integral domain.
Let D be an integral domain such that for each a D there is
a nonnegative integer (a) satisfying the following conditions.
1. If a and b are nonzero elements in D, then (a) (ab).
2. Let a, b D and suppose that b = 0. Then there exist
elements q, r D such that a = bq + r and either r = 0 or
(r) < (b).
Then D is called a Euclidean domain and is called a Euclidean valuation.
Example 18.18. Absolute value on Z is a Euclidean valuation.
Example 18.19. Let F be a field. Then the degree of a polynomial
in F [x] is a Euclidean valuation.
Example 18.20. Recall that the Gaussian integers in Example 16.12
of Chapter 16 are defined by
Z[i] = {a + bi : a, b Z}.
We usually measure the
size of a complex number
a + bi by its
2
2
2
2
absolute value, |a + bi| = a + b ; however, a + b may not be
an integer. For our valuation we will let (a + bi) = a2 + b2 to
ensure that we have an integer.
We claim that (a + bi) = a2 + b2 is a Euclidean valuation on
Z[i]. Let z, w Z[i]. Then (zw) = |zw|2 = |z|2 |w|2 = (z)(w).
Since (z) 1 for every nonzero z Z[i], (z) (z)(w).
Next, we must show that for any z = a + bi and w = c + di
in Z[i] with w = 0, there exist elements q and r in Z[i] such that
z = qw + r with either r = 0 or (r) < (w). We can view z and
280
w as elements in Q(i) = {p + qi : p, q Q}, the field of fractions of

Z[i]. Observe that
c di
c2 + d2
ac + bd bc ad
+ 2
i
= 2
2
2
c
+
d
c
+
d
(
) (
)
n1
n2
= m1 + 2
+ m2 + 2
i
c + d2
c + d2
(
)
n1
n2
= (m1 + m2 i) +
+ 2
i
2
2
c +d
c + d2
= (m1 + m2 i) + (s + ti)
zw1 = (a + bi)
in Q(i). In the last steps we are writing the real and imaginary
parts as an integer plus a proper fraction. That is, we take the
closest integer mi such that the fractional part satisfies |ni /(a2 +
b2 )| 1/2. For example, we write
9
=1+
8
15
=2
8
1
8
1
.
8
Thus, s and t are the fractional parts of zw1 = (m1 + m2 i) +

(s + ti). We also know that s2 + t2 1/4 + 1/4 = 1/2. Multiplying
by w, we have
z = zw1 w = w(m1 + m2 i) + w(s + ti) = qw + r,
where q = m1 + m2 i and r = w(s + ti). Since z and qw are in Z[i],
r must be in Z[i]. Finally, we need to show that either r = 0 or
(r) < (w). However,
1
(r) = (w)(s + ti) (w) < (w).
2
Theorem 18.21. Every Euclidean domain is a principal ideal domain.
Proof. Let D be a Euclidean domain and let be a Euclidean
valuation on D. Suppose I is a nontrivial ideal in D and choose a
nonzero element b I such that (b) is minimal for all a I. Since
D is a Euclidean domain, there exist elements q and r in D such
that a = bq + r and either r = 0 or (r) < (b). But r = a bq is
in I since I is an ideal; therefore, r = 0 by the minimality of b. It
follows that a = bq and I = b.
Corollary 18.22. Every Euclidean domain is a unique factorization domain.
281
Factorization in D[x]
One of the most important polynomial rings is Z[x]. One of the
first questions that come to mind about Z[x] is whether or not
it is a UFD. We will prove a more general statement here. Our
first task is to obtain a more general version of Gausss Lemma
(Theorem 17.14).
Let D be a unique factorization domain and suppose that
p(x) = an xn + + a1 x + a0
in D[x]. Then the content of p(x) is the greatest common divisor
of a0 , . . . , an . We say that p(x) is primitive if gcd(a0 , . . . , an ) = 1.
Example 18.23. In Z[x] the polynomial p(x) = 5x4 3x3 + x 4
is a primitive polynomial since the greatest common divisor of the
coefficients is 1; however, the polynomial q(x) = 4x2 6x + 8 is
not primitive since the content of q(x) is 2.
Theorem 18.24 (Gausss Lemma). Let D be a UFD and let f (x)
and g(x) be primitive polynomials in D[x]. Then f (x)g(x) is primitive.
n
m
i
i
Proof. Let f (x) =
i=0 bi x . Suppose
i=0 ai x and g(x) =
that p is a prime dividing the coefficients of f (x)g(x). Let r be the
smallest integer such that p |ar and s be the smallest integer such
that p |bs . The coefficient of xr+s in f (x)g(x) is
cr+s = a0 br+s + a1 br+s1 + + ar+s1 b1 + ar+s b0 .
Since p divides a0 , . . . , ar1 and b0 , . . . , bs1 , p divides every term
of cr+s except for the term ar bs . However, since p | cr+s , either p
divides ar or p divides bs . But this is impossible.
Lemma 18.25. Let D be a UFD, and let p(x) and q(x) be in D[x].
Then the content of p(x)q(x) is equal to the product of the contents
of p(x) and q(x).
Proof. Let p(x) = cp1 (x) and q(x) = dq1 (x), where c and d are
the contents of p(x) and q(x), respectively. Then p1 (x) and q1 (x)
are primitive. We can now write p(x)q(x) = cdp1 (x)q1 (x). Since
p1 (x)q1 (x) is primitive, the content of p(x)q(x) must be cd.
Lemma 18.26. Let D be a UFD and F its field of fractions.
Suppose that p(x) D[x] and p(x) = f (x)g(x), where f (x) and g(x)
are in F [x]. Then p(x) = f1 (x)g1 (x), where f1 (x) and g1 (x) are in
D[x]. Furthermore, deg f (x) = deg f1 (x) and deg g(x) = deg g1 (x).
282
Proof. Let a and b be nonzero elements of D such that af (x), bg(x)

are in D[x]. We can find a1 , b2 D such that af (x) = a1 f1 (x)
and bg(x) = b1 g1 (x), where f1 (x) and g1 (x) are primitive polynomials in D[x]. Therefore, abp(x) = (a1 f1 (x))(b1 g1 (x)). Since
f1 (x) and g1 (x) are primitive polynomials, it must be the case
that ab | a1 b1 by Gausss Lemma. Thus there exists a c D
such that p(x) = cf1 (x)g1 (x). Clearly, deg f (x) = deg f1 (x) and
deg g(x) = deg g1 (x).
The following corollaries are direct consequences of Lemma 18.26.
Corollary 18.27. Let D be a UFD and F its field of fractions. A
primitive polynomial p(x) in D[x] is irreducible in F [x] if and only
if it is irreducible in D[x].
Corollary 18.28. Let D be a UFD and F its field of fractions.
If p(x) is a monic polynomial in D[x] with p(x) = f (x)g(x) in
F [x], then p(x) = f1 (x)g1 (x), where f1 (x) and g1 (x) are in D[x].
Furthermore, deg f (x) = deg f1 (x) and deg g(x) = deg g1 (x).
Theorem 18.29. If D is a UFD, then D[x] is a UFD.
Proof. Let p(x) be a nonzero polynomial in D[x]. If p(x) is a
constant polynomial, then it must have a unique factorization since
D is a UFD. Now suppose that p(x) is a polynomial of positive
degree in D[x]. Let F be the field of fractions of D, and let p(x) =
f1 (x)f2 (x) fn (x) by a factorization of p(x), where each fi (x) is
irreducible. Choose ai D such that ai fi (x) is in D[x]. There
exist b1 , . . . , bn D such that ai fi (x) = bi gi (x), where gi (x) is a
primitive polynomial in D[x]. By Corollary 18.27, each gi (x) is
irreducible in D[x]. Consequently, we can write
a1 an p(x) = b1 bn g1 (x) gn (x).
Let b = b1 bn . Since g1 (x) gn (x) is primitive, a1 an divides
b. Therefore, p(x) = ag1 (x) gn (x), where a D. Since D is a
UFD, we can factor a as uc1 ck , where u is a unit and each of
the ci s is irreducible in D.
We will now show the uniqueness of this factorization. Let
p(x) = a1 am f1 (x) fn (x) = b1 br g1 (x) gs (x)
be two factorizations of p(x), where all of the factors are irreducible
in D[x]. By Corollary 18.27, each of the fi s and gi s is irreducible
in F [x]. The ai s and the bi s are units in F . Since F [x] is a PID,
it is a UFD; therefore, n = s. Now rearrange the gi (x)s so that
fi (x) and gi (x) are associates for i = 1, . . . , n. Then there exist
c1 , . . . , cn and d1 , . . . , dn in D such that (ci /di )fi (x) = gi (x) or
ci fi (x) = di gi (x). The polynomials fi (x) and gi (x) are primitive;
283
hence, ci and di are associates in D. Thus, a1 am = ub1 br

in D, where u is a unit in D. Since D is a unique factorization
domain, m = s. Finally, we can reorder the bi s so that ai and bi
are associates for each i. This completes the uniqueness part of the
proof.
The theorem that we have just proven has several obvious but
important corollaries.
Corollary 18.30. Let F be a field. Then F [x] is a UFD.
Corollary 18.31. The ring of polynomials over the integers, Z[x],
is a UFD.
Corollary 18.32. Let D be a UFD. Then D[x1 , . . . , xn ] is a UFD.
Remark 18.33. It is important to notice that every Euclidean domain is a PID and every PID is a UFD. However, as demonstrated
by our examples, the converse of each of these statements fails.
There are principal ideal domains that are not Euclidean domains,
and there are unique factorization domains that are not principal
ideal domains (Z[x]).
Sage Sage supports distinctions between plain rings, domains,
principal ideal domains and fields. Support is often very good for
constructions and computations with PIDs, but sometimes problems get significantly harder (computationally) when a ring has less
structure that that of a PID. So be aware when using Sage that
some questions may go unanswered for rings with less structure.
Historical Note
Karl Friedrich Gauss, born in Brunswick, Germany on April 30,
1777, is considered to be one of the greatest mathematicians who
ever lived. Gauss was truly a child prodigy. At the age of three
he was able to detect errors in the books of his fathers business.
Gauss entered college at the age of 15. Before the age of 20, Gauss
was able to construct a regular 17-sided polygon with a ruler and
compass. This was the first new construction of a regular n-sided
polygon since the time of the ancient Greeks. Gauss succeeded in
n
showing that if N = 22 + 1 was prime, then it was possible to
construct a regular N -sided polygon.
Gauss obtained his Ph.D. in 1799 under the direction of Pfaff
at the University of Helmstedt. In his dissertation he gave the first
complete proof of the Fundamental Theorem of Algebra, which
states that every polynomial with real coefficients can be factored
into linear factors over the complex numbers. The acceptance of
complex numbers was brought about
by Gauss, who was the first
person to use the notation of i for 1.
284
Gauss then turned his attention toward number theory; in 1801,

he published his famous book on number theory, Disquisitiones
Arithmeticae. Throughout his life Gauss was intrigued with this
branch of mathematics. He once wrote, Mathematics is the queen
of the sciences, and the theory of numbers is the queen of mathematics.
In 1807, Gauss was appointed director of the Observatory at the
University of Gttingen, a position he held until his death. This
position required him to study applications of mathematics to the
sciences. He succeeded in making contributions to fields such as
astronomy, mechanics, optics, geodesy, and magnetism. Along with
Wilhelm Weber, he coinvented the first practical electric telegraph
some years before a better version was invented by Samuel F. B.
Morse.
Gauss was clearly the most prominent mathematician in the
world in the early nineteenth century. His status naturally made
his discoveries subject to intense scrutiny. Gausss cold and distant
personality many times led him to ignore the work of his contemporaries, making him many enemies. He did not enjoy teaching very
much, and young mathematicians who sought him out for encouragement were often rebuffed. Nevertheless, he had many outstanding students, including Eisenstein, Riemann, Kummer, Dirichlet,
and Dedekind. Gauss also offered a great deal of encouragement
to Sophie Germain (17761831), who overcame the many obstacles
facing women in her day to become a very prominent mathematician. Gauss died at the age of 78 in Gttingen on February 23,
1855.
18.3
Exercises
2 = 1, show that z
1. Let z = a + b 3 i be in Z[ 3 i]. If a2 + 3b
must be a unit. Show that the only units of Z[ 3 i] are 1 and 1.
2. The Gaussian integers, Z[i], are a UFD. Factor each of the following elements in Z[i] into a product of irreducibles.
(a) 5
(c) 6 + 8i
(b) 1 + 3i
(d) 2
3. Let D be an integral domain.

(a) Prove that FD is an abelian group under the operation of
addition.
(b) Show that the operation of multiplication is well-defined in
the field of fractions, FD .
18.3. EXERCISES
285
(c) Verify the associative and commutative properties for multiplication in FD .

4. Prove or disprove: Any subring of a field F containing 1 is an
integral domain.
5. Prove or disprove: If D is an integral domain, then every prime
element in D is also irreducible in D.
6. Let F be a field of characteristic zero. Prove that F contains a
subfield isomorphic to Q.
7. Let F be a field.
(a) Prove that the field of fractions of F [x], denoted by F (x), is
isomorphic to the set all rational expressions p(x)/q(x), where
q(x) is not the zero polynomial.
(b) Let p(x1 , . . . , xn ) and q(x1 , . . . , xn ) be polynomials in F [x1 , . . . , xn ].
Show that the set of all rational expressions p(x1 , . . . , xn )/q(x1 , . . . , xn )
is isomorphic to the field of fractions of F [x1 , . . . , xn ]. We denote the field of fractions of F [x1 , . . . , xn ] by F (x1 , . . . , xn ).
8. Let p be prime and denote the field of fractions of Zp [x] by

Zp (x). Prove that Zp (x) is an infinite field of characteristic p.
9. Prove that the field of fractions of the Gaussian integers, Z[i],
is
Q(i) = {p + qi : p, q Q}.
10. A field F is called a prime field if it has no proper subfields.
If E is a subfield of F and E is a prime field, then E is a prime
subfield of F .
(a) Prove that every field contains a unique prime subfield.
(b) If F is a field of characteristic 0, prove that the prime subfield
of F is isomorphic to the field of rational numbers, Q.
(c) If F is a field of characteristic p, prove that the prime subfield
of F is isomorphic to Zp .
11. Let Z[ 2 ] = {a + b 2 : a, b Z}.
(a) Prove that Z[ 2 ] is an integral domain.
(b) Find all of the units in Z[ 2 ].
(c) Determine the field of fractions of Z[ 2 ].
(d) Prove that Z[ 2i]is a Euclidean domain under the Euclidean

valuation (a + b 2 i) = a2 + 2b2 .
286
12. Let D be a UFD. An element d D is a greatest common

divisor of a and b in D if d | a and d | b and d is divisible by
any other element dividing both a and b.
(a) If D is a PID and a and b are both nonzero elements of D,
prove there exists a unique greatest common divisor of a and
b up to associates. That is, if d and d are both greatest
common divisors of a and b, then d and d are associates. We
write gcd(a, b) for the greatest common divisor of a and b.
(b) Let D be a PID and a and b be nonzero elements of D. Prove
that there exist elements s and t in D such that gcd(a, b) =
as + bt.
13. Let D be an integral domain. Define a relation on D by a b
if a and b are associates in D. Prove that is an equivalence
relation on D.
14. Let D be a Euclidean domain with Euclidean valuation . If
u is a unit in D, show that (u) = (1).
15. Let D be a Euclidean domain with Euclidean valuation . If
a and b are associates in D, prove that (a) = (b).
16. Show that Z[ 5 i] is not a unique factorization domain.

17. Prove or disprove: Every subdomain of a UFD is also a UFD.
18. An ideal of a commutative ring R is said to be finitely generated if there exist elements a1 , . . . , an in R such that every element
r R can be written as a1 r1 + + an rn for some r1 , . . . , rn in R.
Prove that R satisfies the ascending chain condition if and only if
every ideal of R is finitely generated.
19. Let D be an integral domain with a descending chain of ideals
I1 I2 I3 . Suppose that there exists an N such that Ik =
IN for all k N . A ring satisfying this condition is said to satisfy
the descending chain condition, or DCC. Rings satisfying the
DCC are called Artinian rings, after Emil Artin. Show that
if D satisfies the descending chain condition, it must satisfy the
ascending chain condition.
20. Let R be a commutative ring with identity. We define a multiplicative subset of R to be a subset S such that 1 S and
ab S if a, b S.
(a) Define a relation on R S by (a, s) (a , s ) if there exists
an s S such that s (s a sa ) = 0. Show that is an
equivalence relation on R S.
287
(b) Let a/s denote the equivalence class of (a, s) R S and let
S 1 R be the set of all equivalence classes with respect to .
Define the operations of addition and multiplication on S 1 R
by
a b
at + bs
+ =
s
t
st
ab
ab
= ,
st
st
respectively. Prove that these operations are well-defined on
S 1 R and that S 1 R is a ring with identity under these operations. The ring S 1 R is called the ring of quotients of
R with respect to S.
(c) Show that the map : R S 1 R defined by (a) = a/1 is
a ring homomorphism.
(d) If R has no zero divisors and 0
/ S, show that is one-to-one.
(e) Prove that P is a prime ideal of R if and only if S = R \ P is
a multiplicative subset of R.
(f) If P is a prime ideal of R and S = R \ P , show that the ring
of quotients S 1 R has a unique maximal ideal. Any ring that
has a unique maximal ideal is called a local ring.

[1]
Atiyah, M. F. and MacDonald, I. G. Introduction to Commutative Algebra. Westview Press, Boulder, CO, 1994.
[2]
Zariski, O. and Samuel, P. Commutative Algebra, vols. I and

II. Springer, New York, 1975, 1960.
19
Lattices and Boolean
Algebras
The axioms of a ring give structure to the operations of addition

and multiplication on a set. However, we can construct algebraic
structures, known as lattices and Boolean algebras, that generalize
other types of operations. For example, the important operations
on sets are inclusion, union, and intersection. Lattices are generalizations of order relations on algebraic spaces, such as set inclusion
in set theory and inequality in the familiar number systems N, Z, Q,
and R. Boolean algebras generalize the operations of intersection
and union. Lattices and Boolean algebras have found applications
in logic, circuit theory, and probability.
19.1
Lattices
Partially Ordered Sets

We begin by the study of lattices and Boolean algebras by generalizing the idea of inequality. Recall that a relation on a set X is
a subset of X X. A relation P on X is called a partial order
of X if it satisfies the following axioms.
1. The relation is reflexive: (a, a) P for all a X.
2. The relation is antisymmetric: if (a, b) P and (b, a) P ,
then a = b.
3. The relation is transitive: if (a, b) P and (b, c) P , then
(a, c) P .
We will usually write a b to mean (a, b) P unless some
symbol is naturally associated with a particular partial order, such
as a b with integers a and b, or A B with sets A and B. A set
X together with a partial order is called a partially ordered
set, or poset.
Example 19.1. The set of integers (or rationals or reals) is a poset
where a b has the usual meaning for two integers a and b in Z.
288
19.1. LATTICES
289
Example 19.2. Let X be any set. We will define the power set
of X to be the set of all subsets of X. We denote the power set of
X by P(X). For example, let X = {a, b, c}. Then P(X) is the set
of all subsets of the set {a, b, c}:
{a}
{b}
{c}
{a, b}
{a, c}
{b, c}
{a, b, c}.
On any power set of a set X, set inclusion, , is a partial order.

We can represent the order on {a, b, c} schematically by a diagram
such as the one in Figure 19.3.
{a, b, c}
{a, b}
{a, c}
{b, c}
{a}
{b}
{c}
Figure 19.3: Partial order on P({a, b, c})

Example 19.4. Let G be a group. The set of subgroups of G is a
poset, where the partial order is set inclusion.
Example 19.5. There can be more than one partial order on a
particular set. We can form a partial order on N by a b if a | b.
The relation is certainly reflexive since a | a for all a N. If m | n
and n | m, then m = n; hence, the relation is also antisymmetric.
The relation is transitive, because if m | n and n | p, then m | p.
Example 19.6. Let X = {1, 2, 3, 4, 6, 8, 12, 24} be the set of divisors of 24 with the partial order defined in Example 19.5. Figure 19.7 shows the partial order on X.
24
8
12
3
1
Figure 19.7: A partial order on the divisors of 24
290 CHAPTER 19. LATTICES AND BOOLEAN ALGEBRAS

Let Y be a subset of a poset X. An element u in X is an upper
bound of Y if a u for every element a Y . If u is an upper
bound of Y such that u v for every other upper bound v of Y ,
then u is called a least upper bound or supremum of Y . An
element l in X is said to be a lower bound of Y if l a for all
a Y . If l is a lower bound of Y such that k l for every other
lower bound k of Y , then l is called a greatest lower bound or
infimum of Y .
Example 19.8. Let Y = {2, 3, 4, 6} be contained in the set X of
Example 19.6. Then Y has upper bounds 12 and 24, with 12 as a
least upper bound. The only lower bound is 1; hence, it must be a
greatest lower bound.
As it turns out, least upper bounds and greatest lower bounds
are unique if they exist.
Theorem 19.9. Let Y be a nonempty subset of a poset X. If Y
has a least upper bound, then Y has a unique least upper bound. If
Y has a greatest lower bound, then Y has a unique greatest lower
bound.
Proof. Let u1 and u2 be least upper bounds for Y . By the definition of the least upper bound, u1 u for all upper bounds u of Y .
In particular, u1 u2 . Similarly, u2 u1 . Therefore, u1 = u2 by
antisymmetry. A similar argument show that the greatest lower
bound is unique.
On many posets it is possible to define binary operations by
using the greatest lower bound and the least upper bound of two
elements. A lattice is a poset L such that every pair of elements in
L has a least upper bound and a greatest lower bound. The least
upper bound of a, b L is called the join of a and b and is denoted
by a b. The greatest lower bound of a, b L is called the meet
of a and b and is denoted by a b.
Example 19.10. Let X be a set. Then the power set of X, P(X),
is a lattice. For two sets A and B in P(X), the least upper bound
of A and B is A B. Certainly A B is an upper bound of A
and B, since A A B and B A B. If C is some other set
containing both A and B, then C must contain AB; hence, AB
is the least upper bound of A and B. Similarly, the greatest lower
bound of A and B is A B.
Example 19.11. Let G be a group and suppose that X is the
set of subgroups of G. Then X is a poset ordered by set-theoretic
inclusion, . The set of subgroups of G is also a lattice. If H and
K are subgroups of G, the greatest lower bound of H and K is
H K. The set H K may not be a subgroup of G. We leave it
as an exercise to show that the least upper bound of H and K is
the subgroup generated by H K.
19.1. LATTICES
291
In set theory we have certain duality conditions. For example,

by De Morgans laws, any statement about sets that is true about
(A B) must also be true about A B . We also have a duality
principle for lattices.
Axiom 19.12 (Principle of Duality). Any statement that is true
for all lattices remains true when is replaced by and and
are interchanged throughout the statement.
The following theorem tells us that a lattice is an algebraic
structure with two binary operations that satisfy certain axioms.
Theorem 19.13. If L is a lattice, then the binary operations
and satisfy the following properties for a, b, c L.
1. Commutative laws: a b = b a and a b = b a.
2. Associative laws: a (b c) = (a b) c and a (b c) =
(a b) c.
3. Idempotent laws: a a = a and a a = a.
4. Absorption laws: a (a b) = a and a (a b) = a.
Proof. By the Principle of Duality, we need only prove the first
statement in each part.
(1) By definition a b is the least upper bound of {a, b}, and
b a is the least upper bound of {b, a}; however, {a, b} = {b, a}.
(2) We will show that a (b c) and (a b) c are both least
upper bounds of {a, b, c}. Let d = ab. Then c dc = (ab)c.
We also know that
a a b = d d c = (a b) c.
A similar argument demonstrates that b (a b) c. Therefore,
(a b) c is an upper bound of {a, b, c}. We now need to show
that (a b) c is the least upper bound of {a, b, c}. Let u be some
other upper bound of {a, b, c}. Then a u and b u; hence,
d = a b u. Since c u, it follows that (a b) c = d c u.
Therefore, (a b) c must be the least upper bound of {a, b, c}.
The argument that shows a (b c) is the least upper bound of
{a, b, c} is the same. Consequently, a (b c) = (a b) c.
(3) The join of a and a is the least upper bound of {a}; hence,
a a = a.
(4) Let d = a b. Then a a d. On the other hand,
d = a b a, and so a d a. Therefore, a (a b) = a.
Given any arbitrary set L with operations and , satisfying
the conditions of the previous theorem, it is natural to ask whether
or not this set comes from some lattice. The following theorem says
that this is always the case.

Theorem 19.14. Let L be a nonempty set with two binary operations and satisfying the commutative, associative, idempotent,
and absorption laws. We can define a partial order on L by a b
if a b = b. Furthermore, L is a lattice with respect to if for all
a, b L, we define the least upper bound and greatest lower bound
of a and b by a b and a b, respectively.
Proof. We first show that L is a poset under . Since a a = a,
a a and is reflexive. To show that is antisymmetric, let
a b and b a. Then a b = b and b a = a.By the commutative
law, b = a b = b a = a. Finally, we must show that is
transitive. Let a b and b c. Then a b = b and b c = c.
Thus,
a c = a (b c) = (a b) c = b c = c,
or a c.
To show that L is a lattice, we must prove that a b and a b
are, respectively, the least upper and greatest lower bounds of a
and b. Since a = (a b) a = a (a b), it follows that a a b.
Similarly, b a b. Therefore, a b is an upper bound for a and
b. Let u be any other upper bound of both a and b. Then a u
and b u. But a b u since
(a b) u = a (b u) = a u = u.
The proof that a b is the greatest lower bound of a and b is left
as an exercise.
19.2
Boolean Algebras
Let us investigate the example of the power set, P(X), of a set X

more closely. The power set is a lattice that is ordered by inclusion.
By the definition of the power set, the largest element in P(X) is
X itself and the smallest element is , the empty set. For any set
A in P(X), we know that A X = A and A = A. This suggests
the following definition for lattices. An element I in a poset X is
a largest element if a I for all a X. An element O is a
smallest element of X if O a for all a X.
Let A be in P(X). Recall that the complement of A is
A = X \ A = {x : x X and x
/ A}.
We know that A A = X and A A = . We can generalize
this example for lattices. A lattice L with a largest element I and
a smallest element O is complemented if for each a X, there
exists an a such that a a = I and a a = O.
In a lattice L, the binary operations and satisfy commutative and associative laws; however, they need not satisfy the distributive law
a (b c) = (a b) (a c);
19.2. BOOLEAN ALGEBRAS
293
however, in P(X) the distributive law is satisfied since

A (B C) = (A B) (A C)
for A, B, C P(X). We will say that a lattice L is distributive if
the following distributive law holds:
a (b c) = (a b) (a c)
for all a, b, c L.
Theorem 19.15. A lattice L is distributive if and only if
a (b c) = (a b) (a c)
for all a, b, c L.
Proof. Let us assume that L is a distributive lattice.
a (b c) = [a (a c)] (b c)
= a [(a c) (b c)]
= a [(c a) (c b)]
= a [c (a b)]
= a [(a b) c]
= [(a b) a] [(a b) c]
= (a b) (a c).
The converse follows directly from the Duality Principle.
A Boolean algebra is a lattice B with a greatest element I
and a smallest element O such that B is both distributive and
complemented. The power set of X, P(X), is our prototype for
a Boolean algebra. As it turns out, it is also one of the most
important Boolean algebras. The following theorem allows us to
characterize Boolean algebras in terms of the binary relations
and without mention of the fact that a Boolean algebra is a
poset.
Theorem 19.16. A set B is a Boolean algebra if and only if
there exist binary operations and on B satisfying the following
axioms.
1. a b = b a and a b = b a for a, b B.
2. a (b c) = (a b) c and a (b c) = (a b) c for
a, b, c B.
3. a (b c) = (a b) (a c) and a (b c) = (a b) (a c)
for a, b, c B.

4. There exist elements I and O such that aO = a and aI = a
for all a B.
5. For every a B there exists an a B such that a a = I
and a a = O.
Proof. Let B be a set satisfying (1)(5) in the theorem. One of
the idempotent laws is satisfied since
a=aO
= a (a a )
= (a a) (a a )
= (a a) I
= a a.
Observe that
I b = (I b) I = (I I) (b I) = I I = I.
Consequently, the first of the two absorption laws holds, since
a (a b) = (a I) (a b)
= a (I b)
=aI
= a.
The other idempotent and absorption laws are proven similarly.
Since B also satisfies (1)(3), the conditions of Theorem 19.14 are
met; therefore, B must be a lattice. Condition (4) tells us that B
is a distributive lattice.
For a B, O a = a; hence, O a and O is the smallest
element in B. To show that I is the largest element in B, we will
first show that a b = b is equivalent to a b = a. Since a I = a
for all a B, using the absorption laws we can determine that
a I = (a I) I = I (I a) = I
or a I for all a in B. Finally, since we know that B is complemented by (5), B must be a Boolean algebra.
Conversely, suppose that B is a Boolean algebra. Let I and O
be the greatest and least elements in B, respectively. If we define
a b and a b as least upper and greatest lower bounds of {a, b},
then B is a Boolean algebra by Theorem 19.14, Theorem 19.15,
and our hypothesis.
Many other identities hold in Boolean algebras. Some of these
identities are listed in the following theorem.
Theorem 19.17. Let B be a Boolean algebra. Then
295
1. a I = I and a O = O for all a B.

2. If a b = a c and a b = a c for a, b, c B, then b = c.
3. If a b = I and a b = O, then b = a .
4. (a ) = a for all a B.
5. I = O and O = I.
6. (a b) = a b and (a b) = a b (De Morgans Laws).
Proof. We will prove only (2). The rest of the identities are left
as exercises. For a b = a c and a b = a c, we have
b = b (b a)
= b (a b)
= b (a c)
= (b a) (b c)
= (a b) (b c)
= (a c) (b c)
= (c a) (c b)
= c (a b)
= c (a c)
= c (c a)
= c.
Finite Boolean Algebras

A Boolean algebra is a finite Boolean algebra if it contains a
finite number of elements as a set. Finite Boolean algebras are
particularly nice since we can classify them up to isomorphism.
Let B and C be Boolean algebras. A bijective map : B C
is an isomorphism of Boolean algebras if
(a b) = (a) (b)
(a b) = (a) (b)
for all a and b in B.
We will show that any finite Boolean algebra is isomorphic to
the Boolean algebra obtained by taking the power set of some finite
set X. We will need a few lemmas and definitions before we prove
this result. Let B be a finite Boolean algebra. An element a B
is an atom of B if a = O and a b = a for all nonzero b B.
Equivalently, a is an atom of B if there is no nonzero b B distinct
from a such that O b a.

Lemma 19.18. Let B be a finite Boolean algebra. If b is a nonzero
element of B, then there is an atom a in B such that a b.
Proof. If b is an atom, let a = b. Otherwise, choose an element
b1 , not equal to O or b, such that b1 b. We are guaranteed that
this is possible since b is not an atom. If b1 is an atom, then we
are done. If not, choose b2 , not equal to O or b1 , such that b2 b1 .
Again, if b2 is an atom, let a = b2 . Continuing this process, we can
obtain a chain
O b3 b2 b1 b.
Since B is a finite Boolean algebra, this chain must be finite. That
is, for some k, bk is an atom. Let a = bk .
Lemma 19.19. Let a and b be atoms in a finite Boolean algebra
B such that a = b. Then a b = O.
Proof. Since a b is the greatest lower bound of a and b, we
know that a b a. Hence, either a b = a or a b = O.
However, if a b = a, then either a b or a = O. In either case
we have a contradiction because a and b are both atoms; therefore,
a b = O.
Lemma 19.20. Let B be a Boolean algebra and a, b B. The
following statements are equivalent.
1. a b.
2. a b = O.
3. a b = I.
Proof. (1) (2). If a b, then a b = b. Therefore,
a b = a (a b)
= a (a b )
= (a a ) b
= O b
= O.
(2) (3). If a b = O, then a b = (a b ) = O = I.
(3) (1). If a b = I, then
a = a (a b)
= (a a ) (a b)
= O (a b)
= a b.
Thus, a b.
297
Lemma 19.21. Let B be a Boolean algebra and b and c be elements

in B such that b c. Then there exists an atom a B such that
a b and a c.
Proof. By Lemma 19.20, b c = O. Hence, there exists an atom
a such that a b c . Consequently, a b and a c.
Lemma 19.22. Let b B and a1 , . . . , an be the atoms of B such
that ai b. Then b = a1 an . Furthermore, if a, a1 , . . . , an
are atoms of B such that a b, ai b, and b = a a1 an ,
then a = ai for some i = 1, . . . , n.
Proof. Let b1 = a1 an . Since ai b for each i, we know
that b1 b. If we can show that b b1 , then the lemma is true
by antisymmetry. Assume b b1 . Then there exists an atom a
such that a b and a b1 . Since a is an atom and a b, we can
deduce that a = ai for some ai . However, this is impossible since
a b1 . Therefore, b b1 .
Now suppose that b = a1 an . If a is an atom less than b,
a = a b = a (a1 an ) = (a a1 ) (a an ).
But each term is O or a with a ai occurring for only one ai .
Hence, by Lemma 19.19, a = ai for some i.
Theorem 19.23. Let B be a finite Boolean algebra. Then there
exists a set X such that B is isomorphic to P(X).
Proof. We will show that B is isomorphic to P(X), where X is
the set of atoms of B. Let a B. By Lemma 19.22, we can write
a uniquely as a = a1 an for a1 , . . . , an X. Consequently,
we can define a map : B P(X) by
(a) = (a1 an ) = {a1 , . . . , an }.
Clearly, is onto.
Now let a = a1 an and b = b1 bm be elements
in B, where each ai and each bi is an atom. If (a) = (b), then
{a1 , . . . , an } = {b1 , . . . , bm } and a = b. Consequently, is injective.
The join of a and b is preserved by since
(a b) = (a1 an b1 bm )
= {a1 , . . . , an , b1 , . . . , bm }
= {a1 , . . . , an } {b1 , . . . , bm }
= (a1 an ) (b1 bm )
= (a) (b).
Similarly, (a b) = (a) (b).

We leave the proof of the following corollary as an exercise.
Corollary 19.24. The order of any finite Boolean algebra must be
2n for some positive integer n.
19.3
The Algebra of Electrical Circuits
The usefulness of Boolean algebras has become increasingly apparent over the past several decades with the development of the
modern computer. The circuit design of computer chips can be expressed in terms of Boolean algebras. In this section we will develop
the Boolean algebra of electrical circuits and switches; however,
these results can easily be generalized to the design of integrated
computer circuitry.
A switch is a device, located at some point in an electrical
circuit, that controls the flow of current through the circuit. Each
switch has two possible states: it can be open, and not allow the
passage of current through the circuit, or a it can be closed, and
allow the passage of current. These states are mutually exclusive.
We require that every switch be in one state or the othera switch
cannot be open and closed at the same time. Also, if one switch
is always in the same state as another, we will denote both by the
same letter; that is, two switches that are both labeled with the
same letter a will always be open at the same time and closed at
the same time.
Given two switches, we can construct two fundamental types
of circuits. Two switches a and b are in series if they make up a
circuit of the type that is illustrated in Figure 19.25. Current can
pass between the terminals A and B in a series circuit only if both
of the switches a and b are closed. We will denote this combination
of switches by a b. Two switches a and b are in parallel if they
form a circuit of the type that appears in Figure 19.26. In the case
of a parallel circuit, current can pass between A and B if either
one of the switches is closed. We denote a parallel combination of
circuits a and b by a b.
A
Figure 19.25: a b
a
A
B
b
Figure 19.26: a b
19.3. THE ALGEBRA OF ELECTRICAL CIRCUITS
299
We can build more complicated electrical circuits out of series

and parallel circuits by replacing any switch in the circuit with one
of these two fundamental types of circuits. Circuits constructed in
this manner are called series-parallel circuits.
We will consider two circuits equivalent if they act the same.
That is, if we set the switches in equivalent circuits exactly the
same we will obtain the same result. For example, in a series circuit
a b is exactly the same as b a. Notice that this is exactly the
commutative law for Boolean algebras. In fact, the set of all seriesparallel circuits forms a Boolean algebra under the operations of
and . We can use diagrams to verify the different axioms of a
Boolean algebra. The distributive law, a (b c) = (a b) (a c),
is illustrated in Figure 19.27. If a is a switch, then a is the switch
that is always open when a is closed and always closed when a is
open. A circuit that is always closed is I in our algebra; a circuit
that is always open is O. The laws for a a = O and a a = I
are shown in Figure 19.28.
b
Figure 19.27: a (b c) = (a b) (a c)
a
a
a
a
Figure 19.28: a a = O and a a = I

Example 19.29. Every Boolean expression represents a switching
circuit. For example, given the expression (a b) (a b ) (a b),
we can construct the circuit in Figure 19.32.
Theorem 19.30. The set of all circuits is a Boolean algebra.
We leave as an exercise the proof of this theorem for the Boolean
algebra axioms not yet verified. We can now apply the techniques
of Boolean algebras to switching theory.
Example 19.31. Given a complex circuit, we can now apply the
techniques of Boolean algebra to reduce it to a simpler one. Con-

sider the circuit in Figure 19.32. Since
(a b) (a b ) (a b) = (a b) (a b) (a b )
= (a b) (a b )
= a (b b )
=aO
= a,
we can replace the more complicated circuit with a circuit containing the single switch a and achieve the same function.
a
Figure 19.32: (a b) (a b ) (a b)
Sage Sage has a full suite of functionality for both posets and
lattices, all as part of its excellent support for combinatorics. There
is little in this chapter that cannot be investigated with Sage.
Historical Note
George Boole (18151864) was the first person to study lattices.
In 1847, he published The Investigation of the Laws of Thought, a
book in which he used lattices to formalize logic and the calculus
of propositions. Boole believed that mathematics was the study of
form rather than of content; that is, he was not so much concerned
with what he was calculating as with how he was calculating it.
Booles work was carried on by his friend Augustus De Morgan
(18061871). De Morgan observed that the principle of duality
often held in set theory, as is illustrated by De Morgans laws for
set theory. He believed, as did Boole, that mathematics was the
study of symbols and abstract operations.
Set theory and logic were further advanced by such mathematicians as Alfred North Whitehead (18611947), Bertrand Russell
(18721970), and David Hilbert (18621943). In Principia Mathematica, Whitehead and Russell attempted to show the connection
between mathematics and logic by the deduction of the natural
number system from the rules of formal logic. If the natural numbers could be determined from logic itself, then so could much of
the rest of existing mathematics. Hilbert attempted to build up
mathematics by using symbolic logic in a way that would prove the
consistency of mathematics. His approach was dealt a mortal blow
by Kurt Gdel (19061978), who proved that there will always be
undecidable problems in any sufficiently rich axiomatic system;
19.4. EXERCISES
301
that is, that in any mathematical system of any consequence, there

will always be statements that can never be proven either true or
false.
As often occurs, this basic research in pure mathematics later
became indispensable in a wide variety of applications. Boolean
algebras and logic have become essential in the design of the largescale integrated circuitry found on todays computer chips. Sociologists have used lattices and Boolean algebras to model social
hierarchies; biologists have used them to describe biosystems.
19.4
Exercises
1. Draw the lattice diagram for the power set of X = {a, b, c, d}

with the set inclusion relation, .
2. Draw the diagram for the set of positive integers that are divisors of 30. Is this poset a Boolean algebra?
3. Draw a diagram of the lattice of subgroups of Z12 .
4. Let B be the set of positive integers that are divisors of 36.
Define an order on B by a b if a | b. Prove that B is a Boolean
algebra. Find a set X such that B is isomorphic to P(X).
5. Prove or disprove: Z is a poset under the relation a b if a | b.
6. Draw the switching circuit for each of the following Boolean
expressions.
(a) (a b a ) a
(c) a (a b)
(b) (a b) (a b)
(d) (c a b) c (a b)
7. Draw a circuit that will be closed exactly when only one of three
switches a, b, and c are closed.
8. Prove or disprove that the two circuits shown are equivalent.
a
9. Let X be a finite set containing n elements. Prove that P(X) =

2n . Conclude that the order of any finite Boolean algebra must be
2n for some n N.
10. For each of the following circuits, write a Boolean expression.

If the circuit can be replaced by one with fewer switches, give the
Boolean expression and draw a diagram for the new circuit.
b
a
a
b
b
a
11. Prove or disprove: The set of all nonzero integers is a lattice,

where a b is defined by a | b.
12. Let L be a nonempty set with two binary operations and
satisfying the commutative, associative, idempotent, and absorption laws. We can define a partial order on L, as in Theorem 19.14,
by a b if a b = b. Prove that the greatest lower bound of a and
b is a b.
13. Let G be a group and X be the set of subgroups of G ordered
by set-theoretic inclusion. If H and K are subgroups of G, show
that the least upper bound of H and K is the subgroup generated
by H K.
14. Let R be a ring and suppose that X is the set of ideals of
R. Show that X is a poset ordered by set-theoretic inclusion, .
Define the meet of two ideals I and J in X by I J and the join
of I and J by I + J. Prove that the set of ideals of R is a lattice
under these operations.
15. Let B be a Boolean algebra. Prove each of the following identities.
(a) a I = I and a O = O for all a B.
(b) If a b = I and a b = O, then b = a .
(c) (a ) = a for all a B.
303
(d) I = O and O = I.
(e) (a b) = a b and (a b) = a b (De Morgans laws).
16. By drawing the appropriate diagrams, complete the proof of
Theorem 19.14 to show that the switching functions form a Boolean
algebra.
17. Let B be a Boolean algebra. Define binary operations + and
on B by
a + b = (a b ) (a b)
a b = a b.
Prove that B is a commutative ring under these operations satisfying a2 = a for all a B.
18. Let X be a poset such that for every a and b in X, either a b
or b a. Then X is said to be a totally ordered set.
(a) Is a | b a total order on N?
(b) Prove that N, Z, Q, and R are totally ordered sets under the
usual ordering .
19. Let X and Y be posets. A map : X Y is orderpreserving if a b implies that (a) (b). Let L and M
be lattices. A map : L M is a lattice homomorphism if
(a b) = (a) (b) and (a b) = (a) (b). Show that
every lattice homomorphism is order-preserving, but that it is not
the case that every order-preserving homomorphism is a lattice
homomorphism.
20. Let B be a Boolean algebra. Prove that a = b if and only if
(a b ) (a b) = O for a, b B.
21. Let B be a Boolean algebra. Prove that a = 0 if and only if
(a b ) (a b) = b for all b B.
22. Let L and M be lattices. Define an order relation on L M
by (a, b) (c, d) if a c and b d. Show that L M is a lattice
under this partial order.
19.5
1. A Boolean or switching function on n variables is a map

f : {O, I}n {0, I}. A Boolean polynomial is a special type
of Boolean function: it is any type of Boolean expression formed
from a finite combination of variables x1 , . . . , xn together with O

and I, using the operations , , and . The values of the functions
are defined in Table 19.33. Write a program to evaluate Boolean
polynomials.
x
0
0
1
1
y
0
1
0
1
x
1
1
0
0
xy
0
1
1
1
xy
0
0
0
1
Table 19.33: Boolean polynomials
19.6
[1]
Donnellan, T. Lattice Theory. Pergamon Press, Oxford, 1968.
[2]
Halmos, P. R. The Basic Concepts of Algebraic Logic,

American Mathematical Monthly 53(1956), 36387.
[3]
Hohn, F. Some Mathematical Aspects of Switching, American Mathematical Monthly 62(1955), 7590.
[4]
Hohn, F. Applied Boolean Algebra. 2nd ed. Macmillan, New

York, 1966.
[5]
Lidl, R. and Pilz, G. Applied Abstract Algebra.

[6]
Whitesitt, J. Boolean Algebra and Its Applications. Dover,

Mineola, NY, 2010.
2nd ed.
20
Vector Spaces
In a physical system a quantity can often be described with a single

number. For example, we need to know only a single number to
describe temperature, mass, or volume. However, for some quantities, such as location, we need several numbers. To give the location
of a point in space, we need x, y, and z coordinates. Temperature
distribution over a solid object requires four numbers: three to
identify each point within the object and a fourth to describe the
temperature at that point. Often n-tuples of numbers, or vectors,
also have certain algebraic properties, such as addition or scalar
multiplication.
In this chapter we will examine mathematical structures called
vector spaces. As with groups and rings, it is desirable to give a
simple list of axioms that must be satisfied to make a set of vectors
a structure worth studying.
20.1
A vector space V over a field F is an abelian group with a scalar

product v or v defined for all F and all v V satisfying
the following axioms.
(v) = ()v;
( + )v = v + v;
(u + v) = u + v;
1v = v;
where , F and u, v V .
The elements of V are called vectors; the elements of F are
called scalars. It is important to notice that in most cases two
vectors cannot be multiplied. In general, it is only possible to
multiply a vector with a scalar. To differentiate between the scalar
zero and the vector zero, we will write them as 0 and 0, respectively.
Let us examine several examples of vector spaces. Some of them
will be quite familiar; others will seem less so.
305
306
CHAPTER 20. VECTOR SPACES
Example 20.1. The n-tuples of real numbers, denoted by Rn ,

form a vector space over R. Given vectors u = (u1 , . . . , un ) and
v = (v1 , . . . , vn ) in Rn and in R, we can define vector addition
by
u + v = (u1 , . . . , un ) + (v1 , . . . , vn ) = (u1 + v1 , . . . , un + vn )
and scalar multiplication by
u = (u1 , . . . , un ) = (u1 , . . . , un ).
Example 20.2. If F is a field, then F [x] is a vector space over F .
The vectors in F [x] are simply polynomials, and vector addition is
just polynomial addition. If F and p(x) F [x], then scalar
multiplication is defined by p(x).
Example 20.3. The set of all continuous real-valued functions on
a closed interval [a, b] is a vector space over R. If f (x) and g(x) are
continuous on [a, b], then (f + g)(x) is defined to be f (x) + g(x).
Scalar multiplication is defined by (f )(x) = f (x) for R.
For example, if f (x) = sin x and g(x) = x2 , then (2f + 5g)(x) =
2 sin x + 5x2 .
Example 20.4. Let V = Q( 2 ) = {a

+ b 2 : a, b Q}.Then V
is a vector space over Q.If u = a + b 2 and v = c + d 2, then
u + v = (a + c) + (b + d) 2 is again in V . Also, for Q, v is
in V . We will leave it as an exercise to verify that all of the vector
space axioms hold for V .
Proposition 20.5. Let V be a vector space over F . Then each of
the following statements is true.
1. 0v = 0 for all v V .
2. 0 = 0 for all F .
3. If v = 0, then either = 0 or v = 0.
4. (1)v = v for all v V .
5. (v) = ()v = (v) for all F and all v V .
Proof. To prove (1), observe that
0v = (0 + 0)v = 0v + 0v;
consequently, 0+0v = 0v+0v. Since V is an abelian group, 0 = 0v.
The proof of (2) is almost identical to the proof of (1). For (3),
we are done if = 0. Suppose that = 0. Multiplying both sides
of v = 0 by 1/, we have v = 0.
To show (4), observe that
v + (1)v = 1v + (1)v = (1 1)v = 0v = 0,
and so v = (1)v. We will leave the proof of (5) as an exercise.
20.2. SUBSPACES
20.2
307
Subspaces
Just as groups have subgroups and rings have subrings, vector

spaces also have substructures. Let V be a vector space over a
field F , and W a subset of V . Then W is a subspace of V if it is
closed under vector addition and scalar multiplication; that is, if
u, v W and F , it will always be the case that u + v and v
are also in W .
Example 20.6. Let W be the subspace of R3 defined by W =
{(x1 , 2x1 + x2 , x1 x2 ) : x1 , x2 R}. We claim that W is a
subspace of R3 . Since
(x1 , 2x1 + x2 , x1 x2 ) = (x1 , (2x1 + x2 ), (x1 x2 ))
= (x1 , 2(x1 ) + x2 , x1 x2 ),
W is closed under scalar multiplication. To show that W is closed
under vector addition, let u = (x1 , 2x1 + x2 , x1 x2 ) and v =
(y1 , 2y1 + y2 , y1 y2 ) be vectors in W . Then
u + v = (x1 + y1 , 2(x1 + y1 ) + (x2 + y2 ), (x1 + y1 ) (x2 + y2 )).
Example 20.7. Let W be the subset of polynomials of F [x] with
no odd-power terms. If p(x) and q(x) have no odd-power terms,
then neither will p(x) + q(x). Also, p(x) W for F and
p(x) W .
Let V be any vector space over a field F and suppose that
v1 , v2 , . . . , vn are vectors in V and 1 , 2 , . . . , n are scalars in F .
Any vector w in V of the form
w=
i vi = 1 v1 + 2 v2 + + n vn
i=1
is called a linear combination of the vectors v1 , v2 , . . . , vn . The

spanning set of vectors v1 , v2 , . . . , vn is the set of vectors obtained
from all possible linear combinations of v1 , v2 , . . . , vn . If W is the
spanning set of v1 , v2 , . . . , vn , then we say that W is spanned by
v1 , v 2 , . . . , vn .
Proposition 20.8. Let S = {v1 , v2 , . . . , vn } be vectors in a vector
space V . Then the span of S is a subspace of V .
Proof. Let u and v be in S. We can write both of these vectors
as linear combinations of the vi s:
u = 1 v 1 + 2 v 2 + + n v n
v = 1 v1 + 2 v2 + + n vn .
308
Then
u + v = (1 + 1 )v1 + (2 + 2 )v2 + + (n + n )vn
is a linear combination of the vi s. For F ,
u = (1 )v1 + (2 )v2 + + (n )vn
is in the span of S.
20.3
Linear Independence
Let S = {v1 , v2 , . . . , vn } be a set of vectors in a vector space V . If

there exist scalars 1 , 2 . . . n F such that not all of the i s
are zero and
1 v1 + 2 v2 + + n vn = 0,
then S is said to be linearly dependent. If the set S is not
linearly dependent, then it is said to be linearly independent.
More specifically, S is a linearly independent set if
1 v1 + 2 v2 + + n vn = 0
implies that
1 = 2 = = n = 0
for any set of scalars {1 , 2 . . . n }.
Proposition 20.9. Let {v1 , v2 , . . . , vn } be a set of linearly independent vectors in a vector space. Suppose that
v = 1 v1 + 2 v2 + + n vn = 1 v1 + 2 v2 + + n vn .
Then 1 = 1 , 2 = 2 , . . . , n = n .
Proof. If
v = 1 v1 + 2 v2 + + n vn = 1 v1 + 2 v2 + + n vn ,
then
(1 1 )v1 + (2 2 )v2 + + (n n )vn = 0.
Since v1 , . . . , vn are linearly independent, i i = 0 for i =
1, . . . , n.
The definition of linear dependence makes more sense if we
consider the following proposition.
Proposition 20.10. A set {v1 , v2 , . . . , vn } of vectors in a vector
space V is linearly dependent if and only if one of the vi s is a
linear combination of the rest.
20.3. LINEAR INDEPENDENCE
309
Proof. Suppose that {v1 , v2 , . . . , vn } is a set of linearly dependent

vectors. Then there exist scalars 1 , . . . , n such that
1 v1 + 2 v2 + + n vn = 0,
with at least one of the i s not equal to zero. Suppose that k = 0.
Then
vk =
1
k1
k+1
n
v1
vk1
vk+1
vn .
k
k
k
k
Conversely, suppose that

vk = 1 v1 + + k1 vk1 + k+1 vk+1 + + n vn .
Then
1 v1 + + k1 vk1 vk + k+1 vk+1 + + n vn = 0.
The following proposition is a consequence of the fact that any

system of homogeneous linear equations with more unknowns than
equations will have a nontrivial solution. We leave the details of
the proof for the end-of-chapter exercises.
Proposition 20.11. Suppose that a vector space V is spanned by n
vectors. If m > n, then any set of m vectors in V must be linearly
dependent.
A set {e1 , e2 , . . . , en } of vectors in a vector space V is called
a basis for V if {e1 , e2 , . . . , en } is a linearly independent set that
spans V .
Example 20.12. The vectors e1 = (1, 0, 0), e2 = (0, 1, 0), and
e3 = (0, 0, 1) form a basis for R3 . The set certainly spans R3 , since
any arbitrary vector (x1 , x2 , x3 ) in R3 can be written as x1 e1 +
x2 e2 + x3 e3 . Also, none of the vectors e1 , e2 , e3 can be written
as a linear combination of the other two; hence, they are linearly
independent. The vectors e1 , e2 , e3 are not the only basis of R3 :
the set {(3, 2, 1), (3, 2, 0), (1, 1, 1)} is also a basis for R3 .
Example
20.13.
Let Q( 2 ) = {a + b 2 : a, b
Q}. The sets
{1, 2 } and {1 + 2, 1 2 } are both bases of Q( 2 ).

From the last two examples it should be clear that a given
vector space has several bases. In fact, there are an infinite number
of bases for both of these examples. In general, there is no unique
basis for a vector space. However, every
basis of R3 consists of
exactly three vectors, and every basis of Q( 2 ) consists of exactly
two vectors. This is a consequence of the next proposition.
310
Proposition 20.14. Let {e1 , e2 , . . . , em } and {f1 , f2 , . . . , fn } be

two bases for a vector space V . Then m = n.
Proof. Since {e1 , e2 , . . . , em } is a basis, it is a linearly independent set. By Proposition 20.11, n m. Similarly, {f1 , f2 , . . . , fn }
is a linearly independent set, and the last proposition implies that
m n. Consequently, m = n.
If {e1 , e2 , . . . , en } is a basis for a vector space V , then we say
that the dimension of V is n and we write dim V = n. We will
leave the proof of the following theorem as an exercise.
Theorem 20.15. Let V be a vector space of dimension n.
1. If S = {v1 , . . . , vn } is a set of linearly independent vectors
for V , then S is a basis for V .
2. If S = {v1 , . . . , vn } spans V , then S is a basis for V .
3. If S = {v1 , . . . , vk } is a set of linearly independent vectors for
V with k < n, then there exist vectors vk+1 , . . . , vn such that
{v1 , . . . , vk , vk+1 , . . . , vn }
is a basis for V .
Sage Many of Sages computations, in a wide variety of algebraic
settings, come from solving problems in linear algebra. So you
will find a wealth of linear algebra functionality. Further, you can
use structures such as finite fields to find vector spaces in new
settings.
20.4 Exercises
1. If F is a field, show that F [x] is a vector space over F , where
the vectors in F [x] are polynomials. Vector addition is polynomial
addition, and scalar multiplication is defined by p(x) for F .
2. Prove that Q( 2 ) is a vector space.

3. Let
2, 3 ) be the field generated by elementsof the
Q(
form
a + b 2 + c 3, where a, b, c are in Q. Prove that Q( 2,
3) is a
vector space of dimension 4 over Q. Find a basis for Q( 2, 3 ).
4. Prove that the complex numbers are a vector space of dimension
2 over R.
20.4. EXERCISES
311
5. Prove that the set Pn of all polynomials of degree less than n

form a subspace of the vector space F [x]. Find a basis for Pn and
compute the dimension of Pn .
6. Let F be a field and denote the set of n-tuples of F by F n .
Given vectors u = (u1 , . . . , un ) and v = (v1 , . . . , vn ) in F n and
in F , define vector addition by
u + v = (u1 , . . . , un ) + (v1 , . . . , vn ) = (u1 + v1 , . . . , un + vn )
and scalar multiplication by
u = (u1 , . . . , un ) = (u1 , . . . , un ).
Prove that F n is a vector space of dimension n under these operations.
7. Which of the following sets are subspaces of R3 ? If the set is
indeed a subspace, find a basis for the subspace and compute its
dimension.
(a)
(b)
(c)
(d)
{(x1 , x2 , x3 ) : 3x1 2x2 + x3 = 0}

{(x1 , x2 , x3 ) : 3x1 + 4x3 = 0, 2x1 x2 + x3 = 0}
{(x1 , x2 , x3 ) : x1 2x2 + 2x3 = 2}
{(x1 , x2 , x3 ) : 3x1 2x22 = 0}
8. Show that the set of all possible solutions (x, y, z) R3 of the

equations
Ax + By + Cz = 0
Dx + Ey + Cz = 0
form a subspace of R3 .
9. Let W be the subset of continuous functions on [0, 1] such that
f (0) = 0. Prove that W is a subspace of C[0, 1].
10. Let V be a vector space over F . Prove that (v) = ()v =
(v) for all F and all v V .
11. Let V be a vector space of dimension n. Prove each of the
following statements.
(a) If S = {v1 , . . . , vn } is a set of linearly independent vectors for
V , then S is a basis for V .
(b) If S = {v1 , . . . , vn } spans V , then S is a basis for V .
(c) If S = {v1 , . . . , vk } is a set of linearly independent vectors for
V with k < n, then there exist vectors vk+1 , . . . , vn such that
{v1 , . . . , vk , vk+1 , . . . , vn }
is a basis for V .
312
12. Prove that any set of vectors containing 0 is linearly dependent.

13. Let V be a vector space. Show that {0} is a subspace of V of
dimension zero.
14. If a vector space V is spanned by n vectors, show that any set
of m vectors in V must be linearly dependent for m > n.
15. (Linear Transformations) Let V and W be vector spaces over
a field F , of dimensions m and n, respectively. If T : V W is a
map satisfying
T (u + v) = T (u) + T (v)
T (v) = T (v)
for all F and all u, v V , then T is called a linear transformation from V into W .
(a) Prove that the kernel of T , ker(T ) = {v V : T (v) = 0}, is
a subspace of V . The kernel of T is sometimes called the null
space of T .
(b) Prove that the range or range space of T , R(V ) = {w
W : T (v) = w for some v V }, is a subspace of W .
(c) Show that T : V W is injective if and only if ker(T ) = {0}.
(d) Let {v1 , . . . , vk } be a basis for the null space of T . We can
extend this basis to be a basis {v1 , . . . , vk , vk+1 , . . . , vm } of
V . Why? Prove that {T (vk+1 ), . . . , T (vm )} is a basis for the
range of T . Conclude that the range of T has dimension mk.
(e) Let dim V = dim W . Show that a linear transformation T :
V W is injective if and only if it is surjective.
16. Let V and W be finite dimensional vector spaces of dimension
n over a field F . Suppose that T : V W is a vector space isomorphism. If {v1 , . . . , vn } is a basis of V , show that {T (v1 ), . . . , T (vn )}
is a basis of W . Conclude that any vector space over a field F of
dimension n is isomorphic to F n .
17. (Direct Sums) Let U and V be subspaces of a vector space
W . The sum of U and V , denoted U + V , is defined to be the set
of all vectors of the form u + v, where u U and v V .
(a) Prove that U + V and U V are subspaces of W .
(b) If U + V = W and U V = 0, then W is said to be the direct
sum. In this case, we write W = U V . Show that every
element w W can be written uniquely as w = u + v, where
u U and v V .
313
(c) Let U be a subspace of dimension k of a vector space W of dimension n. Prove that there exists a subspace V of dimension
n k such that W = U V . Is the subspace V unique?
(d) If U and V are arbitrary subspaces of a vector space W , show
that
dim(U + V ) = dim U + dim V dim(U V ).
18. (Dual Spaces) Let V and W be finite dimensional vector
spaces over a field F .
(a) Show that the set of all linear transformations from V into
W , denoted by Hom(V, W ), is a vector space over F , where
we define vector addition as follows:
(S + T )(v) = S(v) + T (v)

(S)(v) = S(v),
where S, T Hom(V, W ), F , and v V .
(b) Let V be an F -vector space. Define the dual space of V to be
V = Hom(V, F ). Elements in the dual space of V are called
linear functionals. Let v1 , . . . , vn be an ordered basis for
V . If v = 1 v1 + + n vn is any vector in V , define a linear
functional i : V F by i (v) = i . Show that the i s
form a basis for V . This basis is called the dual basis of
v1 , . . . , vn (or simply the dual basis if the context makes the
meaning clear).
(c) Consider the basis {(3, 1), (2, 2)} for R2 . What is the dual
basis for (R2 ) ?
(d) Let V be a vector space of dimension n over a field F and
let V be the dual space V . Show that each element v V
gives rise to an element v in V and that the map v 7 v
is an isomorphism of V with V .

[1]
Beezer, R. A First Course in Linear Algebra. Available online

at http://linear.ups.edu/. 20042014.
[2]
Bretscher, O. Linear Algebra with Applications. 4th ed. Pearson, Upper Saddle River, NJ, 2009.
[3]
Curtis, C. W. Linear Algebra: An Introductory Approach.

4th ed. Springer, New York, 1984.
314
[4]
Hoffman, K. and Kunze, R. Linear Algebra. 2nd ed. PrenticeHall, Englewood Cliffs, NJ, 1971.
[5]
Johnson, L. W., Riess, R. D., and Arnold, J. T. Introduction

to Linear Algebra. 6th ed. Pearson, Upper Saddle River, NJ,
2011.
[6]
Leon, S. J. Linear Algebra with Applications. 8th ed. Pearson, Upper Saddle River, NJ, 2010.
21
Fields
It is natural to ask whether or not some field F is contained in a

larger field. We think of the rational numbers, which reside inside
the real numbers, while in turn, the real numbers live inside the
complex numbers. We can also study the fields between Q and R
and inquire as to the nature of these fields.
More specifically if we are given a field F and a polynomial
p(x) F [x], we can ask whether or not we can find a field E
containing F such that p(x) factors into linear factors over E[x].
For example, if we consider the polynomial
p(x) = x4 5x2 + 6
in Q[x], then p(x) factors as (x2 2)(x2 3). However, both of these
factors are irreducible in Q[x]. If we wish to find a zero of p(x), we
must go to a larger field. Certainly the field of real numbers will
work, since
p(x) = (x 2)(x + 2)(x 3)(x + 3).

It is possible to find a smaller field in which p(x) has a zero, namely
Q( 2) = {a + b 2 : a, b Q}.
We wish to be able to compute and study such fields for arbitrary
polynomials over a field F .
21.1
Extension Fields
A field E is an extension field of a field F if F is a subfield of E.

The field F is called the base field. We write F E.
Example 21.1. For example, let
F = Q( 2 ) = {a + b 2 : a, b Q}
and let
E=
Q( 2 + 3 ) be the smallest field containing both Q
and 2 + 3. Both E and F are extension fields of the rational
numbers. We claim that E is an extension field of F . To see
315
316
CHAPTER 21. FIELDS
this, we
need
only
show
that
2
is
in
E.
Since
2
+
3 is in
E, 1/( 2 + 3 )=
3 2
must
also be in E. Taking
linear
combinations of 2 + 3 and 3 2, we find that 2 and 3

must both be in E.
Example 21.2. Let p(x) = x2 + x + 1 Z2 [x]. Since neither 0
nor 1 is a root of this polynomial, we know that p(x) is irreducible
over Z2 . We will construct a field extension of Z2 containing an
element such that p() = 0. By Theorem 17.22, the ideal p(x)
generated by p(x) is maximal; hence, Z2 [x]/p(x) is a field. Let
f (x) + p(x) be an arbitrary element of Z2 [x]/p(x). By the
division algorithm,
f (x) = (x2 + x + 1)q(x) + r(x),
where the degree of r(x) is less than the degree of x2 + x + 1.
Therefore,
f (x) + x2 + x + 1 = r(x) + x2 + x + 1.
The only possibilities for r(x) are then 0, 1, x, and 1 + x. Consequently, E = Z2 [x]/x2 + x + 1 is a field with four elements and
must be a field extension of Z2 , containing a zero of p(x). The
field Z2 () consists of elements
0 + 0 = 0
1 + 0 = 1
0 + 1 =
1 + 1 = 1 + .
Notice that 2 + + 1 = 0; hence, if we compute (1 + )2 ,
(1 + )(1 + ) = 1 + + + ()2 = .
Other calculations are accomplished in a similar manner. We summarize these computations in the following tables, which tell us
how to add and multiply elements in E.
+
0
1
1+
0
0
1
1+
1
1
0
1+
1+
0
1
1+ 1+
1
0
Table 21.3: Addition Table for Z2 ()
21.1. EXTENSION FIELDS
0
1
1+
317
0
1
1+
0
0
0
0
0
1
1+
0
1+
1
0 1+
1
Table 21.4: Multiplication Table for Z2 ()

The following theorem, due to Kronecker, is so important and
so basic to our understanding of fields that it is often known as the
Fundamental Theorem of Field Theory.
Theorem 21.5. Let F be a field and let p(x) be a nonconstant
polynomial in F [x]. Then there exists an extension field E of F
and an element E such that p() = 0.
Proof. To prove this theorem, we will employ the method that we
used to construct Example 21.2. Clearly, we can assume that p(x)
is an irreducible polynomial. We wish to find an extension field E
of F containing an element such that p() = 0. The ideal p(x)
generated by p(x) is a maximal ideal in F [x] by Theorem 17.22;
hence, F [x]/p(x) is a field. We claim that E = F [x]/p(x) is the
desired field.
We first show that E is a field extension of F . We can define a homomorphism of commutative rings by the map : F
F [x]/p(x), where (a) = a + p(x) for a F . It is easy to check
that is indeed a ring homomorphism. Observe that
(a)+(b) = (a+p(x))+(b+p(x)) = (a+b)+p(x) = (a+b)
and
(a)(b) = (a + p(x))(b + p(x)) = ab + p(x) = (ab).
To prove that is one-to-one, assume that
a + p(x) = (a) = (b) = b + p(x).
Then a b is a multiple of p(x), since it lives in the ideal p(x).
Since p(x) is a nonconstant polynomial, the only possibility is that
a b = 0. Consequently, a = b and is injective. Since is oneto-one, we can identify F with the subfield {a + p(x) : a F } of
E and view E as an extension field of F .
It remains for us to prove that p(x) has a zero E. Set
= x + p(x). Then is in E. If p(x) = a0 + a1 x + + an xn ,
318
CHAPTER 21. FIELDS
then
p() = a0 + a1 (x + p(x)) + + an (x + p(x))n
= a0 + (a1 x + p(x)) + + (an xn + p(x))
= a0 + a1 x + + an xn + p(x)
= 0 + p(x).
Therefore, we have found an element E = F [x]/p(x) such
that is a zero of p(x).
Example 21.6. Let p(x) = x5 + x4 + 1 Z2 [x]. Then p(x) has
irreducible factors x2 + x + 1 and x3 + x + 1. For a field extension
E of Z2 such that p(x) has a root in E, we can let E be either
Z2 [x]/x2 + x + 1 or Z2 [x]/x3 + x + 1. We will leave it as an
exercise to show that Z2 [x]/x3 + x + 1 is a field with 23 = 8
elements.
Algebraic Elements
An element in an extension field E over F is algebraic over F
if f () = 0 for some nonzero polynomial f (x) F [x]. An element
in E that is not algebraic over F is transcendental over F . An
extension field E of a field F is an algebraic extension of F if
every element in E is algebraic over F . If E is a field extension of
F and 1 , . . . , n are contained in E, we denote the smallest field
containing F and 1 , . . . , n by F (1 , . . . , n ). If E = F () for
some E, then E is a simple extension of F .
Example 21.7. Both 2 and i are algebraic over Q since they are
zeros of the polynomials x2 2 and x2 + 1, respectively. Clearly
and e are algebraic over the real numbers; however, it is a nontrivial
fact that they are transcendental over Q. Numbers in R that are
algebraic over Q are in fact quite rare. Almost all real numbers are
transcendental over Q.1 (In many cases we do not know whether
or not a particular number is transcendental; for example, it is still
not known whether + e is transcendental or algebraic.)
A complex number that is algebraic over Q is an algebraic
number. A transcendental number is an element of C that is
transcendental over Q.
Example
We will show that 2 + 3 is algebraic over Q.
21.8.
If = 2 + 3, then 2 = 2 + 3. Hence, 2 2 = 3 and

(2 2)2 = 3. Since 4 42 + 1 = 0, it must be true that is a
zero of the polynomial x4 4x2 + 1 Q[x].
It is very easy to give an example of an extension field E over a
field F , where E contains an element transcendental over F . The
following theorem characterizes transcendental extensions.
1
If we choose a number in R at random, then there is a probability of 1 that

the number will be transcendental over Q.
319
Theorem 21.9. Let E be an extension field of F and E.

Then is transcendental over F if and only if F () is isomorphic
to F (x), the field of fractions of F [x].
Proof. Let : F [x] E be the evaluation homomorphism for
. Then is transcendental over F if and only if (p(x)) =
p() = 0 for all nonconstant polynomials p(x) F [x]. This is true
if and only if ker = {0}; that is, it is true exactly when is oneto-one. Hence, E must contain a copy of F [x]. The smallest field
containing F [x] is the field of fractions F (x). By Theorem 18.4, E
must contain a copy of this field.
We have a more interesting situation in the case of algebraic
extensions.
Theorem 21.10. Let E be an extension field of a field F and E
with algebraic over F . Then there is a unique irreducible monic
polynomial p(x) F [x] of smallest degree such that p() = 0. If
f (x) is another polynomial in F [x] such that f () = 0, then p(x)
divides f (x).
Proof. Let : F [x] E be the evaluation homomorphism. The
kernel of is a principal ideal generated by some p(x) F [x] with
deg p(x) 1. We know that such a polynomial exists, since F [x]
is a principal ideal domain and is algebraic. The ideal p(x)
consists exactly of those elements of F [x] having as a zero. If
f () = 0 and f (x) is not the zero polynomial, then f (x) p(x)
and p(x) divides f (x). So p(x) is a polynomial of minimal degree
having as a zero. Any other polynomial of the same degree having
as a zero must have the form p(x) for some F .
Suppose now that p(x) = r(x)s(x) is a factorization of p(x)
into polynomials of lower degree. Since p() = 0, r()s() =
0; consequently, either r() = 0 or s() = 0, which contradicts
the fact that p is of minimal degree. Therefore, p(x) must be
irreducible.
Let E be an extension field of F and E be algebraic over
F . The unique monic polynomial p(x) of the last theorem is called
the minimal polynomial for over F . The degree of p(x) is the
degree of over F .
2
Example 21.11. Let f (x) = x2 2 and g(x) = x4 4x
+1.These
polynomials are the minimal polynomials of 2 and 2 + 3, respectively.
Proposition 21.12. Let E be a field extension of F and E

be algebraic over F . Then F ()
= F [x]/p(x), where p(x) is the
minimal polynomial of over F .
320
CHAPTER 21. FIELDS
Proof. Let : F [x] E be the evaluation homomorphism. The

kernel of this map is p(x), where p(x) is the minimal polynomial
of . By the First Isomorphism Theorem for rings, the image of
in E is isomorphic to F () since it contains both F and .
Theorem 21.13. Let E = F () be a simple extension of F , where
E is algebraic over F . Suppose that the degree of over F
is n. Then every element E can be expressed uniquely in the
form
= b0 + b1 + + bn1 n1
for bi F .
Proof. Since (F [x])
= F (), every element in E = F () must
be of the form (f (x)) = f (), where f () is a polynomial in
with coefficients in F . Let
p(x) = xn + an1 xn1 + + a0
be the minimal polynomial of . Then p() = 0; hence,
n = an1 n1 a0 .
Similarly,
n+1 = n
= an1 n an2 n1 a0
= an1 (an1 n1 a0 ) an2 n1 a0 .
Continuing in this manner, we can express every monomial m ,
m n, as a linear combination of powers of that are less than
n. Hence, any F () can be written as
= b0 + b1 + + bn1 n1 .
To show uniqueness, suppose that
= b0 + b1 + + bn1 n1 = c0 + c1 + + cn1 n1
for bi and ci in F . Then
g(x) = (b0 c0 ) + (b1 c1 )x + + (bn1 cn1 )xn1
is in F [x] and g() = 0. Since the degree of g(x) is less than the
degree of p(x), the irreducible polynomial of , g(x) must be the
zero polynomial. Consequently,
b0 c0 = b1 c1 = = bn1 cn1 = 0,
or bi = ci for i = 0, 1, . . . , n 1. Therefore, we have shown uniqueness.
321
Example 21.14. Since x2 + 1 is irreducible over R, x2 + 1 is a

maximal ideal in R[x]. So E = R[x]/x2 + 1 is a field extension of
R that contains a root of x2 + 1. Let = x + x2 + 1. We can
identify E with the complex numbers. By Proposition 21.12, E is
isomorphic to R() = {a + b : a, b R}. We know that 2 = 1
in E, since
2 + 1 = (x + x2 + 1)2 + (1 + x2 + 1)
= (x2 + 1) + x2 + 1
= 0.
Hence, we have an isomorphism of R() with C defined by the map
that takes a + b to a + bi.
Let E be a field extension of a field F . If we regard E as a vector
space over F , then we can bring the machinery of linear algebra to
bear on the problems that we will encounter in our study of fields.
The elements in the field E are vectors; the elements in the field F
are scalars. We can think of addition in E as adding vectors. When
we multiply an element in E by an element of F , we are multiplying
a vector by a scalar. This view of field extensions is especially
fruitful if a field extension E of F is a finite dimensional vector
space over F , and Theorem 21.13 states that E = F () is finite
dimensional vector space over F with basis {1, , 2 , . . . , n1 }.
If an extension field E of a field F is a finite dimensional vector space over F of dimension n, then we say that E is a finite
extension of degree n over F . We write
[E : F ] = n.
to indicate the dimension of E over F .
Theorem 21.15. Every finite extension field E of a field F is an
algebraic extension.
Proof. Let E. Since [E : F ] = n, the elements
1, , . . . , n
cannot be linearly independent. Hence, there exist ai F , not all
zero, such that
an n + an1 n1 + + a1 + a0 = 0.
Therefore,
p(x) = an xn + + a0 F [x]
is a nonzero polynomial with p() = 0.
322
CHAPTER 21. FIELDS
Remark 21.16. Theorem 21.15 says that every finite extension of

a field F is an algebraic extension. The converse is false, however.
We will leave it as an exercise to show that the set of all elements
in R that are algebraic over Q forms an infinite field extension of
Q.
The next theorem is a counting theorem, similar to Lagranges
Theorem in group theory. Theorem 21.17 will prove to be an extremely useful tool in our investigation of finite field extensions.
Theorem 21.17. If E is a finite extension of F and K is a finite
extension of E, then K is a finite extension of F and
[K : F ] = [K : E][E : F ].
Proof. Let {1 , . . . , n } be a basis for E as a vector space over
F and {1 , . . . , m } be a basis for K as a vector space over E.
We claim that {i j } is a basis for K over F . We
will first show
that
these vectors span K. Let u K. Then u = m
j=1 bj j and
n
bj = i=1 aij i , where bj E and aij F . Then
)
( n
m
aij i j =
aij (i j ).
u=
j=1
i=1
i,j
So the mn vectors i j must span K over F .

We must show that {i j } are linearly independent. Recall
that a set of vectors v1 , v2 , . . . , vn in a vector space V are linearly
independent if
c1 v1 + c2 v2 + + cn vn = 0
implies that
c1 = c2 = = cn = 0.
Let
u=
cij (i j ) = 0
i,j
for cij F . We need to prove that all of the cij s are zero. We can
rewrite u as
( n
)
m
cij i j = 0,
j=1
i=1
where i cij i E. Since the j s are linearly independent over

E, it must be the case that
n
cij i = 0
i=1
for all j. However, the j are also linearly independent over F .

Therefore, cij = 0 for all i and j, which completes the proof.
323
The following corollary is easily proved using mathematical induction.

Corollary 21.18. If Fi is a field for i = 1, . . . , k and Fi+1 is a
finite extension of Fi , then Fk is a finite extension of F1 and
[Fk : F1 ] = [Fk : Fk1 ] [F2 : F1 ].
Corollary 21.19. Let E be an extension field of F . If E is
algebraic over F with minimal polynomial p(x) and F () with
minimal polynomial q(x), then deg q(x) divides deg p(x).
Proof. We know that deg p(x) = [F () : F ] and deg q(x) =
[F () : F ]. Since F F () F (),
[F () : F ] = [F () : F ()][F () : F ].
Example
21.20. Let us determine an extension field of Q containing 3 + 5. It is easy to determine that the minimal polynomial
of 3 + 5 is x4 16x2 + 4. It follows that
[Q( 3 + 5 ) : Q] = 4.

We know that {1,
3 ) over Q. Hence,
3+ 5
3 } is a basis for Q(
be inQ( 3) either.
cannot be in Q( 3 ). It follows that 5 cannot
Therefore,
{1,
5
}
is
a
basis
for
Q(
3,
5
)
=
(Q( 3 ))(

5) over
{1,
3,
5,
3
5
=
15
}
is
a
basis
for
Q(
3, 5 ) =
Q(3 ) and
Q( 3 + 5 ) over Q. This example shows that it is possible that

some extension F (1 , . . . , n ) is actually a simple extension of F
even though n > 1.
3
Example
21.21.
Let
us
compute
a
basis
for
Q(
5,
5 i), where
3
5 is the positivesquare root
of
5
and
5
is
the
real
cube
root of
5. We know that 5 i
/ Q( 3 5 ), so
3
3
[Q( 5, 5 i) : Q( 5 )] = 2.
3
It iseasy to determine that {1, 5i
}
is
a
basis
for
Q(
5,
5 i)
over
3
3
2 } is a basis for Q( 3 5 )
Q( 3 5 ). We also know that {1,
5,
(
5
)

over Q. Hence, a basis for Q( 3 5, 5 i) over Q is
3
3
6
6
6
6
{1, 5 i, 5, ( 5 )2 , ( 5 )5 i, ( 5 )7 i = 5 5 i or 5 i}.
Notice that 6 5 i is a zero of x6 + 5. We can show that this polynomial is irreducible over Q using Eisensteins Criterion, where we
let p = 5. Consequently,
6
3
Q Q( 5 i) Q( 5, 5 i).

But it must be the case that Q( 6 5 i) = Q( 3 5, 5 i), since the

degree of both of these extensions is 6.
324
CHAPTER 21. FIELDS
Theorem 21.22. Let E be a field extension of F . Then the following statements are equivalent.
1. E is a finite extension of F .
2. There exists a finite number of algebraic elements 1 , . . . , n
E such that E = F (1 , . . . , n ).
3. There exists a sequence of fields
E = F (1 , . . . , n ) F (1 , . . . , n1 ) F (1 ) F,
where each field F (1 , . . . , i ) is algebraic over F (1 , . . . , i1 ).
Proof. (1) (2). Let E be a finite algebraic extension of F .
Then E is a finite dimensional vector space over F and there
exists a basis consisting of elements 1 , . . . , n in E such that
E = F (1 , . . . , n ). Each i is algebraic over F by Theorem 21.15.
(2) (3). Suppose that E = F (1 , . . . , n ), where every i is
algebraic over F . Then
E = F (1 , . . . , n ) F (1 , . . . , n1 ) F (1 ) F,
(3) (1). Let
E = F (1 , . . . , n ) F (1 , . . . , n1 ) F (1 ) F,
Since
F (1 , . . . , i ) = F (1 , . . . , i1 )(i )
is simple extension and i is algebraic over F (1 , . . . , i1 ), it follows that
[F (1 , . . . , i ) : F (1 , . . . , i1 )]
is finite for each i. Therefore, [E : F ] is finite.
Algebraic Closure
Given a field F , the question arises as to whether or not we can
find a field E such that every polynomial p(x) has a root in E.
This leads us to the following theorem.
Theorem 21.23. Let E be an extension field of F . The set of
elements in E that are algebraic over F form a field.
Proof. Let , E be algebraic over F . Then F (, ) is a finite
extension of F . Since every element of F (, ) is algebraic over F ,
, , and / ( = 0) are all algebraic over F . Consequently,
the set of elements in E that are algebraic over F form a field.
325
Corollary 21.24. The set of all algebraic numbers forms a field;

that is, the set of all complex numbers that are algebraic over Q
makes up a field.
Let E be a field extension of a field F . We define the algebraic
closure of a field F in E to be the field consisting of all elements
in E that are algebraic over F . A field F is algebraically closed
if every nonconstant polynomial in F [x] has a root in F .
Theorem 21.25. A field F is algebraically closed if and only if
every nonconstant polynomial in F [x] factors into linear factors
over F [x].
Proof. Let F be an algebraically closed field. If p(x) F [x]
is a nonconstant polynomial, then p(x) has a zero in F , say .
Therefore, x must be a factor of p(x) and so p(x) = (x)q1 (x),
where deg q1 (x) = deg p(x) 1. Continue this process with q1 (x)
to find a factorization
p(x) = (x )(x )q2 (x),
where deg q2 (x) = deg p(x) 2. The process must eventually stop
since the degree of p(x) is finite.
Conversely, suppose that every nonconstant polynomial p(x) in
F [x] factors into linear factors. Let ax b be such a factor. Then
p(b/a) = 0. Consequently, F is algebraically closed.
Corollary 21.26. An algebraically closed field F has no proper
algebraic extension E.
Proof. Let E be an algebraic extension of F ; then F E. For
E, the minimal polynomial of is x . Therefore, F
and F = E.
Theorem 21.27. Every field F has a unique algebraic closure.
It is a nontrivial fact that every field has a unique algebraic
closure. The proof is not extremely difficult, but requires some
rather sophisticated set theory. We refer the reader to [3], [4], or
[8] for a proof of this result.
We now state the Fundamental Theorem of Algebra, first proven
by Gauss at the age of 22 in his doctoral thesis. This theorem states
that every polynomial with coefficients in the complex numbers has
a root in the complex numbers. The proof of this theorem will be
given in Chapter 23.
Theorem 21.28 (Fundamental Theorem of Algebra). The field of
complex numbers is algebraically closed.
326
21.2
CHAPTER 21. FIELDS
Splitting Fields
Let F be a field and p(x) be a nonconstant polynomial in F [x]. We

already know that we can find a field extension of F that contains a
root of p(x). However, we would like to know whether an extension
E of F containing all of the roots of p(x) exists. In other words,
can we find a field extension of F such that p(x) factors into a
product of linear polynomials? What is the smallest extension
containing all the roots of p(x)?
Let F be a field and p(x) = a0 + a1 x + + an xn be a nonconstant polynomial in F [x]. An extension field E of F is a splitting field of p(x) if there exist elements 1 , . . . , n in E such that
E = F (1 , . . . , n ) and
p(x) = (x 1 )(x 2 ) (x n ).
A polynomial p(x) F [x] splits in E if it is the product of linear
factors in E[x].
Example 21.29. Let p(x) = x4 +2x2 8 be in Q[x]. Then p(x)
has
irreducible factors x2 2 and x2 + 4. Therefore, the field Q( 2, i)
is a splitting field for p(x).
Example 21.30. Let
p(x) = x3 3 be in Q[x]. Then p(x) has a
3
root in the field Q( 3 ). However, this field is not a splitting field
for p(x) since the complex cube roots of 3,
3 3 ( 6 3 )5 i
,
2
are not in Q( 3 3 ).
Theorem 21.31. Let p(x) F [x] be a nonconstant polynomial.
Then there exists a splitting field E for p(x).
Proof. We will use mathematical induction on the degree of p(x).
If deg p(x) = 1, then p(x) is a linear polynomial and E = F .
Assume that the theorem is true for all polynomials of degree k
with 1 k < n and let deg p(x) = n. We can assume that p(x) is
irreducible; otherwise, by our induction hypothesis, we are done.
By Theorem 21.5, there exists a field K such that p(x) has a zero
1 in K. Hence, p(x) = (x 1 )q(x), where q(x) K[x]. Since
deg q(x) = n 1, there exists a splitting field E K of q(x) that
contains the zeros 2 , . . . , n of p(x) by our induction hypothesis.
Consequently,
E = K(2 , . . . , n ) = F (1 , . . . , n )
is a splitting field of p(x).
21.2. SPLITTING FIELDS
327
The question of uniqueness now arises for splitting fields. This

question is answered in the affirmative. Given two splitting fields K
and L of a polynomial p(x) F [x], there exists a field isomorphism
: K L that preserves F . In order to prove this result, we must
first prove a lemma.
Lemma 21.32. Let : E F be an isomorphism of fields. Let
K be an extension field of E and K be algebraic over E with
minimal polynomial p(x). Suppose that L is an extension field of
F such that is root of the polynomial in F [x] obtained from p(x)
under the image of . Then extends to a unique isomorphism
: E() F () such that () = and agrees with on E.
Proof. If p(x) has degree n, then by Theorem 21.13 we can write
any element in E() as a linear combination of 1, , . . . , n1 .
Therefore, the isomorphism that we are seeking must be
(a0 + a1 + + an1 n1 ) = (a0 ) + (a1 ) + + (an1 ) n1 ,
where
a0 + a1 + + an1 n1
is an element in E(). The fact that is an isomorphism could
be checked by direct computation; however, it is easier to observe
that is a composition of maps that we already know to be isomorphisms.
We can extend to be an isomorphism from E[x] to F [x], which
we will also denote by , by letting
(a0 + a1 x + + an xn ) = (a0 ) + (a1 )x + + (an )xn .
This extension agrees with the original isomorphism : E
F , since constant polynomials get mapped to constant polynomials. By assumption, (p(x)) = q(x); hence, maps p(x) onto
q(x). Consequently, we have an isomorphism : E[x]/p(x)
F [x]/q(x). By Proposition 21.12, we have isomorphisms :
E[x]/p(x) E() and : F [x]/q(x) F (), defined by evaluation at and , respectively. Therefore, = 1 is the
required isomorphism.
E[x]/p(x)
F [x]/q(x)
E()
F ()
We leave the proof of uniqueness as a exercise.
328
CHAPTER 21. FIELDS
Theorem 21.33. Let : E F be an isomorphism of fields

and let p(x) be a nonconstant polynomial in E[x] and q(x) the
corresponding polynomial in F [x] under the isomorphism. If K is
a splitting field of p(x) and L is a splitting field of q(x), then
extends to an isomorphism : K L.
Proof. We will use mathematical induction on the degree of p(x).
We can assume that p(x) is irreducible over E. Therefore, q(x) is
also irreducible over F . If deg p(x) = 1, then by the definition of a
splitting field, K = E and L = F and there is nothing to prove.
Assume that the theorem holds for all polynomials of degree
less than n. Since K is a splitting field of p(x), all of the roots
of p(x) are in K. Choose one of these roots, say , such that
E E() K. Similarly, we can find a root of q(x) in L such
that F F () L. By Lemma 21.32, there exists an isomorphism
: E() F () such that () = and agrees with on E.
E()
F ()
Now write p(x) = (x )f (x) and q(x) = (x )g(x), where

the degrees of f (x) and g(x) are less than the degrees of p(x) and
q(x), respectively. The field extension K is a splitting field for f (x)
over E(), and L is a splitting field for g(x) over F (). By our
induction hypothesis there exists an isomorphism : K L such
that agrees with on E(). Hence, there exists an isomorphism
: K L such that agrees with on E.
Corollary 21.34. Let p(x) be a polynomial in F [x]. Then there
exists a splitting field K of p(x) that is unique up to isomorphism.
21.3
Geometric Constructions
In ancient Greece, three classic problems were posed. These problems are geometric in nature and involve straightedge-and-compass
constructions from what is now high school geometry; that is, we
are allowed to use only a straightedge and compass to solve them.
The problems can be stated as follows.
1. Given an arbitrary angle, can one trisect the angle into three
equal subangles using only a straightedge and compass?
21.3. GEOMETRIC CONSTRUCTIONS
329
2. Given an arbitrary circle, can one construct a square with

the same area using only a straightedge and compass?
3. Given a cube, can one construct the edge of another cube
having twice the volume of the original? Again, we are only
allowed to use a straightedge and compass to do the construction.
After puzzling mathematicians for over two thousand years,
each of these constructions was finally shown to be impossible. We
will use the theory of fields to provide a proof that the solutions do
not exist. It is quite remarkable that the long-sought solution to
each of these three geometric problems came from abstract algebra.
First, let us determine more specifically what we mean by a
straightedge and compass, and also examine the nature of these
problems in a bit more depth. To begin with, a straightedge is not
a ruler. We cannot measure arbitrary lengths with a straightedge.
It is merely a tool for drawing a line through two points. The statement that the trisection of an arbitrary angle is impossible means
that there is at least one angle that is impossible to trisect with
a straightedge-and-compass construction. Certainly it is possible
to trisect an angle in special cases. We can construct a 30 angle;
hence, it is possible to trisect a 90 angle. However, we will show
that it is impossible to construct a 20 angle. Therefore, we cannot
trisect a 60 angle.
Constructible Numbers
A real number is constructible if we can construct a line segment
of length || in a finite number of steps from a segment of unit
length by using a straightedge and compass.
Theorem 21.35. The set of all constructible real numbers forms
a subfield F of the field of real numbers.
Proof. Let and be constructible numbers. We must show

that + , , , and / ( = 0) are also constructible
numbers. We can assume that both and are positive with
> . It is quite obvious how to construct + and . To
find a line segment with length , we assume that > 1 and
construct the triangle in Figure 21.36 such that triangles ABC
and ADE are similar. Since /1 = x/, the line segment x has
length . A similar construction can be made if < 1. We will
leave it as an exercise to show that the same triangle can be used
to construct / for = 0.
330
CHAPTER 21. FIELDS
C
x
Figure 21.36: Construction of products

Lemma 21.37. If is a constructible number, then
structible number.
is a con-
Proof. In Figure 21.38 the triangles ABD, BCD, and ABC

are similar; hence, 1/x = x/, or x2 = .
x
1
A
Figure 21.38: Construction of roots

By Theorem 21.35, we can locate in the plane any point P =
(p, q) that has rational coordinates p and q. We need to know what
other points can be constructed with a compass and straightedge
from points with rational coordinates.
Lemma 21.39. Let F be a subfield of R.
1. If a line contains two points in F , then it has the equation
ax + by + c = 0, where a, b, and c are in F .
2. If a circle has a center at a point with coordinates in F and
a radius that is also in F , then it has the equation x2 + y 2 +
dx + ey + f = 0, where d, e, and f are in F .
Proof. Let (x1 , y1 ) and (x2 , y2 ) be points on a line whose coordinates are in F . If x1 = x2 , then the equation of the line through
the two points is x x1 = 0, which has the form ax + by + c = 0.
331
If x1 = x2 , then the equation of the line through the two points is

given by
(
)
y2 y1
y y1 =
(x x1 ),
x2 x1
which can also be put into the proper form.
To prove the second part of the lemma, suppose that (x1 , y1 ) is
the center of a circle of radius r. Then the circle has the equation
(x x1 )2 + (y y1 )2 r2 = 0.
This equation can easily be put into the appropriate form.
Starting with a field of constructible numbers F , we have three
possible ways of constructing additional points in R with a compass
and straightedge.
1. To find possible new points in R, we can take the intersection
of two lines, each of which passes through two known points
with coordinates in F .
2. The intersection of a line that passes through two points that
have coordinates in F and a circle whose center has coordinates in F with radius of a length in F will give new points
in R.
3. We can obtain new points in R by intersecting two circles
whose centers have coordinates in F and whose radii are of
lengths in F .
The first case gives no new points in R, since the solution of
two equations of the form ax + by + c = 0 having coefficients in F
will always be in F . The third case can be reduced to the second
case. Let
x2 + y 2 + d1 x + e1 y + f1 = 0
x2 + y 2 + d2 x + e2 y + f2 = 0
be the equations of two circles, where di , ei , and fi are in F for
i = 1, 2. These circles have the same intersection as the circle
x2 + y 2 + d1 x + e1 x + f1 = 0
and the line
(d1 d2 )x + b(e2 e1 )y + (f2 f1 ) = 0.
The last equation is that of the chord passing through the intersection points of the two circles. Hence, the intersection of two circles
can be reduced to the case of an intersection of a line with a circle.
332
CHAPTER 21. FIELDS
Considering the case of the intersection of a line and a circle,

we must determine the nature of the solutions of the equations
ax + by + c = 0
2
x + y + dx + ey + f = 0.
If we eliminate y from these equations, we obtain an equation of
the form Ax2 + Bx + C = 0, where A, B, and C are in F . The x
coordinate of the intersection points is given by
B B 2 4AC
x=
2A
and is in F ( ), where = B 2 4AC > 0. We have proven the

following lemma.
Lemma 21.40. Let F be a field of constructible numbers. Then
the points determined by the intersections of lines and circles in F
lie in the field F ( ) for some in F .

Theorem 21.41. A real number is a constructible number if
and only if there exists a sequence of fields
Q = F0 F1 Fk
such that Fi = Fi1 ( i ) with i Fi and Fk . In particular,

there exists an integer k > 0 such that [Q() : Q] = 2k .
Proof. The existence of the Fi s and the i s is a direct consequence of Lemma 21.40 and of the fact that
[Fk : Q] = [Fk : Fk1 ][Fk1 : Fk2 ] [F1 : Q] = 2k .
Corollary 21.42. The field of all constructible numbers is an algebraic extension of Q.

As we can see by the field of constructible numbers, not every
algebraic extension of a field is a finite extension.
Doubling the Cube and Squaring the Circle

We are now ready to investigate the classical problems of doubling
the cube and squaring the circle. We can use the field of constructible numbers to show exactly when a particular geometric
construction can be accomplished.
Doubling the cube is impossible. Given the edge of the cube,
it is impossible to construct with a straightedge and compass the
edge of the cube that has twice the volume of the original cube.
Let the original cube have an edge of length 1 and, therefore, a
333
volume of 1. If we could construct a cube having avolume of 2,

then
this new cube would have an edge of length 3 2. However,
3
2 is a zero of the irreducible polynomial x3 2 over Q; hence,
3
[Q( 2 ) : Q] = 3
This is impossible, since 3 is not a power of 2.
Squaring the circle. Suppose that we have a circle of radius 1.
The area of the circle is ; therefore, we must be able to construct
a square with side . This is impossible since and consequently
are both transcendental. Therefore, using a straightedge and

compass, it is not possible to construct a square with the same area
as the circle.
Trisecting an Angle
Trisecting an arbitrary angle is impossible. We will show that it
is impossible to construct a 20 angle. Consequently, a 60 angle
cannot be trisected. We first need to calculate the triple-angle
formula for the cosine:
cos 3 = cos(2 + )
= cos 2 cos sin 2 sin
= (2 cos2 1) cos 2 sin2 cos
= (2 cos2 1) cos 2(1 cos2 ) cos
= 4 cos3 3 cos .
The angle can be constructed if and only if = cos is constructible. Let = 20 . Then cos 3 = cos 60 = 1/2. By the
triple-angle formula for the cosine,
1
43 3 = .
2
Therefore, is a zero of 8x3 6x1. This polynomial has no factors
in Z[x], and hence is irreducible over Q[x]. Thus, [Q() : Q] = 3.
Consequently, cannot be a constructible number.
Sage Extensions of the field of rational numbers are a central
object of study in number theory, so with Sages roots in this discipline, it is no surprise that there is extensive support for fields
and for extensions of the rationals. Sage also contains an implementation of the entire field of algebraic numbers, with exact representations.
Historical Note
Algebraic number theory uses the tools of algebra to solve problems in number theory. Modern algebraic number theory began
334
CHAPTER 21. FIELDS
with Pierre de Fermat (16011665). Certainly we can find many

positive integers that satisfy the equation x2 + y 2 = z 2 ; Fermat
conjectured that the equation xn + y n = z n has no positive integer
solutions for n 3. He stated in the margin of his copy of the
Latin translation of Diophantus Arithmetica that he had found a
marvelous proof of this theorem, but that the margin of the book
was too narrow to contain it. Building on work of other mathematicians, it was Andrew Wiles who finally succeeded in proving
Fermats Last Theorem in the 1990s. Wiless achievement was reported on the front page of the New York Times.
Attempts to prove Fermats Last Theorem have led to important contributions to algebraic number theory by such notable
mathematicians as Leonhard Euler (17071783). Significant advances in the understanding of Fermats Last Theorem were made
by Ernst Kummer (18101893). Kummers student, Leopold Kronecker
(18231891), became one of the leading algebraists of the nineteenth century. Kroneckers theory of ideals and his study of algebraic number theory added much to the understanding of fields.
David Hilbert (18621943) and Hermann Minkowski (1864
1909) were among the mathematicians who led the way in this
subject at the beginning of the twentieth century. Hilbert and
Minkowski were both mathematicians at Gttingen University in
Germany. Gttingen was truly one the most important centers
of mathematical research during the last two centuries. The large
number of exceptional mathematicians who studied there included
Gauss, Dirichlet, Riemann, Dedekind, Noether, and Weyl.
Andr Weil answered questions in number theory using algebraic geometry, a field of mathematics that studies geometry by
studying commutative rings. From about 1955 to 1970, Alexander
Grothendieck dominated the field of algebraic geometry. Pierre
Deligne, a student of Grothendieck, solved several of Weils numbertheoretic conjectures. One of the most recent contributions to algebra and number theory is Gerd Faltings proof of the Mordell-Weil
conjecture. This conjecture of Mordell and Weil essentially says
that certain polynomials p(x, y) in Z[x, y] have only a finite number of integral solutions.
21.4
Exercises
1. Show that each of the following numbers is algebraic over Q by

finding the minimal polynomial of the number over Q.
(a)
1/3 + 7
(b) 3 + 3 5
(c) 3 + 2 i
(d) cos + i sin for = 2/n with n N
21.4. EXERCISES
(e)
335
3
2i
2. Find a basis for each of the following field extensions. What is

the degree of each extension?

(a) Q( 3, 6 ) over Q

(b) Q( 3 2, 3 3 ) over Q
(c) Q( 2, i) over Q

(d) Q( 3, 5, 7 ) over Q

(e) Q( 2, 3 2 ) over Q
(f) Q( 8 ) over Q( 2 )
(g) Q(i, 2 + i, 3 + i) over Q
(h) Q( 2 + 5 ) over Q( 5 )

(i) Q( 2, 6 + 10 ) over Q( 3 + 5 )
3. Find the splitting field for each of the following polynomials.
(a) x4 10x2 + 21 over Q
(c) x3 + 2x + 2 over Z3
(b) x4 + 1 over Q
(d) x3 3 over Q
4. Consider the field extension Q( 4 3, i) over Q.
(a) Find a basis

for the field extension Q( 4 3, i) over Q. Conclude
that [Q( 4 3, i) : Q] = 8.
(b) Find all subfields F of Q( 4 3, i) such that [F : Q] = 2.
(c) Find all subfields F of Q( 4 3, i) such that [F : Q] = 4.

5. Show that Z2 [x]/x3 + x + 1 is a field with eight elements.
Construct a multiplication table for the multiplicative group of the
field.
6. Show that the regular 9-gon is not constructible with a straightedge and compass, but that the regular 20-gon is constructible.
7. Prove that the cosine of one degree (cos 1 ) is algebraic over Q
but not constructible.
8. Can a cube be constructed with three times the volume of a
given cube?

9. Prove that Q( 3, 4 3, 8 3, . . .) is an algebraic extension of Q
but not a finite extension.
10. Prove or disprove: is algebraic over Q( 3 ).
336
CHAPTER 21. FIELDS
11. Let p(x) be a nonconstant polynomial of degree n in F [x].

Prove that there exists a splitting field E for p(x) such that [E :
F ] n!.
12. Prove or disprove: Q( 2 )

= Q( 3 ).
13. Prove that the fields Q( 4 3 ) and Q( 4 3 i) are isomorphic but

not equal.
14. Let K be an algebraic extension of E, and E an algebraic
extension of F . Prove that K is algebraic over F . [ Caution: Do
not assume that the extensions are finite.]
15. Prove or disprove: Z[x]/x3 2 is a field.
16. Let F be a field of characteristic p. Prove that p(x) = xp a
either is irreducible over F or splits in F .
17. Let E be the algebraic closure of a field F . Prove that every
polynomial p(x) in F [x] splits in E.
18. If every irreducible polynomial p(x) in F [x] is linear, show that
F is an algebraically closed field.
19. Prove that if and are constructible numbers such that
= 0, then so is /.
20. Show that the set of all elements in R that are algebraic over
Q form a field extension of Q that is not finite.
21. Let E be an algebraic extension of a field F , and let be
an automorphism of E leaving F fixed. Let E. Show that
induces a permutation of the set of all zeros of the minimal
polynomial of that are in E.

22. Show that Q( 3, 7 ) = Q( 3 + 7 ). Extend your proof to
show that Q( a, b ) = Q( a + b ), where gcd(a, b) = 1.

23. Let E be a finite extension of a field F . If [E : F ] = 2, show
that E is a splitting field of F .
24. Prove or disprove: Given a polynomial p(x) in Z6 [x], it is
possible to construct a ring R such that p(x) has a root in R.
25. Let E be a field extension of F and E. Determine [F () :
F (3 )].
26. Let , be transcendental over Q. Prove that either or
+ is also transcendental.
337
27. Let E be an extension field of F and E be transcendental

over F . Prove that every element in F () that is not in F is also
transcendental over F .
21.5
[1]
Dean, R. A. Elements of Abstract Algebra. Wiley, New York,

1966.
[2]
Dudley, U. A Budget of Trisections. Springer-Verlag, New

York, 1987. An interesting and entertaining account of how
not to trisect an angle.
[3]

[4]
Kaplansky, I. Fields and Rings, 2nd ed. University of Chicago

Press, Chicago, 1972.
[5]
Klein, F. Famous Problems of Elementary Geometry. Chelsea,

New York, 1955.
[6]
Martin, G. Geometric Constructions. Springer, New York,

1998.
[7]
H. Pollard and H. G. Diamond. Theory of Algebraic Numbers,

Dover, Mineola, NY, 2010.
[8]
Walker, E. A. Introduction to Abstract Algebra. Random

House, New York, 1987. This work contains a proof showing
that every field has an algebraic closure.
22
Finite Fields
Finite fields appear in many applications of algebra, including coding theory and cryptography. We already know one finite field,
Zp , where p is prime. In this chapter we will show that a unique
finite field of order pn exists for every prime p, where n is a positive integer. Finite fields are also called Galois fields in honor of
variste Galois, who was one of the first mathematicians to investigate them.
22.1
Structure of a Finite Field
Recall that a field F has characteristic p if p is the smallest

positive integer such that for every nonzero element in F , we
have p = 0. If no such integer exists, then F has characteristic
0. From Theorem 16.19 we know that p must be prime. Suppose
that F is a finite field with n elements. Then n = 0 for all in
F . Consequently, the characteristic of F must be p, where p is a
prime dividing n. This discussion is summarized in the following
proposition.
Proposition 22.1. If F is a finite field, then the characteristic of
F is p, where p is prime.
Throughout this chapter we will assume that p is a prime number unless otherwise stated.
Proposition 22.2. If F is a finite field of characteristic p, then
the order of F is pn for some n N.
Proof. Let : Z F be the ring homomorphism defined by
(n) = n 1. Since the characteristic of F is p, the kernel of must
be pZ and the image of must be a subfield of F isomorphic to Zp .
We will denote this subfield by K. Since F is a finite field, it must
be a finite extension of K and, therefore, an algebraic extension of
K. Suppose that [F : K] = n is the dimension of F , where F is
a K vector space. There must exist elements 1 , . . . , n F such
that any element in F can be written uniquely in the form
= a1 1 + + an n ,
338
22.1. STRUCTURE OF A FINITE FIELD
339
where the ai s are in K. Since there are p elements in K, there are

pn possible linear combinations of the i s. Therefore, the order of
F must be pn .
Lemma 22.3 (Freshmans Dream). Let p be prime and D be an
integral domain of characteristic p. Then
n
ap + bp = (a + b)p
for all positive integers n.
Proof. We will prove this lemma using mathematical induction

on n. We can use the binomial formula (see Chapter 2, Example 2.4) to verify the case for n = 1; that is,
p ( )
p k pk
p
(a + b) =
a b .
k
k=0
If 0 < k < p, then
( )
p
p!
=
k!(p k)!
k
must be divisible by p, since p cannot divide k!(p k)!. Note that

D is an integral domain of characteristic p, so all but the first and
last terms in the sum must be zero. Therefore, (a + b)p = ap + bp .
Now suppose that the result holds for all k, where 1 k n.
By the induction hypothesis,
n+1
(a+b)p
n+1
= ((a+b)p )p = (ap +bp )p = (ap )p +(bp )p = ap
n+1
+bp
Therefore, the lemma is true for n+1 and the proof is complete.
Let F be a field. A polynomial f (x) F [x] of degree n is
separable if it has n distinct roots in the splitting field of f (x);
that is, f (x) is separable when it factors into distinct linear factors
over the splitting field of f . An extension E of F is a separable
extension of F if every element in E is the root of a separable
polynomial in F [x].
Example 22.4. The
x2 2 is separable
over Q since
polynomial
it factors as (x 2 )(x + 2 ).
In
fact,
Q(
2
)
is
a separable
extension of Q. Let = a + b 2 be any element in Q( 2 ). If

b = 0, then is a root of x a. If b = 0, then is the root of the
separable polynomial
x2 2ax + a2 2b2 = (x (a + b 2 ))(x (a b 2 )).

Fortunately, we have an easy test to determine the separability
of any polynomial. Let
f (x) = a0 + a1 x + + an xn
be any polynomial in F [x]. Define the derivative of f (x) to be
f (x) = a1 + 2a2 x + + nan xn1 .
340
CHAPTER 22. FINITE FIELDS
Lemma 22.5. Let F be a field and f (x) F [x]. Then f (x) is

separable if and only if f (x) and f (x) are relatively prime.
Proof. Let f (x) be separable. Then f (x) factors over some extension field of F as f (x) = (x 1 )(x 2 ) (x n ), where
i = j for i = j. Taking the derivative of f (x), we see that
f (x) = (x 2 ) (x n )
+ (x 1 )(x 3 ) (x n )
+ + (x 1 ) (x n1 ).
Hence, f (x) and f (x) can have no common factors.
To prove the converse, we will show that the contrapositive of
the statement is true. Suppose that f (x) = (x )k g(x), where
k > 1. Differentiating, we have
f (x) = k(x )k1 g(x) + (x )k g (x).
Therefore, f (x) and f (x) have a common factor.
Theorem 22.6. For every prime p and every positive integer n,
there exists a finite field F with pn elements. Furthermore, any
n
field of order pn is isomorphic to the splitting field of xp x over
Zp .
n
Proof. Let f (x) = xp x and let F be the splitting field of

f (x). Then by Lemma 22.5, f (x) has pn distinct zeros in F , since
n
f (x) = pn xp 1 1 = 1 is relatively prime to f (x). We claim that
the roots of f (x) form a subfield of F . Certainly 0 and 1 are zeros
of f (x). If and are zeros of f (x), then + and are also
n
n
n
n
n
n
zeros of f (x), since p + p = (+)p and p p = ()p . We
also need to show that the additive inverse and the multiplicative
inverse of each root of f (x) are roots of f (x). For any zero
of f (x), = (p 1) is also a zero of f (x). If = 0, then
n
n
(1 )p = (p )1 = 1 . Since the zeros of f (x) form a subfield
of F and f (x) splits in this subfield, the subfield must be all of F .
Let E be any other field of order pn . To show that E is isomorphic to F , we must show that every element in E is a root of f (x).
Certainly 0 is a root of f (x). Let be a nonzero element of E. The
order of the multiplicative group of nonzero elements of E is pn 1;
n
n
hence, p 1 = 1 or p = 0. Since E contains pn elements, E
must be a splitting field of f (x); however, by Corollary 21.34, the
splitting field of any polynomial is unique up to isomorphism.
The unique finite field with pn elements is called the Galois
field of order pn . We will denote this field by GF(pn ).
22.1. STRUCTURE OF A FINITE FIELD
341
Theorem 22.7. Every subfield of the Galois field GF(pn ) has pm

elements, where m divides n. Conversely, if m | n for m > 0, then
there exists a unique subfield of GF(pn ) isomorphic to GF(pm ).
Proof. Let F be a subfield of E = GF(pn ). Then F must be a
field extension of K that contains pm elements, where K is isomorphic to Zp . Then m | n, since [E : K] = [E : F ][F : K].
To prove the converse, suppose that m | n for some m > 0.
m
Then pm 1 divides pn 1. Consequently, xp 1 1 divides
n
m
n
xp 1 1. Therefore, xp x must divide xp x, and every zero
m
n
of xp x is also a zero of xp x. Thus, GF(pn ) contains, as a
m
subfield, a splitting field of xp x, which must be isomorphic to
GF(pm ).
Example 22.8. The lattice of subfields of GF(p24 ) is given in
Figure 22.9.
GF(p24 )
GF(p8 )
GF(p12 )
GF(p4 )
GF(p6 )
GF(p2 )
GF(p3 )
GF(p)
Figure 22.9: Subfields of GF(p24 )

With each field F we have a multiplicative group of nonzero
elements of F which we will denote by F . The multiplicative
group of any finite field is cyclic. This result follows from the more
general result that we will prove in the next theorem.
Theorem 22.10. If G is a finite subgroup of F , the multiplicative
group of nonzero elements of a field F , then G is cyclic.
Proof. Let G be a finite subgroup of F of order n. By the
Fundamental Theorem of Finite Abelian Groups (Theorem 13.5),
G
= Zpe1 Zpek ,
1
where n = pe11 pekk and the p1 , . . . , pk are (not necessarily distinct) primes. Let m be the least common multiple of pe11 , . . . , pekk .
342
Then G contains an element of order m. Since every in G satisfies xr 1 for some r dividing m, must also be a root of xm 1.
Since xm 1 has at most m roots in F , n m. On the other hand,
we know that m |G|; therefore, m = n. Thus, G contains an
element of order n and must be cyclic.
Corollary 22.11. The multiplicative group of all nonzero elements
of a finite field is cyclic.
Corollary 22.12. Every finite extension E of a finite field F is a
simple extension of F .
Proof. Let be a generator for the cyclic group E of nonzero
elements of E. Then E = F ().
Example 22.13. The finite field GF(24 ) is isomorphic to the field
Z2 /1 + x + x4 . Therefore, the elements of GF(24 ) can be taken
to be
{a0 + a1 + a2 2 + a3 3 : ai Z2 and 1 + + 4 = 0}.
Remembering that 1 + + 4 = 0, we add and multiply elements
of GF(24 ) exactly as we add and multiply polynomials. The multiplicative group of GF(24 ) is isomorphic to Z15 with generator
:
1 =
6 = 2 + 3
11 = + 2 + 3
2 = 2
7 = 1 + + 3
12 = 1 + + 2 + 3
3 = 3
8 = 1 + 2
13 = 1 + 2 + 3
4 = 1 +
9 = + 3
14 = 1 + 3
5 = + 2
10 = 1 + + 2
15 = 1.
22.2
Polynomial Codes
With knowledge of polynomial rings and finite fields, it is now

possible to derive more sophisticated codes than those of Chapter 8.
First let us recall that an (n, k)-block code consists of a one-to-one
encoding function E : Zk2 Zn2 and a decoding function D : Zn2
Zk2 . The code is error-correcting if D is onto. A code is a linear
code if it is the null space of a matrix H Mkn (Z2 ).
We are interested in a class of codes known as cyclic codes. Let
: Zk2 Zn2 be a binary (n, k)-block code. Then is a cyclic
code if for every codeword (a1 , a2 , . . . , an ), the cyclically shifted
n-tuple (an , a1 , a2 , . . . , an1 ) is also a codeword. Cyclic codes are
particularly easy to implement on a computer using shift registers
[2, 3].
22.2. POLYNOMIAL CODES
343
Example 22.14. Consider the (6, 3)-linear codes generated by the

two matrices
1 0 0
1 0 0
1 1 0
0 1 0
1 1 1
0 0 1
and
G
=
G1 =
.
2
1 0 0
1 1 1
0 1 1
0 1 0
0 0 1
0 0 1
Messages in the first code are encoded as follows:
(000)
(001)
(010)
(011)
7
7
(000000)
(001001)
(010010)
(011011)
(100)
(101)
(110)
(111)
7
7
(100100)
(101101)
(110110)
(111111).
It is easy to see that the codewords form a cyclic code. In the

second code, 3-tuples are encoded in the following manner:
(000)
(001)
(010)
(011)
7
7
(000000)
(001111)
(011110)
(010001)
(100)
(101)
(110)
(111)
7
7
(111100)
(110011)
(100010)
(101101).
This code cannot be cyclic, since (101101) is a codeword but (011011)

is not a codeword.
Polynomial Codes
We would like to find an easy method of obtaining cyclic linear
codes. To accomplish this, we can use our knowledge of finite
fields and polynomial rings over Z2 . Any binary n-tuple can be
interpreted as a polynomial in Z2 [x]. Stated another way, the ntuple (a0 , a1 , . . . , an1 ) corresponds to the polynomial
f (x) = a0 + a1 x + + an1 xn1 ,
where the degree of f (x) is at most n 1. For example, the polynomial corresponding to the 5-tuple (10011) is
1 + 0x + 0x2 + 1x3 + 1x4 = 1 + x3 + x4 .
Conversely, with any polynomial f (x) Z2 [x] with deg f (x) < n
we can associate a binary n-tuple. The polynomial x + x2 + x4
corresponds to the 5-tuple (01101).
Let us fix a nonconstant polynomial g(x) in Z2 [x] of degree
n k. We can define an (n, k)-code C in the following manner.
If (a0 , . . . , ak1 ) is a k-tuple to be encoded, then f (x) = a0 +
a1 x + + ak1 xk1 is the corresponding polynomial in Z2 [x]. To
344
encode f (x), we multiply by g(x). The codewords in C are all

those polynomials in Z2 [x] of degree less than n that are divisible
by g(x). Codes obtained in this manner are called polynomial
codes.
Example 22.15. If we let g(x) = 1 + x3 , we can define a (6, 3)code C as follows. To encode a 3-tuple (a0 , a1 , a2 ), we multiply the
corresponding polynomial f (x) = a0 + a1 x + a2 x2 by 1 + x3 . We
are defining a map : Z32 Z62 by : f (x) 7 g(x)f (x). It is easy
to check that this map is a group homomorphism. In fact, if we
regard Zn2 as a vector space over Z2 , is a linear transformation of
vector spaces (see Exercise 20.4.15, Chapter 20). Let us compute
the kernel of . Observe that (a0 , a1 , a2 ) = (000000) exactly when
0 + 0x + 0x2 + 0x3 + 0x4 + 0x5 = (1 + x3 )(a0 + a1 x + a2 x2 )
= a0 + a1 x + a2 x2 + a0 x3 + a1 x4 + a2 x5 .
Since the polynomials over a field form an integral domain, a0 +
a1 x+a2 x2 must be the zero polynomial. Therefore, ker = {(000)}
and is one-to-one.
To calculate a generator matrix for C, we merely need to examine the way the polynomials 1, x, and x2 are encoded:
(1 + x3 ) 1 = 1 + x3
(1 + x3 )x = x + x4
(1 + x3 )x2 = x2 + x5 .
We obtain the code corresponding to the generator matrix G1 in
Example 22.14. The parity-check matrix for this code is
1 0 0 1 0 0
H = 0 1 0 0 1 0 .
0 0 1 0 0 1
Since the smallest weight of any nonzero codeword is 2, this code
has the ability to detect all single errors.
Rings of polynomials have a great deal of structure; therefore,
our immediate goal is to establish a link between polynomial codes
and ring theory. Recall that xn 1 = (x 1)(xn1 + + x + 1).
The factor ring
Rn = Z2 [x]/xn 1
can be considered to be the ring of polynomials of the form
f (t) = a0 + a1 t + + an1 tn1
that satisfy the condition tn = 1. It is an easy exercise to show that
Zn2 and Rn are isomorphic as vector spaces. We will often identify
elements in Zn2 with elements in Z[x]/xn 1. In this manner we
can interpret a linear code as a subset of Z[x]/xn 1.
345
The additional ring structure on polynomial codes is very powerful in describing cyclic codes. A cyclic shift of an n-tuple can be
described by polynomial multiplication. If f (t) = a0 + a1 t + +
an1 tn1 is a code polynomial in Rn , then
tf (t) = an1 + a0 t + + an2 tn1
is the cyclically shifted word obtained from multiplying f (t) by
t. The following theorem gives a beautiful classification of cyclic
codes in terms of the ideals of Rn .
Theorem 22.16. A linear code C in Zn2 is cyclic if and only if it
is an ideal in Rn = Z[x]/xn 1.
Proof. Let C be a linear cyclic code and suppose that f (t) is in
C. Then tf (t) must also be in C. Consequently, tk f (t) is in C
for all k N. Since C is a linear code, any linear combination of
the codewords f (t), tf (t), t2 f (t), . . . , tn1 f (t) is also a codeword;
therefore, for every polynomial p(t), p(t)f (t) is in C. Hence, C is
an ideal.
Conversely, let C be an ideal in Z2 [x]/xn + 1. Suppose that
f (t) = a0 + a1 t + + an1 tn1 is a codeword in C. Then tf (t) is
a codeword in C; that is, (a1 , . . . , an1 , a0 ) is in C.
Theorem 22.16 tells us that knowing the ideals of Rn is equivalent to knowing the linear cyclic codes in Zn2 . Fortunately, the
ideals in Rn are easy to describe. The natural ring homomorphism
: Z2 [x] Rn defined by [f (x)] = f (t) is a surjective homomorphism. The kernel of is the ideal generated by xn 1. By
Theorem 16.34, every ideal C in Rn is of the form (I), where I
is an ideal in Z2 [x] that contains xn 1. By Theorem 17.20, we
know that every ideal I in Z2 [x] is a principal ideal, since Z2 is a
field. Therefore, I = g(x) for some unique monic polynomial in
Z2 [x]. Since xn 1 is contained in I, it must be the case that
g(x) divides xn 1. Consequently, every ideal C in Rn is of the
form
C = g(t) = {f (t)g(t) : f (t) Rn and g(x) | (xn 1) in Z2 [x]}.
The unique monic polynomial of the smallest degree that generates
C is called the minimal generator polynomial of C.
Example 22.17. If we factor x7 1 into irreducible components,
we have
x7 1 = (1 + x)(1 + x + x3 )(1 + x2 + x3 ).
We see that g(t) = (1+t+t3 ) generates an ideal C in R7 . This code
is a (7, 4)-block code. As in Example 22.15, it is easy to calculate a
346
generator matrix by examining what g(t) does to the polynomials

1, t, t2 , and t3 . A generator matrix for C is
1
1
G = 1
0
0
0
1
1
0
1
0
0
0
0
1
1
0
1
0
0
0
1 .
0
1
In general, we can determine a generator matrix for an (n, k)code C by the manner in which the elements tk are encoded. Let
xn 1 = g(x)h(x) in Z2 [x]. If g(x) = g0 + g1 x + + gnk xnk
and h(x) = h0 + h1 x + + hk xk , then the n k matrix
g0
0
g0
0
g1
.
..
..
..
..
.
.
.
G = gnk gnk1 g0
0
gnk g1
..
..
..
..
.
.
.
.
0
0
gnk
is a generator matrix for the code C with generator polynomial
g(t). The parity-check matrix for C is the (n k) n matrix
0 0
0 hk h0
0 0 hk h0 0
H=
.

hk h0 0
0 0
We will leave the details of the proof of the following proposition
as an exercise.
Proposition 22.18. Let C = g(t) be a cyclic code in Rn and
suppose that xn 1 = g(x)h(x). Then G and H are generator and
parity-check matrices for C, respectively. Furthermore, HG = 0.
Example 22.19. In Example 22.17,
x7 1 = g(x)h(x) = (1 + x + x3 )(1 + x + x2 + x4 ).
Therefore, a parity-check matrix for this code is
0 0 1 0 1 1 1
H = 0 1 0 1 1 1 0 .
1 0 1 1 1 0 0
347
To determine the error-detecting and error-correcting capabilities of a cyclic code, we need to know something about determinants. If 1 , . . . , n are elements in a field F , then the n n
matrix
1
1
1
1
2 n
2
22 n2
1
.
..
..
..
..
.
.
.
1n1 2n1 nn1
is called the Vandermonde matrix. The determinant of this
matrix is called the Vandermonde determinant. We will need
the following lemma in our investigation of cyclic codes.
Lemma 22.20. Let 1 , . . . , n be elements in a field F with n 2.
Then
det
1
1
12
..
.
..
.
1
2
22
..
.
1n1 2n1
1
n
n2
..
.
(i j ).
=
1j<in
nn1
In particular, if the i s are distinct, then the determinant is

nonzero.
Proof. We will induct on n. If n = 2, then the determinant

is 2 1 . Let us assume the result for n 1 and consider the
polynomial p(x) defined by
p(x) = det
1
1
12
..
.
1
2
22
..
.
1n1 2n1
1
1
n1
x
2
n1 x2
.
..
..
..
.
.
.
n1
n1
n1 x
Expanding this determinant by cofactors on the last column, we

see that p(x) is a polynomial of at most degree n1. Moreover, the
roots of p(x) are 1 , . . . , n1 , since the substitution of any one of
these elements in the last column will produce a column identical
to the last column in the matrix. Remember that the determinant
of a matrix is zero if it has two identical columns. Therefore,
p(x) = (x 1 )(x 2 ) (x n1 ),
348
where
= (1)n+n det
1
1
12
..
.
1
2
22
..
.
1n2 2n2
1
n1
2
n1
.
.
..
.
.
.
n2
n1
By our induction hypothesis,

= (1)n+n
(i j ).
1j<in1
If we let x = n , the result now follows immediately.

The following theorem gives us an estimate on the error detection and correction capabilities for a particular generator polynomial.
Theorem 22.21. Let C = g(t) be a cyclic code in Rn and suppose
that is a primitive nth root of unity over Z2 . If s consecutive
powers of are roots of g(x), then the minimum distance of C is
at least s + 1.
Proof. Suppose that
g( r ) = g( r+1 ) = = g( r+s1 ) = 0.
Let f (x) be some polynomial in C with s or fewer nonzero coefficients. We can assume that
f (x) = ai0 xi0 + ai1 xi1 + + ais1 xis1
be some polynomial in C. It will suffice to show that all of the ai s
must be 0. Since
g( r ) = g( r+1 ) = = g( r+s1 ) = 0
and g(x) divides f (x),
f ( r ) = f ( r+1 ) = = f ( r+s1 ) = 0.
Equivalently, we have the following system of equations:
ai0 ( r )i0 + ai1 ( r )i1 + + ais1 ( r )is1 = 0
ai0 ( r+1 )i0 + ai1 ( r+1 )i2 + + ais1 ( r+1 )is1 = 0
..
.
ai0 ( r+s1 )i0 + ai1 ( r+s1 )i1 + + ais1 ( r+s1 )is1 = 0.
349
Therefore, (ai0 , ai1 , . . . , ais1 ) is a solution to the homogeneous system of linear equations
( i0 )r x0 + ( i1 )r x1 + + ( is1 )r xn1 = 0
( i0 )r+1 x0 + ( i1 )r+1 x1 + + ( is1 )r+1 xn1 = 0
..
.
( i0 )r+s1 x0 + ( i1 )r+s1 x1 + + ( is1 )r+s1 xn1 = 0.
However, this system has a unique solution, since the determinant
of the matrix
( i0 )r
( i1 )r
( is1 )r
( i0 )r+1
( i1 )r+1 ( is1 )r+1
..
..
..
..
.
.
.
.
i
r+s1
i
r+s1
i
r+s1
( 0 )
( 1 )
( s1 )
can be shown to be nonzero using Lemma 22.20 and the basic properties of determinants (Exercise). Therefore, this solution must be
ai0 = ai1 = = ais1 = 0.
BCH Codes
Some of the most important codes, discovered independently by A.
Hocquenghem in 1959 and by R. C. Bose and D. V. Ray-Chaudhuri
in 1960, are BCH codes. The European and transatlantic communication systems both use BCH codes. Information words to be
encoded are of length 231, and a polynomial of degree 24 is used to
generate the code. Since 231 + 24 = 255 = 28 1, we are dealing
with a (255, 231)-block code. This BCH code will detect six errors
and has a failure rate of 1 in 16 million. One advantage of BCH
codes is that efficient error correction algorithms exist for them.
The idea behind BCH codes is to choose a generator polynomial
of smallest degree that has the largest error detection and error
correction capabilities. Let d = 2r + 1 for some r 0. Suppose
that is a primitive nth root of unity over Z2 , and let mi (x) be
the minimal polynomial over Z2 of i . If
g(x) = lcm[m1 (x), m2 (x), . . . , m2r (x)],
then the cyclic code g(t) in Rn is called the BCH code of length
n and distance d. By Theorem 22.21, the minimum distance of
C is at least d.
Theorem 22.22. Let C = g(t) be a cyclic code in Rn . The
following statements are equivalent.
1. The code C is a BCH code whose minimum distance is at
least d.
350
2. A code polynomial f (t) is in C if and only if f ( i ) = 0 for

1 i < d.
3. The matrix
1
1
H = 1
.
..
2
3
..
.
2
4
6
..
.
1 2r 4r
..
.
n1
(n1)(2)
(n1)(3)
..
(n1)(2r)
is a parity-check matrix for C.

Proof. (1) (2). If f (t) is in C, then g(x) | f (x) in Z2 [x]. Hence,
for i = 1, . . . , 2r, f ( i ) = 0 since g( i ) = 0. Conversely, suppose
that f ( i ) = 0 for 1 i d. Then f (x) is divisible by each mi (x),
since mi (x) is the minimal polynomial of i . Therefore, g(x) | f (x)
by the definition of g(x). Consequently, f (x) is a codeword.
(2) (3). Let f (t) = a0 + a1 t + + an1 vtn1 be in Rn . The
corresponding n-tuple in Zn2 is x = (a0 a1 an1 )t . By (2),
Hx =
a0 + a1 + + an1 n1
a0 + a1 2 + + an1 ( 2 )n1
..
.
a0 + a1 2r + + an1 ( 2r )n1
f ()
f ( 2 )

= . =0
..
f ( 2r )
exactly when f (t) is in C. Thus, H is a parity-check matrix for C.

(3) (1). By (3), a code polynomial f (t) = a0 + a1 t + +
an1 tn1 is in C exactly when f ( i ) = 0 for i = 1, . . . , 2r. The
smallest such polynomial is g(t) = lcm[m1 (t), . . . , m2r (t)]. Therefore, C = g(t).
Example 22.23. It is easy to verify that x15 1 Z2 [x] has a
factorization
x15 1 = (x+1)(x2 +x+1)(x4 +x+1)(x4 +x3 +1)(x4 +x3 +x2 +x+1),
where each of the factors is an irreducible polynomial. Let be a
root of 1 + x + x4 . The Galois field GF(24 ) is
{a0 + a1 + a2 2 + a3 3 : ai Z2 and 1 + + 4 = 0}.
By Example 22.8, is a primitive 15th root of unity. The minimal
polynomial of is m1 (x) = 1 + x + x4 . It is easy to see that 2
and 4 are also roots of m1 (x). The minimal polynomial of 3 is
m2 (x) = 1 + x + x2 + x3 + x4 . Therefore,
g(x) = m1 (x)m2 (x) = 1 + x4 + x6 + x7 + x8
22.3. EXERCISES
351
has roots , 2 , 3 , 4 . Since both m1 (x) and m2 (x) divide x15 1,

the BCH code is a (15, 7)-code. If x15 1 = g(x)h(x), then h(x) =
1 + x4 + x6 + x7 ; therefore, a parity-check matrix for this code is
0 0 0 0 0 0 0 1 1 0 1 0 0 0 1
0 0 0 0 0 0 1 1 0 1 0 0 0 1 0
0 0 0 0 0 1 1 0 1 0 0 0 1 0 0
0 0 0 0 1 1 0 1 0 0 0 1 0 0 0
.
0 0 0 1 1 0 1 0 0 0 1 0 0 0 0
0 0 1 1 0 1 0 0 0 1 0 0 0 0 0
0 1 1 0 1 0 0 0 1 0 0 0 0 0 0
1 1 0 1 0 0 0 1 0 0 0 0 0 0 0
Sage Finite fields are important in a variety of applied disciplines,
such as cryptography and coding theory (see introductions to these
topics in other chapters). Sage has excellent support for finite fields
allowing for a wide variety of computations.
22.3
Exercises
1. Calculate each of the following.

(a) [GF(36 ) : GF(33 )]
(c) [GF(625) : GF(25)]
(b) [GF(128) : GF(16)]
(d) [GF(p12 ) : GF(p2 )]
2. Calculate [GF(pm ) : GF(pn )], where n | m.

3. What is the lattice of subfields for GF(p30 )?
4. Let be a zero of x3 + x2 + 1 over Z2 . Construct a finite field
of order 8. Show that x3 + x2 + 1 splits in Z2 ().
5. Construct a finite field of order 27.
6. Prove or disprove: Q is cyclic.
7. Factor each of the following polynomials in Z2 [x].
(a) x5 1
(c) x9 1
(b) x6 +x5 +x4 +x3 +x2 +x+1
(d) x4 + x3 + x2 + x + 1
8. Prove or disprove: Z2 [x]/x3 + x + 1

= Z2 [x]/x3 + x2 + 1.
9. Determine the number of cyclic codes of length n for n = 6, 7,
8, 10.
352
10. Prove that the ideal t + 1 in Rn is the code in Zn2 consisting

of all words of even parity.
11. Construct all BCH codes of
(a) length 7.
(b) length 15.
12. Prove or disprove: There exists a finite field that is algebraically closed.
13. Let p be prime. Prove that the field of rational functions Zp (x)
is an infinite field of characteristic p.
14. Let D be an integral domain of characteristic p. Prove that
n
n
n
(a b)p = ap bp for all a, b D.
15. Show that every element in a finite field can be written as the
sum of two squares.
16. Let E and F be subfields of a finite field K. If E is isomorphic
to F , show that E = F .
17. Let F E K be fields. If K is separable over F , show that
K is also separable over E.
18. Let E be an extension of a finite field F , where F has q elements. Let E be algebraic over F of degree n. Prove that
F () has q n elements.
19. Show that every finite extension of a finite field F is simple;
that is, if E is a finite extension of a finite field F , prove that there
exists an E such that E = F ().
20. Show that for every n there exists an irreducible polynomial
of degree n in Zp [x].
21. Prove that the Frobenius map : GF(pn ) GF(pn ) given
by : 7 p is an automorphism of order n.
22. Show that every element in GF(pn ) can be written in the form
ap for some unique a GF(pn ).
23. Let E and F be subfields of GF(pn ). If |E| = pr and |F | = ps ,
what is the order of E F ?
24. (Wilsons Theorem) Let p be prime. Prove that (p 1)! 1
(mod p).
22.4. ADDITIONAL EXERCISES: ERROR CORRECTION FOR BCH CODES353
25. If g(t) is the minimal generator polynomial for a cyclic code

C in Rn , prove that the constant term of g(x) is 1.
26. Often it is conceivable that a burst of errors might occur during
transmission, as in the case of a power surge. Such a momentary
burst of interference might alter several consecutive bits in a codeword. Cyclic codes permit the detection of such error bursts. Let
C be an (n, k)-cyclic code. Prove that any error burst up to n k
digits can be detected.
27. Prove that the rings Rn and Zn2 are isomorphic as vector
spaces.
28. Let C be a code in Rn that is generated by g(t). If f (t) is
another code in Rn , show that g(t) f (t) if and only if f (x)
divides g(x) in Z2 [x].
29. Let C = g(t) be a cyclic code in Rn and suppose that xn 1 =
g(x)h(x), where g(x) = g0 + g1 x + + gnk xnk and h(x) =
h0 + h1 x + + hk xk . Define G to be the n k matrix
g0
0
g0
0
g1
.
..
..
..
..
.
.
.
G = gnk gnk1 g0
0
gnk g1
..
..
..
..
.
.
.
.
0
0
gnk
and H to be the (n k) n matrix
0 0
0 hk h0
0 0 hk h0 0
H=
.

hk h0 0
0 0
(a) Prove that G is a generator matrix for C.
(b) Prove that H is a parity-check matrix for C.
(c) Show that HG = 0.
22.4
Additional Exercises: Error Correction

for BCH Codes
BCH codes have very attractive error correction algorithms. Let

C be a BCH code in Rn , and suppose that a code polynomial
354
c(t) = c0 + c1 t + + cn1 tn1 is transmitted. Let w(t) = w0 +

w1 t + wn1 tn1 be the polynomial in Rn that is received. If
errors have occurred in bits a1 , . . . , ak , then w(t) = c(t) + e(t),
where e(t) = ta1 + ta2 + + tak is the error polynomial. The
decoder must determine the integers ai and then recover c(t) from
w(t) by flipping the ai th bit. From w(t) we can compute w( i ) = si
for i = 1, . . . , 2r, where is a primitive nth root of unity over Z2 .
We say the syndrome of w(t) is s1 , . . . , s2r .
1. Show that w(t) is a code polynomial if and only if si = 0 for all
i.
2. Show that
si = w( i ) = e( i ) = ia1 + ia2 + + iak
for i = 1, . . . , 2r. The error-locator polynomial is defined to be
s(x) = (x + a1 )(x + a2 ) (x + ak ).
3. Recall the (15, 7)-block BCH code in Example 22.19. By Theorem 8.13, this code is capable of correcting two errors. Suppose
that these errors occur in bits a1 and a2 . The error-locator polynomial is s(x) = (x + a1 )(x + a2 ). Show that
)
(
s3
2
2
.
s(x) = x + s1 x + s1 +
s1
4. Let w(t) = 1 + t2 + t4 + t5 + t7 + t12 + t13 . Determine what the
originally transmitted code polynomial was.
22.5
[1]
Childs, L. A Concrete Introduction to Higher Algebra. 2nd

ed. Springer-Verlag, New York, 1995.
[2]
Gding, L. and Tambour, T. Algebra for Computer Science.

Springer-Verlag, New York, 1988.
[3]
Lidl, R. and Pilz, G. Applied Abstract Algebra. 2nd ed.

Springer, New York, 1998. An excellent presentation of finite fields and their applications.
[4]

York, 1985.
355
[5]
Roman, S. Coding and Information Theory. Springer-Verlag,

New York, 1992.
[6]
van Lint, J. H. Introduction to Coding Theory. Springer, New

York, 1999.
23
Galois Theory
A classic problem of algebra is to find the solutions of a polynomial equation. The solution to the quadratic equation was known
in antiquity. Italian mathematicians found general solutions to the
general cubic and quartic equations in the sixteenth century; however, attempts to solve the general fifth-degree, or quintic, polynomial were repulsed for the next three hundred years. Certainly,
equations such as x5 1 = 0 or x6 x3 6 = 0 could be solved, but
no solution like the quadratic formula was found for the general
quintic,
ax5 + bx4 + cx3 + dx2 + ex + f = 0.
Finally, at the beginning of the nineteenth century, Ruffini and
Abel both found quintics that could not be solved with any formula. It was Galois, however, who provided the full explanation
by showing which polynomials could and could not be solved by
formulas. He discovered the connection between groups and field
extensions. Galois theory demonstrates the strong interdependence
of group and field theory, and has had far-reaching implications beyond its original purpose.
In this chapter we will prove the Fundamental Theorem of Galois Theory. This result will be used to establish the insolvability of
the quintic and to prove the Fundamental Theorem of Algebra.
23.1
Field Automorphisms
Our first task is to establish a link between group theory and field
theory by examining automorphisms of fields.
Proposition 23.1. The set of all automorphisms of a field F is a
group under composition of functions.
Proof. If and are automorphisms of E, then so are and

1 . The identity is certainly an automorphism; hence, the set of
all automorphisms of a field F is indeed a group.
356
23.1. FIELD AUTOMORPHISMS
357
Proposition 23.2. Let E be a field extension of F . Then the set

of all automorphisms of E that fix F elementwise is a group; that
is, the set of all automorphisms : E E such that () = for
all F is a group.
Proof. We need only show that the set of automorphisms of E
that fix F elementwise is a subgroup of the group of all automorphisms of E. Let and be two automorphisms of E such that
() = and () = for all F . Then () = () = and
1 () = . Since the identity fixes every element of E, the set of
automorphisms of E that leave elements of F fixed is a subgroup
of the entire group of automorphisms of E.
Let E be a field extension of F . We will denote the full group
of automorphisms of E by Aut(E). We define the Galois group
of E over F to be the group of automorphisms of E that fix F
elementwise; that is,
G(E/F ) = { Aut(E) : () = for all F }.
If f (x) is a polynomial in F [x] and E is the splitting field of f (x)
over F , then we define the Galois group of f (x) to be G(E/F ).
Example 23.3. Complex conjugation, defined by : a + bi 7
a bi, is an automorphism of the complex numbers. Since
(a) = (a + 0i) = a 0i = a,
the automorphism defined by complex conjugation must be in G(C/R).

Example 23.4. Consider
the fields Q Q( 5 ) Q( 3, 5 ).
Then for a, b Q( 5 ),
(a + b 3 ) = a b 3

is an automorphism of Q( 3, 5 ) leaving Q( 5 ) fixed. Similarly,
(a + b 5 ) = a b 5

is an automorphism of Q( 3, 5) leaving
Q(
3 ) fixed. The au
tomorphism = moves both 3 and 5.
It
will soon be clear
that {id, , , } is the Galois group of Q( 3, 5 ) over Q. The
following table shows that this group is isomorphic to Z2 Z2 .
id
id id
id
id
id

We may also regard
the
field
Q( 3, 5 ) as a vector space over
Q
thathasbasis {1, 3, 5, 15 }. It is no coincidence that |G(Q( 3, 5 )/Q)| =
[Q( 3, 5 ) : Q)] = 4.
358
CHAPTER 23. GALOIS THEORY
Proposition 23.5. Let E be a field extension of F and f (x) be a

polynomial in F [x]. Then any automorphism in G(E/F ) defines a
permutation of the roots of f (x) that lie in E.
Proof. Let
f (x) = a0 + a1 x + a2 x2 + + an xn
and suppose that E is a zero of f (x). Then for G(E/F ),
0 = (0)
= (f ())
= (a0 + a1 + a2 2 + + an n )
= a0 + a1 () + a2 [()]2 + + an [()]n ;
therefore, () is also a zero of f (x).
Let E be an algebraic extension of a field F . Two elements
, E are conjugate over F if they have
the same minimal

2 ) the elements 2
polynomial.
For
example,
in
the
field
Q(
and 2 are conjugate over Q since they are both roots of the
irreducible polynomial x2 2.
A converse of the last proposition exists. The proof follows
directly from Lemma 21.32.
Proposition 23.6. If and are conjugate over F , there exists
an isomorphism : F () F () such that is the identity when
restricted to F .
Theorem 23.7. Let f (x) be a polynomial in F [x] and suppose that
E is the splitting field for f (x) over F . If f (x) has no repeated
roots, then
|G(E/F )| = [E : F ].
Proof. We will use mathematical induction on the degree of f (x).
If the degree of f (x) is 0 or 1, then E = F and there is nothing to
show. Assume that the result holds for all polynomials of degree
k with 0 k < n. Suppose that the degree of f (x) is n. Let p(x)
be an irreducible factor of f (x) of degree r. Since all of the roots
of p(x) are in E, we can choose one of these roots, say , so that
F F () E. Then
[E : F ()] = n/r
and
[F () : F ] = r.
If is any other root of p(x), then F F () E. By Lemma 21.32,

there exists a unique isomorphism : F () F () for each such
that fixes F elementwise. Since E is a splitting field of F (), there
are exactly r such isomorphisms. For each of these automorphisms,
23.1. FIELD AUTOMORPHISMS
359
we can use our induction hypothesis on [E : F ()] = n/r < n to

conclude that
|G(E/F ())| = [E : F ()].
Consequently, there are
[E : F ] = [E : F ()][F () : F ] = n
possible automorphisms of E that fix F , or |G(E/F )| = [E : F ].
Corollary 23.8. Let F be a finite field with a finite extension E
such that [E : F ] = k. Then G(E/F ) is cyclic of order k.
Proof. Let p be the characteristic of E and F and assume that the
orders of E and F are pm and pn , respectively. Then nk = m. We
m
can also assume that E is the splitting field of xp x over a subfield
m
of order p. Therefore, E must also be the splitting field of xp x
over F . Applying Theorem 23.7, we find that |G(E/F )| = k.
To prove that G(E/F ) is cyclic, we must find a generator for
n
G(E/F ). Let : E E be defined by () = p . We claim that
is the element in G(E/F ) that we are seeking. We first need to
show that is in Aut(E). If and are in E,
n
( + ) = ( + )p = p + p = () + ()
by Lemma 22.3 Also, it is easy to show that () = ()().
Since is a nonzero homomorphism of fields, it must be injective.
It must also be onto, since E is a finite field. We know that must
n
be in G(E/F ), since F is the splitting field of xp x over the base
field of order p. This means that leaves every element in F fixed.
Finally, we must show that the order of is k. By Theorem 23.7,
we know that
nk
m
k () = p = p =
is the identity of G(E/F ). However, r cannot be the identity
nr
for 1 r < k; otherwise, xp x would have pm roots, which is
impossible.
Example
23.9. We can now confirm that the Galois group of
Q( 3, 5 ) over Q in Example 23.4 is indeed isomorphic toZ2 Z
2.
is a subgroup of G(Q( 3, 5 )/Q);
Certainly the group H = {id, , ,}
however, H must be all of G(Q( 3, 5 )/Q), since

|H| = [Q( 3, 5 ) : Q] = |G(Q( 3, 5 )/Q)| = 4.
Example 23.10. Let us compute the Galois group of
f (x) = x4 + x3 + x2 + x + 1
over Q. We know that f (x) is irreducible by Exercise 17.4.20 in
Chapter 17. Furthermore, since (x 1)f (x) = x5 1, we can use
360
DeMoivres Theorem to determine that the roots of f (x) are i ,

where i = 1, . . . , 4 and
= cos(2/5) + i sin(2/5).
Hence, the splitting field of f (x) must be Q(). We can define
automorphisms i of Q() by i () = i for i = 1, . . . , 4. It
is easy to check that these are indeed distinct automorphisms in
G(Q()/Q). Since
[Q() : Q] = |G(Q()/Q)| = 4,
the i s must be all of G(Q()/Q). Therefore, G(Q()/Q)
= Z4
since is a generator for the Galois group.
Separable Extensions
Many of the results that we have just proven depend on the fact
that a polynomial f (x) in F [x] has no repeated roots in its splitting
field. It is evident that we need to know exactly when a polynomial
factors into distinct linear factors in its splitting field. Let E be
the splitting field of a polynomial f (x) in F [x]. Suppose that f (x)
factors over E as
f (x) = (x 1 )n1 (x 2 )n2 (x r )nr =
(x i )ni .
i=1
We define the multiplicity of a root i of f (x) to be ni . A root

with multiplicity 1 is called a simple root. Recall that a polynomial f (x) F [x] of degree n is separable if it has n distinct
roots in its splitting field E. Equivalently, f (x) is separable if it
factors into distinct linear factors over E[x]. An extension E of F
is a separable extension of F if every element in E is the root of
a separable polynomial in F [x]. Also recall that f (x) is separable
if and only if gcd(f (x), f (x)) = 1 (Lemma 22.5).
Proposition 23.11. Let f (x) be an irreducible polynomial over
F . If the characteristic of F is 0, then f (x) is separable. If the
characteristic of F is p and f (x) = g(xp ) for some g(x) in F [x],
then f (x) is also separable.
Proof. First assume that char F = 0. Since deg f (x) < deg f (x)
and f (x) is irreducible, the only way gcd(f (x), f (x)) = 1 is if
f (x) is the zero polynomial; however, this is impossible in a field
of characteristic zero. If char F = p, then f (x) can be the zero
polynomial if every coefficient of f (x) is a multiple of p. This can
happen only if we have a polynomial of the form f (x) = a0 +a1 xp +
a2 x2p + + an xnp .
23.2. THE FUNDAMENTAL THEOREM
361
Certainly extensions of a field F of the form F () are some

of the easiest to study and understand. Given a field extension
E of F , the obvious question to ask is when it is possible to find
an element E such that E = F (). In this case, is called
a primitive element. We already know that primitive elements
exist for certain extensions. For example,

Q( 3, 5 ) = Q( 3 + 5 )
and
3
6
Q( 5, 5 i) = Q( 5 i).
Corollary 22.12 tells us that there exists a primitive element for

any finite extension of a finite field. The next theorem tells us that
we can often find a primitive element.
Theorem 23.12 (Primitive Element Theorem). Let E be a finite
separable extension of a field F . Then there exists an E such
that E = F ().
Proof. We already know that there is no problem if F is a finite
field. Suppose that E is a finite extension of an infinite field. We
will prove the result for F (, ). The general case easily follows
when we use mathematical induction. Let f (x) and g(x) be the
minimal polynomials of and , respectively. Let K be the field
in which both f (x) and g(x) split. Suppose that f (x) has zeros
= 1 , . . . , n in K and g(x) has zeros = 1 , . . . , m in K.
All of these zeros have multiplicity 1, since E is separable over F .
Since F is infinite, we can find an a in F such that
a =
i
j
for all i and j with j = 1. Therefore, a( j ) = i . Let

= + a. Then
= + a = i + aj ;
hence, aj = i for all i, j with j = 1. Define h(x) F ()[x]
by h(x) = f ( ax). Then h() = f () = 0. However, h(j ) = 0
for j = 1. Hence, h(x) and g(x) have a single common factor in
F ()[x]; that is, the irreducible polynomial of over F () must be
linear, since is the only zero common to both g(x) and h(x). So
F () and = a is in F (). Hence, F (, ) = F ().
23.2
The Fundamental Theorem
The goal of this section is to prove the Fundamental Theorem of

Galois Theory. This theorem explains the connection between the
subgroups of G(E/F ) and the intermediate fields between E and
F.
362
Proposition 23.13. Let {i : i I} be a collection of automorphisms of a field F . Then

F{i } = {a F : i (a) = a for all i }
is a subfield of F .
Proof. Let i (a) = a and i (b) = b. Then

i (a b) = i (a) i (b) = a b
and
i (ab) = i (a)i (b) = ab.
If a = 0, then i (a1 ) = [i (a)]1 = a1 . Finally, i (0) = 0 and
i (1) = 1 since i is an automorphism.
Corollary 23.14. Let F be a field and let G be a subgroup of
Aut(F ). Then
FG = { F : () = for all G}
is a subfield of F .
The subfield F{i } of F is called the fixed field of {i }. The
field fixed for a subgroup G of Aut(F ) will be denoted by FG .

Example 23.15. Let : Q( 3, 5 ) Q( 3, 5 ) be the automorphism
that maps 3 to 3. Then Q( 5 ) is the subfield of
Q( 3, 5 ) left fixed by .
Proposition 23.16. Let E be a splitting field over F of a separable
polynomial. Then EG(E/F ) = F .
Proof. Let G = G(E/F ). Clearly, F EG E. Also, E must be
a splitting field of EG and G(E/F ) = G(E/EG ). By Theorem 23.7,
|G| = [E : EG ] = [E : F ].
Therefore, [EG : F ] = 1. Consequently, EG = F .
A large number of mathematicians first learned Galois theory
from Emil Artins monograph on the subject [1]. The very clever
proof of the following lemma is due to Artin.
Lemma 23.17. Let G be a finite group of automorphisms of E
and let F = EG . Then [E : F ] |G|.
363
Proof. Let |G| = n. We must show that any set of n + 1 elements

1 , . . . , n+1 in E is linearly dependent over F ; that is, we need to
find elements ai F , not all zero, such that
a1 1 + a2 2 + + an+1 n+1 = 0.
Suppose that 1 = id, 2 , . . . , n are the automorphisms in G. The
homogeneous system of linear equations
1 (1 )x1 + 1 (2 )x2 + + 1 (n+1 )xn+1 = 0
2 (1 )x1 + 2 (2 )x2 + + 2 (n+1 )xn+1 = 0
..
.
n (1 )x1 + n (2 )x2 + + n (n+1 )xn+1 = 0
has more unknowns than equations. From linear algebra we know
that this system has a nontrivial solution, say xi = ai for i =
1, 2, . . . , n + 1. Since 1 is the identity, the first equation translates
to
a1 1 + a2 2 + + an+1 n+1 = 0.
The problem is that some of the ai s may be in E but not in F .
We must show that this is impossible.
Suppose that at least one of the ai s is in E but not in F . By
rearranging the i s we may assume that a1 is nonzero. Since any
nonzero multiple of a solution is also a solution, we can also assume
that a1 = 1. Of all possible solutions fitting this description, we
choose the one with the smallest number of nonzero terms. Again,
by rearranging 2 , . . . , n+1 if necessary, we can assume that a2
is in E but not in F . Since F is the subfield of E that is fixed
elementwise by G, there exists a i in G such that i (a2 ) = a2 .
Applying i to each equation in the system, we end up with the
same homogeneous system, since G is a group. Therefore, x1 =
i (a1 ) = 1, x2 = i (a2 ), . . ., xn+1 = i (an+1 ) is also a solution
of the original system. We know that a linear combination of two
solutions of a homogeneous system is also a solution; consequently,
x1 = 1 1 = 0
x2 = a2 i (a2 )
..
.
xn+1 = an+1 i (an+1 )
must be another solution of the system. This is a nontrivial solution because i (a2 ) = a2 , and has fewer nonzero entries than
our original solution. This is a contradiction, since the number
of nonzero solutions to our original solution was assumed to be
minimal. We can therefore conclude that a1 , . . . , an+1 F .
364
Let E be an algebraic extension of F . If every irreducible polynomial in F [x] with a root in E has all of its roots in E, then
E is called a normal extension of F ; that is, every irreducible
polynomial in F [x] containing a root in E is the product of linear
factors in E[x].
Theorem 23.18. Let E be a field extension of F . Then the following statements are equivalent.
1. E is a finite, normal, separable extension of F .
2. E is a splitting field over F of a separable polynomial.
3. F = EG for some finite group G of automorphisms of E.
Proof. (1) (2). Let E be a finite, normal, separable extension
of F . By the Primitive Element Theorem, we can find an in E
such that E = F (). Let f (x) be the minimal polynomial of
over F . The field E must contain all of the roots of f (x) since it
is a normal extension F ; hence, E is a splitting field for f (x).
(2) (3). Let E be the splitting field over F of a separable polynomial. By Proposition 23.16, EG(E/F ) = F . Since
|G(E/F )| = [E : F ], this is a finite group.
(3) (1). Let F = EG for some finite group of automorphisms
G of E. Since [E : F ] |G|, E is a finite extension of F . To
show that E is a finite, normal extension of F , let f (x) F [x] be
an irreducible monic polynomial that has a root in E. We must
show that f (x) is the product of distinct linear factors in E[x]. By
Proposition 23.5, automorphisms in G permute the roots of f (x)
lying in E. Hence, if we let G act on , wecan obtain distinct
roots 1 = , 2 , . . . , n in E. Let g(x) = ni=1 (x i ). Then
g(x) is separable over F and g() = 0. Any automorphism in G
permutes the factors of g(x) since it permutes these roots; hence,
when acts on g(x), it must fix the coefficients of g(x). Therefore,
the coefficients of g(x) must be in F . Since deg g(x) deg f (x)
and f (x) is the minimal polynomial of , f (x) = g(x).
Corollary 23.19. Let K be a field extension of F such that F =
KG for some finite group of automorphisms G of K. Then G =
G(K/F ).
Proof. Since F = KG , G is a subgroup of G(K/F ). Hence,

[K : F ] |G| |G(K/F )| = [K : F ].
It follows that G = G(K/F ), since they must have the same order.
365
Before we determine the exact correspondence between field

extensionsand automorphisms of fields, let us return to a familiar
example.
Example 23.20.
In Example 23.4 we examined the automorphisms of Q( 3, 5 ) fixing Q. Figure 23.21 compares thelattice
of
field extensions of Q with the lattice of subgroups of G(Q( 3, 5 )/Q).
The Fundamental Theorem of Galois Theory tells us what the relationship is between the two lattices.

Q( 3, 5 )
{id, , , }
{id, }
{id, }
{id, }
{id}
Q( 3 )
Q( 5 ) Q( 15 )

Figure 23.21: G(Q( 3, 5 )/Q)
We are now ready to state and prove the Fundamental Theorem
of Galois Theory.
Theorem 23.22 (Fundamental Theorem of Galois Theory). Let
F be a finite field or a field of characteristic zero. If E is a finite normal extension of F with Galois group G(E/F ), then the
following statements are true.
1. The map K 7 G(E/K) is a bijection of subfields K of E
containing F with the subgroups of G(E/F ).
2. If F K E, then
[E : K] = |G(E/K)| and [K : F ] = [G(E/F ) : G(E/K)].
3. F K L E if and only if {id} G(E/L) G(E/K)
G(E/F ).
4. K is a normal extension of F if and only if G(E/K) is a
normal subgroup of G(E/F ). In this case
G(K/F )
= G(E/F )/G(E/K).
Proof. (1) Suppose that G(E/K) = G(E/L) = G. Both K and

L are fixed fields of G; hence, K = L and the map defined by
K 7 G(E/K) is one-to-one. To show that the map is onto, let G
be a subgroup of G(E/F ) and K be the field fixed by G. Then
366
F K E; consequently, E is a normal extension of K. Thus,

G(E/K) = G and the map K 7 G(E/K) is a bijection.
(2) By Theorem 23.7, |G(E/K)| = [E : K]; therefore,
|G(E/F )| = [G(E/F ) : G(E/K)]|G(E/K)| = [E : F ] = [E : K][K : F ].
Thus, [K : F ] = [G(E/F ) : G(E/K)].
(3) Statement (3) is illustrated in Figure 23.23. We leave the
proof of this property as an exercise.
(4) This part takes a little more work. Let K be a normal
extension of F . If is in G(E/F ) and is in G(E/K), we need
to show that 1 is in G(E/K); that is, we need to show that
1 () = for all K. Suppose that f (x) is the minimal
polynomial of over F . Then () is also a root of f (x) lying in
K, since K is a normal extension of F . Hence, (()) = () or
1 () = .
Conversely, let G(E/K) be a normal subgroup of G(E/F ). We
need to show that F = KG(K/F ) . Let G(E/K). For all
G(E/F ) there exists a G(E/K) such that = .
Consequently, for all K
(()) = ( ()) = ();
hence, () must be in the fixed field of G(E/K). Let be the
restriction of to K. Then is an automorphism of K fixing F ,
since () K for all K; hence, G(K/F ). Next, we will
show that the fixed field of G(K/F ) is F . Let be an element in
K that is fixed by all automorphisms in G(K/F ). In particular,
() = for all G(E/F ). Therefore, belongs to the fixed
field F of G(E/F ).
Finally, we must show that when K is a normal extension of F ,
G(K/F )
= G(E/F )/G(E/K).
For G(E/F ), let K be the automorphism of K obtained by
restricting to K. Since K is a normal extension, the argument in
the preceding paragraph shows that K G(K/F ). Consequently,
we have a map : G(E/F ) G(K/F ) defined by 7 K . This
map is a group homomorphism since
( ) = ( )K = K K = ()( ).
The kernel of is G(E/K). By (2),
|G(E/F )|/|G(E/K)| = [K : F ] = |G(K/F )|.
Hence, the image of is G(K/F ) and is onto. Applying the First
Isomorphism Theorem, we have
G(K/F )
= G(E/F )/G(E/K).

E
{id}
G(E/L)
G(E/K)
G(E/F )
367
Figure 23.23: Subgroups of G(E/F ) and subfields of E
Example 23.24. In this example we will illustrate the Fundamental Theorem of Galois Theory by determining the lattice of
subgroups of the Galois group of f (x) = x4 2. We will compare
this lattice to the lattice of field extensions of Q that are contained
4
2, i).
in the splitting field of x4 2. The splitting field
of
f
(x)
is
Q(
2
2
To see this, notice that
f (x) factors
as (x + 2 )(x 2 ); hence,
adjoin the root 4 2

the roots of f (x) are 4 2 and 4 2 i. We first
2 + 1 to Q( 4 2 ). The splitting
to Q and then adjoin the
root i of x
field of f (x) is then Q( 4 2 )(i) = Q( 4 2, i).
4
4
Since [Q(
2 ) : Q] =4 and i is not in Q(
2 ), it must be the
4
4
4
case that [Q( 2, i) : Q( 2 )] = 2. Hence, [Q( 2, i) : Q] = 8. The
set
{1,
4
4
4
4
4
4
2, ( 2 )2 , ( 2 )3 , i, i 2, i( 2 )2 , i( 2 )3 }
4
is a basis of Q(
2, i) over Q. The lattice of field extensions of Q
4
contained in Q( 2, i) is illustrated in Figure 23.25(a).
The Galois group G of f
(x) mustbe of order 8. Let be the
automorphism defined by ( 4 2 ) = i 4 2 and (i) = i, and be the
automorphism defined by complex conjugation; that is, (i) = i.
Then G has an element of order 4 and an element of order 2. It
is easy to verify by direct computation that the elements of G are
{id, , 2 , 3 , , , 2 , 3 } and that the relations 2 = id, 4 =
id, and = 1 are satisfied; hence, G must be isomorphic to
D4 . The lattice of subgroups of G is illustrated in Figure 23.25(b).
368
Q( 4 2, i)
Q( 4 2 )
Q( 4 2 i)
Q( 2, i)
Q( 2 )
Q(i)
Q((1 + i) 4 2 ) Q((1 i) 4 2 )
Q( 2 i)
(a)
D4
{id, 2 , , 2 } {id, , 2 , 3 }{id, 2 , , 3 }
{id, }
{id, 2 }
{id, 2 }
{id, }
{id}
{id, 3 }
(b)
Figure 23.25: Galois group of x4 2
Historical Note
Solutions for the cubic and quartic equations were discovered
in the 1500s. Attempts to find solutions for the quintic equations
puzzled some of historys best mathematicians. In 1798, P. Ruffini
submitted a paper that claimed no such solution could be found;
however, the paper was not well received. In 1826, Niels Henrik
Abel (18021829) finally offered the first correct proof that quintics
are not always solvable by radicals.
Abel inspired the work of variste Galois. Born in 1811, Galois began to display extraordinary mathematical talent at the age
of 14. He applied for entrance to the cole Polytechnique several
times; however, he had great difficulty meeting the formal entrance
requirements, and the examiners failed to recognize his mathematical genius. He was finally accepted at the cole Normale in 1829.
Galois worked to develop a theory of solvability for polynomials. In 1829, at the age of 17, Galois presented two papers on the
solution of algebraic equations to the Acadmie des Sciences de
23.3. APPLICATIONS
369
Paris. These papers were sent to Cauchy, who subsequently lost

them. A third paper was submitted to Fourier, who died before he
could read the paper. Another paper was presented, but was not
published until 1846.
Galois democratic sympathies led him into the Revolution of
1830. He was expelled from school and sent to prison for his part
in the turmoil. After his release in 1832, he was drawn into a duel
possibly over a love affair. Certain that he would be killed, he
spent the evening before his death outlining his work and his basic
ideas for research in a long letter to his friend Chevalier. He was
indeed dead the next day, at the age of 20.
23.3
Applications
Solvability by Radicals
Throughout this section we shall assume that all fields have characteristic zero to ensure that irreducible polynomials do not have
multiple roots. The immediate goal of this section is to determine
when the roots of a polynomial f (x) can be computed with a finite
number of operations on the coefficients of f (x). The allowable
operations are addition, subtraction, multiplication, division, and
the extraction of nth roots. Certainly the solution to the quadratic
equation, ax2 + bx + c = 0, illustrates this process:
x=
b2 4ac
.
2a
The only one of these operations that might demand a larger field
is the taking of nth roots. We are led to the following definition.
An extension field E of a field F is an extension by radicals
if there exists a chain of subfields
F = F0 F1 F2 Fr = E
such for i = 1, 2, . . . , r, we have Fi = Fi1 (i ) and ini Fi1
for some positive integer ni . A polynomial f (x) is solvable by
radicals over F if the splitting field K of f (x) over F is contained
in an extension of F by radicals. Our goal is to arrive at criteria
that will tell us whether or not a polynomial f (x) is solvable by
radicals by examining the Galois group f (x).
The easiest polynomial to solve by radicals is one of the form
xn a. As we discussed in Chapter 4, the roots of xn 1 are
called the nth roots of unity. These roots are a finite subgroup
of the splitting field of xn 1. By Corollary 22.11, the nth roots
of unity form a cyclic group. Any generator of this group is called
a primitive nth root of unity.
370
Example 23.26. The polynomial xn 1 is solvable by radicals

over Q. The roots of this polynomial are 1, , 2 , . . . , n1 , where
(
= cos
2
n
(
+ i sin
2
n
)
.
The splitting field of xn 1 over Q is Q().

We shall prove that a polynomial is solvable by radicals if its
Galois group is solvable. Recall that a subnormal series of a group
G is a finite sequence of subgroups
G = Hn Hn1 H1 H0 = {e},
where Hi is normal in Hi+1 . A group G is solvable if it has a
subnormal series {Hi } such that all of the factor groups Hi+1 /Hi
are abelian. For example, if we examine the series {id} A3 S3 ,
we see that S3 is solvable. On the other hand, S5 is not solvable,
by Theorem 10.11.
Lemma 23.27. Let F be a field of characteristic zero and E be
the splitting field of xn a over F with a F . Then G(E/F ) is a
solvable group.
Proof. The roots of xn a are n a, n a, . . . , n1 n a, where

is a primitive nth root of unity. Suppose that F contains all of
its nth roots of unity. If is one of the roots of xn a, then
distinct roots of xn a are , , . . . , n1 , and E = F (). Since
G(E/F ) permutes the roots xn a, the elements in G(E/F ) must
be determined by their action on these roots. Let and be
in G(E/F ) and suppose that () = i and () = j . If F
contains the roots of unity, then
() = ( j ) = j () = i+j = i () = ( i ) = ().
Therefore, = and G(E/F ) is abelian, and G(E/F ) must be
solvable.
Now suppose that F does not contain a primitive nth root of
unity. Let be a generator of the cyclic group of the nth roots
of unity. Let be a zero of xn a. Since and are both
in the splitting field of xn a, = ()/ is also in E. Let
K = F (). Then F K E. Since K is the splitting field of
xn 1, K is a normal extension of F . Therefore, any automorphism
in G(F ()/F ) is determined by (). It must be the case that
() = i for some integer i since all of the zeros of xn 1 are
powers of . If () = j is in G(F ()/F ), then
() = ( j ) = [()]j = ij = [ ()]i = ( i ) = ().
23.3. APPLICATIONS
371
Therefore, G(F ()/F ) is abelian. By the Fundamental Theorem

of Galois Theory the series
{id} G(E/F ()) G(E/F )
is a normal series. By our previous argument, G(E/F ()) is abelian.
Since
G(E/F )/G(E/F ())
= G(F ()/F )
is also abelian, G(E/F ) is solvable.
Lemma 23.28. Let F be a field of characteristic zero and let
F = F0 F1 F2 Fr = E
a radical extension of F . Then there exists a normal radical extension
F = K0 K1 K2 Kr = K
such that K that contains E and Ki is a normal extension of Ki1 .
Proof. Since E is a radical extension of F , there exists a chain
of subfields
F = F0 F1 F2 Fr = E
such for i = 1, 2, . . . , r, we have Fi = Fi1 (i ) and ini Fi1 for
some positive integer ni . We will build a normal radical extension
of F ,
F = K0 K1 K2 Kr = K
such that K E. Define K1 for be the splitting field of xn1 1n1 .
The roots of this polynomial are 1 , 1 , 1 2 , . . . , 1 n1 1 , where
is a primitive n1 th root of unity. If F contains all of its n1 roots
of unity, then K1 = F (! ). On the other hand, suppose that F does
not contain a primitive n1 th root of unity. If is a root of xn1 1n1 ,
then all of the roots of xn1 1n1 must be , , . . . , n1 1 , where
is a primitive n1 th root of unity. In this case, K1 = F (). Thus,
K1 is a normal radical extension of F containing F1 . Continuing
in this manner, we obtain
F = K0 K1 K2 Kr = K
such that Ki is a normal extension of Ki1 and Ki Fi for i =
1, 2, . . . , r.
We will now prove the main theorem about solvability by radicals.
Theorem 23.29. Let f (x) be in F [x], where char F = 0. If f (x)
is solvable by radicals, then the Galois group of f (x) over F is
solvable.
372
Proof. Since f (x) is solvable by radicals there exists an extension

E of F by radicals F = F0 F1 Fn = E. By Lemma 23.28,
we can assume that E is a splitting field f (x) and Fi is normal over
Fi1 . By the Fundamental Theorem of Galois Theory, G(E/Fi ) is
a normal subgroup of G(E/Fi1 ). Therefore, we have a subnormal
series of subgroups of G(E/F ):
{id} G(E/Fn1 ) G(E/F1 ) G(E/F ).
Again by the Fundamental Theorem of Galois Theory, we know
that
G(E/Fi1 )/G(E/Fi )
= G(Fi /Fi1 ).
By Lemma 23.27, G(Fi /Fi1 ) is solvable; hence, G(E/F ) is also
solvable.
The converse of Theorem 23.29 is also true. For a proof, see

any of the references at the end of this chapter.
Insolvability of the Quintic

We are now in a position to find a fifth-degree polynomial that
is not solvable by radicals. We merely need to find a polynomial
whose Galois group is S5 . We begin by proving a lemma.
Lemma 23.30. If p is prime, then any subgroup of Sp that contains
a transposition and a cycle of length p must be all of Sp .
Proof. Let G be a subgroup of Sp that contains a transposition

and a cycle of length p. We may assume that = (12). The
order of is p and n must be a cycle of length p for 1 n < p.
Therefore, we may assume that = n = (12i3 . . . ip ) for some n,
where 1 n < p (see Exercise 5.3.13 in Chapter 5). Noting that
(12)(12i3 . . . ip ) = (2i3 . . . ip ) and (2i3 . . . ip )k (12)(2i3 . . . ip )k =
(1ik ), we can obtain all the transpositions of the form (1n) for
1 n < p. However, these transpositions generate all transpositions in Sp , since (1j)(1i)(1j) = (ij). The transpositions generate
Sp .
23.3. APPLICATIONS
373
60
5
3
40 f(x) = x 6x 27x3
20
-3
-2
-1
-20
-40
-60
Figure 23.31: The graph of f (x) = x5 6x3 27x 3
Example 23.32. We will show that f (x) = x5 6x3 27x 3
Q[x] is not solvable. We claim that the Galois group of f (x) over Q
is S5 . By Eisensteins Criterion, f (x) is irreducible and, therefore,
must be separable. The derivative of f (x) is f (x) = 5x4 18x2 27;
hence, setting f (x) = 0 and solving, we find that the only real roots
of f (x) are

6 6+9
.
x=
5
Therefore, f (x) can have at most one maximum and one minimum.
It is easy to show that f (x) changes sign between 3 and 2, between 2 and 0, and once again between 0 and 4 (Figure 23.31).
Therefore, f (x) has exactly three distinct real roots. The remaining two roots of f (x) must be complex conjugates. Let K be the
splitting field of f (x). Since f (x) has five distinct roots in K and
every automorphism of K fixing Q is determined by the way it
permutes the roots of f (x), we know that G(K/Q) is a subgroup
of S5 . Since f is irreducible, there is an element in G(K/Q)
such that (a) = b for two roots a and b of f (x). The automorphism of C that takes a + bi 7 a bi leaves the real roots fixed and
interchanges the complex roots; consequently, G(K/Q) S5 . By
Lemma 23.30, S5 is generated by a transposition and an element of
order 5; therefore, G(K/Q) must be all of S5 . By Theorem 10.11,
374
S5 is not solvable. Consequently, f (x) cannot be solved by radicals.
The Fundamental Theorem of Algebra

It seems fitting that the last theorem that we will state and prove
is the Fundamental Theorem of Algebra. This theorem was first
proven by Gauss in his doctoral thesis. Prior to Gausss proof,
mathematicians suspected that there might exist polynomials over
the real and complex numbers having no solutions. The Fundamental Theorem of Algebra states that every polynomial over the
complex numbers factors into distinct linear factors.
Theorem 23.33 (Fundamental Theorem of Algebra). The field of
complex numbers is algebraically closed; that is, every polynomial
in C[x] has a root in C.
Proof. Suppose that E is a proper finite field extension of the
complex numbers. Since any finite extension of a field of characteristic zero is a simple extension, there exists an E such that
E = C() with the root of an irreducible polynomial f (x) in
C[x]. The splitting field L of f (x) is a finite normal separable extension of C that contains E. We must show that it is impossible
for L to be a proper extension of C.
Suppose that L is a proper extension of C. Since L is the
splitting field of f (x)(x2 + 1) over R, L is a finite normal separable
extension of R. Let K be the fixed field of a Sylow 2-subgroup G
of G(L/R). Then L K R and |G(L/K)| = [L : K]. Since
[L : R] = [L : K][K : R], we know that [K : R] must be odd.
Consequently, K = R() with having a minimal polynomial f (x)
of odd degree. Therefore, K = R.
We now know that G(L/R) must be a 2-group. It follows that
G(L/C) is a 2-group. We have assumed that L = C; therefore,
|G(L/C)| 2. By the first Sylow Theorem and the Fundamental
Theorem of Galois Theory, there exists a subgroup G of G(L/C) of
index 2 and a field E fixed elementwise by G. Then [E : C] = 2 and
there exists an element E with minimalpolynomial x2 + bx + c
in C[x]. This polynomial has roots (b b2 4c )/2 that are in
C, since b2 4c is in C. This is impossible; hence, L = C.
Although our proof was strictly algebraic, we were forced to
rely on results from calculus. It is necessary to assume the completeness axiom from analysis to show that every polynomial of odd
degree has a real root and that every positive real number has a
square root. It seems that there is no possible way to avoid this difficulty and formulate a purely algebraic argument. It is somewhat
amazing that there are several elegant proofs of the Fundamental
Theorem of Algebra that use complex analysis. It is also interesting to note that we can obtain a proof of such an important
theorem from two very different fields of mathematics.
23.4. EXERCISES
375
Sage Fields, field extensions, roots of polynomials, and group

theory Sage has it all, and so it is possible to carefully study
very complicated examples from Galois Theory with Sage.
23.4
Exercises
1. Compute each of the following Galois groups. Which of these

field extensions are normal field extensions? If the extension is not
normal, find a normal extension of Q in which the extension field
is contained.
(a) G(Q( 30 )/Q)
(b) G(Q( 4 5 )/Q)

(c) G(Q( 2, 3, 5 )/Q)

(d) G(Q( 2, 3 2, i)/Q)
(e) G(Q( 6, i)/Q)
2. Determine the separability of each of the following polynomials.

(a) x3 + 2x2 x 2 over Q
(c) x4 + x2 + 1 over Z3
(b) x4 + 2x2 + 1 over Q
(d) x3 + x2 + 1 over Z2
3. Give the order and describe a generator of the Galois group of

GF(729) over GF(9).
4. Determine the Galois groups of each of the following polynomials in Q[x]; hence, determine the solvability by radicals of each of
the polynomials.
(a)
(b)
(c)
(d)
(e)
x5 12x2 + 2
x5 4x4 + 2x + 2
x3 5
x4 x2 6
x5 + 1
(f) (x2 2)(x2 + 2)

(g) x8 1
(h) x8 + 1
(i) x4 3x2 10
5. Find a primitive element in the splitting field of each of the

following polynomials in Q[x].
(a) x4 1
(c) x4 2x2 15
(b) x4 8x2 + 15
(d) x3 2
6. Prove that the Galois group of an irreducible quadratic polynomial is isomorphic to Z2 .
376
7. Prove that the Galois group of an irreducible cubic polynomial

is isomorphic to S3 or Z3 .
8. Let F K E be fields. If E is a normal extension of F , show
that E must also be a normal extension of K.
9. Let G be the Galois group of a polynomial of degree n. Prove
that |G| divides n!.
10. Let F E. If f (x) is solvable over F , show that f (x) is also
solvable over E.
11. Construct a polynomial f (x) in Q[x] of degree 7 that is not
solvable by radicals.
12. Let p be prime. Prove that there exists a polynomial f (x)
Q[x] of degree p with Galois group isomorphic to Sp . Conclude that
for each prime p with p 5 there exists a polynomial of degree p
that is not solvable by radicals.
13. Let p be a prime and Zp (t) be the field of rational functions
over Zp . Prove that f (x) = xp t is an irreducible polynomial in
Zp (t)[x]. Show that f (x) is not separable.
14. Let E be an extension field of F . Suppose that K and L are
two intermediate fields. If there exists an element G(E/F )
such that (K) = L, then K and L are said to be conjugate
fields. Prove that K and L are conjugate if and only if G(E/K)
and G(E/L) are conjugate subgroups of G(E/F ).
15. Let Aut(R). If a is a positive real number, show that
(a) > 0.
16. Let K be the splitting field of x3 + x2 + 1 Z2 [x]. Prove or
disprove that K is an extension by radicals.
17. Let F be a field such that char F = 2. Prove that the splitting
field of f (x) = ax2 + bx + c is F ( ), where = b2 4ac.

18. Prove or disprove: Two different subgroups of a Galois group
will have different fixed fields.
19. Let K be the splitting field of a polynomial over F . If E is a
field extension of F contained in K and [E : F ] = 2, then E is the
splitting field of some polynomial in F [x].
20. We know that the cyclotomic polynomial
p (x) =
xp 1
= xp1 + xp2 + + x + 1
x1
377
is irreducible over Q for every prime p. Let be a zero of p (x),

and consider the field Q().
(a) Show that , 2 , . . . , p1 are distinct zeros of p (x), and
conclude that they are all the zeros of p (x).
(b) Show that G(Q()/Q) is abelian of order p 1.
(c) Show that the fixed field of G(Q()/Q) is Q.
21. Let F be a finite field or a field of characteristic zero. Let E be
a finite normal extension of F with Galois group G(E/F ). Prove
that F K L E if and only if {id} G(E/L) G(E/K)
G(E/F ).
22. Let F be a field of characteristic zero and let f (x) F [x] be a
separable polynomial of degree n. If E is the splitting
field of f (x),
let 1 , . . . , n be the roots of f (x) in E. Let = i<j (i j ).
We define the discriminant of f (x) to be 2 .
(a) If f (x) = x2 + bx + c, show that 2 = b2 4c.
(b) If f (x) = x3 + px + q, show that 2 = 4p3 27q 2 .
(c) Prove that 2 is in F .
(d) If G(E/F ) is a transposition of two roots of f (x), show
that () = .
(e) If G(E/F ) is an even permutation of the roots of f (x),
show that () = .
(f) Prove that G(E/F ) is isomorphic to a subgroup of An if and
only if F .
(g) Determine the Galois groups of x3 + 2x 4 and x3 + x 3.
23.5
[1]
Artin, E. Theory: Lectures Delivered at the University of

Notre Dame (Notre Dame Mathematical Lectures, Number
2). Dover, Mineola, NY, 1997.
[2]
Edwards, H. M. Galois Theory. Springer-Verlag, New York,

1984.
[3]

[4]
Gaal, L. Classical Galois Theory with Examples. American

Mathematical Society, Providence, 1979.
378
[5]
Garling, D. J. H. A Course in Galois Theory. Cambridge

University Press, Cambridge, 1986.
[6]
Kaplansky, I. Fields and Rings. 2nd ed. University of Chicago

Press, Chicago, 1972.
[7]
Rothman, T. The Short Life of variste Galois, Scientific

American, April 1982, 13649.
A
GNU Free
Documentation License
Version 1.3, 3 November 2008

Copyright 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
0. PREAMBLE The purpose of this License is to make a manual, textbook, or other functional and useful document free in
the sense of freedom: to assure everyone the effective freedom to
copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves
for the author and publisher a way to get credit for their work,
while not being considered responsible for modifications made by
others.
This License is a kind of copyleft, which means that derivative works of the document must themselves be free in the same
sense. It complements the GNU General Public License, which is
a copyleft license designed for free software.
We have designed this License in order to use it for manuals
for free software, because free software needs free documentation:
a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to
software manuals; it can be used for any textual work, regardless
of subject matter or whether it is published as a printed book.
We recommend this License principally for works whose purpose is
instruction or reference.
1. APPLICABILITY AND DEFINITIONS This License
applies to any manual or other work, in any medium, that contains
a notice placed by the copyright holder saying it can be distributed
under the terms of this License. Such a notice grants a world-wide,
royalty-free license, unlimited in duration, to use that work under
the conditions stated herein. The Document, below, refers to any
379
380 APPENDIX A. GNU FREE DOCUMENTATION LICENSE

such manual or work. Any member of the public is a licensee, and
is addressed as you. You accept the license if you copy, modify or
distribute the work in a way requiring permission under copyright
law.
A Modified Version of the Document means any work containing the Document or a portion of it, either copied verbatim, or
with modifications and/or translated into another language.
A Secondary Section is a named appendix or a front-matter
section of the Document that deals exclusively with the relationship
of the publishers or authors of the Document to the Documents
overall subject (or to related matters) and contains nothing that
could fall directly within that overall subject. (Thus, if the Document is in part a textbook of mathematics, a Secondary Section
may not explain any mathematics.) The relationship could be a
matter of historical connection with the subject or with related
matters, or of legal, commercial, philosophical, ethical or political
position regarding them.
The Invariant Sections are certain Secondary Sections whose
titles are designated, as being those of Invariant Sections, in the
notice that says that the Document is released under this License.
If a section does not fit the above definition of Secondary then it
is not allowed to be designated as Invariant. The Document may
contain zero Invariant Sections. If the Document does not identify
any Invariant Sections then there are none.
The Cover Texts are certain short passages of text that are
listed, as Front-Cover Texts or Back-Cover Texts, in the notice that
says that the Document is released under this License. A FrontCover Text may be at most 5 words, and a Back-Cover Text may
be at most 25 words.
A Transparent copy of the Document means a machine-readable
copy, represented in a format whose specification is available to the
general public, that is suitable for revising the document straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available
drawing editor, and that is suitable for input to text formatters or
for automatic translation to a variety of formats suitable for input
to text formatters. A copy made in an otherwise Transparent file
format whose markup, or absence of markup, has been arranged
to thwart or discourage subsequent modification by readers is not
Transparent. An image format is not Transparent if used for any
substantial amount of text. A copy that is not Transparent is
called Opaque.
Examples of suitable formats for Transparent copies include
plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and
standard-conforming simple HTML, PostScript or PDF designed
for human modification. Examples of transparent image formats
include PNG, XCF and JPG. Opaque formats include proprietary
381
formats that can be read and edited only by proprietary word
processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated
HTML, PostScript or PDF produced by some word processors for
output purposes only.
The Title Page means, for a printed book, the title page
itself, plus such following pages as are needed to hold, legibly, the
material this License requires to appear in the title page. For works
in formats which do not have any title page as such, Title Page
means the text near the most prominent appearance of the works
title, preceding the beginning of the body of the text.
The publisher means any person or entity that distributes
copies of the Document to the public.
A section Entitled XYZ means a named subunit of the Document whose title either is precisely XYZ or contains XYZ in parentheses following text that translates XYZ in another language.
(Here XYZ stands for a specific section name mentioned below,
such as Acknowledgements, Dedications, Endorsements, or
History.) To Preserve the Title of such a section when you
modify the Document means that it remains a section Entitled
XYZ according to this definition.
The Document may include Warranty Disclaimers next to the
notice which states that this License applies to the Document.
These Warranty Disclaimers are considered to be included by reference in this License, but only as regards disclaiming warranties:
any other implication that these Warranty Disclaimers may have
is void and has no effect on the meaning of this License.
2. VERBATIM COPYING You may copy and distribute
the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the
license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures
to obstruct or control the reading or further copying of the copies
you make or distribute. However, you may accept compensation
in exchange for copies. If you distribute a large enough number of
copies you must also follow the conditions in section 3.
You may also lend copies, under the same conditions stated
above, and you may publicly display copies.
3. COPYING IN QUANTITY If you publish printed copies
(or copies in media that commonly have printed covers) of the
Document, numbering more than 100, and the Documents license
notice requires Cover Texts, you must enclose the copies in covers
that carry, clearly and legibly, all these Cover Texts: Front-Cover
Texts on the front cover, and Back-Cover Texts on the back cover.

Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title
with all words of the title equally prominent and visible. You may
add other material on the covers in addition. Copying with changes
limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim
copying in other respects.
If the required texts for either cover are too voluminous to fit
legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent
pages.
If you publish or distribute Opaque copies of the Document
numbering more than 100, you must either include a machinereadable Transparent copy along with each Opaque copy, or state
in or with each Opaque copy a computer-network location from
which the general network-using public has access to download
using public-standard network protocols a complete Transparent
copy of the Document, free of added material. If you use the latter
option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this
Transparent copy will remain thus accessible at the stated location
until at least one year after the last time you distribute an Opaque
copy (directly or through your agents or retailers) of that edition
to the public.
It is requested, but not required, that you contact the authors
of the Document well before redistributing any large number of
copies, to give them a chance to provide you with an updated
version of the Document.
4. MODIFICATIONS You may copy and distribute a Modified Version of the Document under the conditions of sections 2
and 3 above, provided that you release the Modified Version under
precisely this License, with the Modified Version filling the role of
the Document, thus licensing distribution and modification of the
Modified Version to whoever possesses a copy of it. In addition,
you must do these things in the Modified Version:
1. Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous
versions (which should, if there were any, be listed in the History section of the Document). You may use the same title
as a previous version if the original publisher of that version
gives permission.
2. List on the Title Page, as authors, one or more persons or
entities responsible for authorship of the modifications in the
Modified Version, together with at least five of the principal authors of the Document (all of its principal authors,
383
if it has fewer than five), unless they release you from this
requirement.
3. State on the Title page the name of the publisher of the
Modified Version, as the publisher.
4. Preserve all the copyright notices of the Document.
5. Add an appropriate copyright notice for your modifications
adjacent to the other copyright notices.
6. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version
under the terms of this License, in the form shown in the
Addendum below.
7. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Documents license notice.
8. Include an unaltered copy of this License.
9. Preserve the section Entitled History, Preserve its Title,
and add to it an item stating at least the title, year, new
authors, and publisher of the Modified Version as given on
the Title Page. If there is no section Entitled History in
the Document, create one stating the title, year, authors, and
publisher of the Document as given on its Title Page, then
add an item describing the Modified Version as stated in the
previous sentence.
10. Preserve the network location, if any, given in the Document
for public access to a Transparent copy of the Document,
and likewise the network locations given in the Document
for previous versions it was based on. These may be placed
in the History section. You may omit a network location
for a work that was published at least four years before the
Document itself, or if the original publisher of the version it
refers to gives permission.
11. For any section Entitled Acknowledgements or Dedications, Preserve the Title of the section, and preserve in the
section all the substance and tone of each of the contributor
acknowledgements and/or dedications given therein.
12. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the
equivalent are not considered part of the section titles.
13. Delete any section Entitled Endorsements. Such a section
may not be included in the Modified Version.

14. Do not retitle any existing section to be Entitled Endorsements or to conflict in title with any Invariant Section.
15. Preserve any Warranty Disclaimers.
If the Modified Version includes new front-matter sections or
appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate
some or all of these sections as invariant. To do this, add their titles
to the list of Invariant Sections in the Modified Versions license
notice. These titles must be distinct from any other section titles.
You may add a section Entitled Endorsements, provided it
contains nothing but endorsements of your Modified Version by
various parties for example, statements of peer review or that
the text has been approved by an organization as the authoritative
definition of a standard.
You may add a passage of up to five words as a Front-Cover
Text, and a passage of up to 25 words as a Back-Cover Text, to
the end of the list of Cover Texts in the Modified Version. Only
one passage of Front-Cover Text and one of Back-Cover Text may
be added by (or through arrangements made by) any one entity.
If the Document already includes a cover text for the same cover,
previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you
may replace the old one, on explicit permission from the previous
publisher that added the old one.
The author(s) and publisher(s) of the Document do not by this
License give permission to use their names for publicity for or to
assert or imply endorsement of any Modified Version.
5. COMBINING DOCUMENTS You may combine the Document with other documents released under this License, under the
terms defined in section 4 above for modified versions, provided
that you include in the combination all of the Invariant Sections
of all of the original documents, unmodified, and list them all as
Invariant Sections of your combined work in its license notice, and
that you preserve all their Warranty Disclaimers.
The combined work need only contain one copy of this License,
and multiple identical Invariant Sections may be replaced with a
single copy. If there are multiple Invariant Sections with the same
name but different contents, make the title of each such section
unique by adding at the end of it, in parentheses, the name of
the original author or publisher of that section if known, or else a
unique number. Make the same adjustment to the section titles in
the list of Invariant Sections in the license notice of the combined
work.
In the combination, you must combine any sections Entitled
History in the various original documents, forming one section
385
Entitled History; likewise combine any sections Entitled Acknowledgements, and any sections Entitled Dedications. You
must delete all sections Entitled Endorsements.
6. COLLECTIONS OF DOCUMENTS You may make a
collection consisting of the Document and other documents released
under this License, and replace the individual copies of this License
in the various documents with a single copy that is included in the
collection, provided that you follow the rules of this License for
verbatim copying of each of the documents in all other respects.
You may extract a single document from such a collection, and
distribute it individually under this License, provided you insert a
copy of this License into the extracted document, and follow this
License in all other respects regarding verbatim copying of that
document.
7. AGGREGATION WITH INDEPENDENT WORKS
A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of
a storage or distribution medium, is called an aggregate if the
copyright resulting from the compilation is not used to limit the
legal rights of the compilations users beyond what the individual
works permit. When the Document is included in an aggregate,
this License does not apply to the other works in the aggregate
which are not themselves derivative works of the Document.
If the Cover Text requirement of section 3 is applicable to these
copies of the Document, then if the Document is less than one half
of the entire aggregate, the Documents Cover Texts may be placed
on covers that bracket the Document within the aggregate, or the
electronic equivalent of covers if the Document is in electronic form.
Otherwise they must appear on printed covers that bracket the
whole aggregate.
8. TRANSLATION Translation is considered a kind of modification, so you may distribute translations of the Document under
the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but
you may include translations of some or all Invariant Sections in
addition to the original versions of these Invariant Sections. You
may include a translation of this License, and all the license notices in the Document, and any Warranty Disclaimers, provided
that you also include the original English version of this License
and the original versions of those notices and disclaimers. In case
of a disagreement between the translation and the original version
of this License or a notice or disclaimer, the original version will
prevail.

If a section in the Document is Entitled Acknowledgements,
Dedications, or History, the requirement (section 4) to Preserve its Title (section 1) will typically require changing the actual
title.
9. TERMINATION You may not copy, modify, sublicense, or
distribute the Document except as expressly provided under this
License. Any attempt otherwise to copy, modify, sublicense, or
distribute it is void, and will automatically terminate your rights
under this License.
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate
the licenses of parties who have received copies or rights from you
under this License. If your rights have been terminated and not
permanently reinstated, receipt of a copy of some or all of the same
material does not give you any rights to use it.
10. FUTURE REVISIONS OF THIS LICENSE The Free
Software Foundation may publish new, revised versions of the GNU
Free Documentation License from time to time. Such new versions
will be similar in spirit to the present version, but may differ in
detail to address new problems or concerns. See Copyleft.
Each version of the License is given a distinguishing version
number. If the Document specifies that a particular numbered
version of this License or any later version applies to it, you have
the option of following the terms and conditions either of that
specified version or of any later version that has been published
(not as a draft) by the Free Software Foundation. If the Document
does not specify a version number of this License, you may choose
any version ever published (not as a draft) by the Free Software
Foundation. If the Document specifies that a proxy can decide
which future versions of this License can be used, that proxys
public statement of acceptance of a version permanently authorizes
you to choose that version for the Document.
387
11. RELICENSING Massive Multiauthor Collaboration Site
(or MMC Site) means any World Wide Web server that publishes
copyrightable works and also provides prominent facilities for anybody to edit those works. A public wiki that anybody can edit is an
example of such a server. A Massive Multiauthor Collaboration
(or MMC) contained in the site means any set of copyrightable
works thus published on the MMC site.
CC-BY-SA means the Creative Commons Attribution-Share
Alike 3.0 license published by Creative Commons Corporation, a
not-for-profit corporation with a principal place of business in San
Francisco, California, as well as future copyleft versions of that
license published by that same organization.
Incorporate means to publish or republish a Document, in
whole or in part, as part of another Document.
An MMC is eligible for relicensing if it is licensed under this
License, and if all works that were first published under this License
somewhere other than this MMC, and subsequently incorporated in
whole or in part into the MMC, (1) had no cover texts or invariant
sections, and (2) were thus incorporated prior to November 1, 2008.
The operator of an MMC Site may republish an MMC contained in the site under CC-BY-SA on the same site at any time
before August 1, 2009, provided the MMC is eligible for relicensing.
ADDENDUM: How to use this License for your documents To use this License in a document you have written, include a copy of the License in the document and put the following
copyright and license notices just after the title page:
Copyright YEAR YOUR NAME
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free
Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with
no Invariant Sections, no Front-Cover Texts, and no
Back-Cover Texts. A copy of the license is included
in the section entitled GNU Free Documentation License.
If you have Invariant Sections, Front-Cover Texts and BackCover Texts, replace the with Texts. line with this:
with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and
with the Back-Cover Texts being LIST.
If you have Invariant Sections without Cover Texts, or some
other combination of the three, merge those two alternatives to
suit the situation.

If your document contains nontrivial examples of program code,
we recommend releasing these examples in parallel under your
choice of free software license, such as the GNU General Public
License, to permit their use in free software.
Hints and Solutions to

Selected Exercises
1.3 Exercises
1. (a) A B = {2}; (b) B C = {5}.
2. (a) AB = {(a, 1), (a, 2), (a, 3), (b, 1), (b, 2), (b, 3), (c, 1), (c, 2), (c, 3)};
(d) A D = .
6. If x A (B C), then either x A or x B C. Thus,
x A B and A C. Hence, x (A B) (A C). Therefore,
A(B C) (AB)(AC). Conversely, if x (AB)(AC),
then x A B and A C. Thus, x A or x is in both B and C.
So x A (B C) and therefore (A B) (A C) A (B C).
Hence, A (B C) = (A B) (A C).
10. (A B) (A \ B) (B \ A) = (A B) (A B ) (B A ) =
[A(B B )](B A ) = A(B A ) = (AB)(AA ) = AB.
14. A \ (B C) = A (B C) = (A A) (B C ) = (A
B ) (A C ) = (A \ B) (A \ C).
17. (a) Not a map since f (2/3) is undefined; (b) this is a map;
(c) not a map, since f (1/2) = 3/4 but f (2/4) = 3/8; (d) this is a
map.
18. (a) f is one-to-one but not onto. f (R) = {x R : x > 0}.
(c) f is neither one-to-one nor onto. f (R) = {x : 1 x 1}.
20. (a) f (n) = n + 1.
22. (a) Let x, y A. Then g(f (x)) = (g f )(x) = (g f )(y) =
g(f (y)). Thus, f (x) = f (y) and x = y, so g f is one-to-one. (b)
Let c C, then c = (g f )(x) = g(f (x)) for some x A. Since
f (x) B, g is onto.
23. f 1 (x) = (x + 1)/(x 1).
24. (a) Let y f (A1 A2 ). Then there exists an x A1 A2 such
that f (x) = y. Hence, y f (A1 ) or f (A2 ). Therefore, y f (A1 )
f (A2 ). Consequently, f (A1 A2 ) f (A1 ) f (A2 ). Conversely, if
y f (A1 )f (A2 ), then y f (A1 ) or f (A2 ). Hence, there exists an
x in A1 or A2 such that f (x) = y. Thus, there exists an x A1 A2
389

such that f (x) = y. Therefore, f (A1 ) f (A2 ) f (A1 A2 ), and
f (A1 A2 ) = f (A1 ) f (A2 ).
25. (a) NThe relation fails to be symmetric. (b) The relation is
not reflexive, since 0 is not equivalent to itself. (c) The relation is
not transitive.
28. Let X = N { 2 } and define x y if x + y N.
2.3 Exercises
1. The base case, S(1) : [1(1 + 1)(2(1) + 1)]/6 = 1 = 12 is true.
Assume that S(k) : 12 + 22 + + k 2 = [k(k + 1)(2k + 1)]/6 is true.
Then
12 + 22 + + k 2 + (k + 1)2 = [k(k + 1)(2k + 1)]/6 + (k + 1)2
= [(k + 1)((k + 1) + 1)(2(k + 1) + 1)]/6,
and so S(k + 1) is true. Thus, S(n) is true for all positive integers
n.
3. The base case, S(4) : 4! = 24 > 16 = 24 is true. Assume
S(k) : k! > 2k is true. Then (k + 1)! = k!(k + 1) > 2k 2 = 2k+1 , so
S(k + 1) is true. Thus, S(n) is true for all positive integers n.
8. Follow the proof in Example 2.4.
11. The base case, S(0) : (1 + x)0 1 = 0 0 = 0 x is true.
Assume S(k) : (1 + x)k 1 kx is true. Then
(1 + x)k+1 1 = (1 + x)(1 + x)k 1
= (1 + x)k + x(1 + x)k 1
kx + x(1 + x)k
kx + x
= (k + 1)x,
so S(k + 1) is true. Therefore, S(n) is true for all positive integers
n.
17. For (a) and (b) use mathematical induction. (c) Show that
f1 = 1, f2 = 1, and fn+2 = fn+1 + fn . (d) Use part (c). (e) Use
part (b) and Exercise 2.3.16.
19. Use the Fundamental Theorem of Arithmetic.
23. Use the Principle of Well-Ordering and the division algorithm.
27. Since gcd(a, b) = 1, there exist integers r and s such that
ar + bs = 1. Thus, acr + bcs = c. Since a divides both bc and itself,
a must divide c.
29. Every prime must be of the form 2, 3, 6n + 1, or 6n + 5.
Suppose there are only finitely many primes of the form 6k + 5.
391
3.4 Exercises
1. (a) 3 + 7Z = {. . . , 4, 3, 10, . . .}; (c) 18 + 26Z; (e) 5 + 6Z.
2. (a) Not a group; (c) a group.
6.
1 5 7 11
1 1 5 7 11
5 5 1 11 7
7 7 11 1 5
11 11 7 5 1
8. Pick two matrices. Almost any pair will work.
15. There is a nonabelian group containing six elements.
16. Look at the symmetry group of an equilateral triangle or a
square.
17. The are five different groups of order 8.
18. Let
(
=
1 2 n
a1 a2 an
be in Sn . All of the ai s must be distinct. There are n ways to choose

a1 , n1 ways to choose a2 , . . ., 2 ways to choose an1 , and only one
way to choose an . Therefore, we can form in n(n 1) 2 1 = n!
ways.
25.
(aba1 )n = (aba1 )(aba1 ) (aba1 )
= ab(aa1 )b(aa1 )b b(aa1 )ba1
= abn a1 .
31. Since abab = (ab)2 = e = a2 b2 = aabb, we know that ba = ab.
35. H1 = {id}, H2 = {id, 1 , 2 }, H3 = {id, 1 }, H4 = {id, 2 },
H5 = {id, 3 }, S3 .
41. The identity of

G is 1 = 1+0 2. Since (a+b 2 )(c+d 2 ) =
(ac + 2bd)
+ (ad + bc) 2, G is closed
under multiplication. Finally,
(a + b 2 )1 = a/(a2 2b2 ) b 2/(a2 2b2 ).
46. Look at S3 .
49. Since a4 b = ba, it must be the case that b = a6 b = a2 ba, and
we can conclude that ab = a3 ba = ba.
4.4 Exercises
1. (a) False; (c) false; (e) true.
2. (a) 12; (c) infinite; (e) 10.

3. (a) 7Z = {. . . , 7, 0, 7, 14, . . .}; (b) {0, 3, 6, 9, 12, 15, 18, 21}; (c)
{0}, {0, 6}, {0, 4, 8}, {0, 3, 6, 9}, {0, 2, 4, 6, 8, 10}; (g) {1, 3, 7, 9}; (j)
{1, 1, i, i}.
4. (a)
(
) (
) (
) (
)
1 0
1 0
0 1
0 1
,
,
,
.
0 1
0 1
1 0
1 0
(c)
(
) (
) (
) (
) (
) (
)
1 0
1 1
1 1
0 1
0 1
1 0
,
,
,
,
,
.
0 1
1 0
1 0
1 1
1 1
0 1
10. (a) 0, 1, 1; (b) 1, 1
11. 1, 2, 3, 4, 6, 8, 12, 24.
15. (a) 3 + 3i; (c) 43 18i; (e) i
16. (a) 3 + i; (c) 3.
17. (a) 2 cis(7/4); (c) 2 2 cis(/4); (e) 3 cis(3/2).
18. (a) (1 i)/2; (c) 16(i 3 ); (e) 1/4.

22. (a) 292; (c) 1523.
27. |g h| = 1.
31. The identity element in any group has finite order. Let
g, h G have orders m and n, respectively. Since (g 1 )m = e
and (gh)mn = e, the elements of finite order in G form a subgroup
of G.
37. If g is an element distinct from the identity in G, g must
generate G; otherwise, g is a nontrivial proper subgroup of G.
5.3 Exercises
1. (a) (12453); (c) (13)(25).
2. (a) (135)(24); (c) (14)(23); (e) (1324); (g) (134)(25); (n) (17352).
3. (a) (16)(15)(13)(14); (c) (16)(14)(12).
4. (a1 , a2 , . . . , an )1 = (a1 , an , an1 , . . . , a2 )
5. (a) {(13), (13)(24), (132), (134), (1324), (1342)} is not a subgroup.
8. (12345)(678).
11. Permutations of the form
(1), (a1 , a2 )(a3 , a4 ), (a1 , a2 , a3 ), (a1 , a2 , a3 , a4 , a5 )
are possible for A5 .
17. Calculate (123)(12) and (12)(123).
25. Consider the cases (ab)(bc) and (ab)(cd).
30. For (a), show that 1 ((ai )) = (ai+1 ).
393
6.4 Exercises
1. The order of g and the order h must both divide the order of
G.
2. The possible orders must divide 60.
3. This is true for every proper nontrivial subgroup.
4. False.
5. (a) 8, 1 + 8, 2 + 8, 3 + 8, 4 + 8, 5 + 8, 6 + 8, and
7 + 8; (c) 3Z, 1 + 3Z, and 2 + 3Z.
7. 4(15) 48 1 (mod 15).
12. Let g1 gH. Show that g1 Hg and thus gH Hg.
19. Show that g(H K) = gH gK.
22. If gcd(m, n) = 1, then (mn) = (m)(n) (Exercise 2.3.26
in Chapter 2).
7.3 Exercises
1. LAORYHAPDWK
3. Hint: V = E, E = X (also used for spaces and punctuation),
K = R.
4. 26! 1
7. (a) 2791; (c) 112135 25032 442.
9. (a) 31; (c) 14.
10. (a) n = 11 41; (c) n = 8779 4327.
8.5 Exercises
2. This cannot be a group code since (0000)
/ C.
3. (a) 2; (c) 2.
4. (a) 3; (c) 4.
6. (a) dmin = 2; (c) dmin = 1.
7.
(a) (00000), (00101), (10011), (10110)
0
0
G = 1
0
1
1
0
1
1

(b) (000000), (010111), (101101), (111010)
1 0
0 1
1 0
G=
1 1
0 1
1 1
9. Multiple errors occur in one of the received words.
11. (a) A canonical parity-check matrix with standard generator
matrix

1
1

G = 0 .

0
1
(c) A canonical parity-check matrix with standard generator
matrix
1 0
0 1
G=
.
1 1
1 0
12. (a) All possible syndromes occur.
15. (a) C, (10000) + C, (01000) + C, (00100) + C, (00010) + C,
(11000) + C, (01100) + C, (01010) + C. A decoding table does not
exist for C since this is only a single error-detecting code.
19. Let x C have odd weight and define a map from the set of
odd codewords to the set of even codewords by y 7 x + y. Show
that this map is a bijection.
23. For 20 information positions, at least 6 check bits are needed
to ensure an error-correcting code.
9.3 Exercises
1. Every infinite cyclic group is isomorphic to Z by Theorem 9.7.
2. Define : C GL2 (R) by
(
(a + bi) =
)
a b
.
b a
3. False.
6. Define a map from Zn into the nth roots of unity by k 7
cis(2k/n).
395
8. Assume that Q is cyclic and try to find a generator.
11. There are two nonabelian and three abelian groups that are
not isomorphic.
16. (a) 12; (c) 5.
19. Draw the picture.
20. True.
25. True.
27. Let a be a generator for G. If : G H is an isomorphism,
show that (a) is a generator for H.
38. Any automorphism of Z6 must send 1 to another generator
of Z6 .
45. To show that is one-to-one, let g1 = h1 k1 and g2 = h2 k2
and consider (g1 ) = (g2 ).
10.3 Exercises
1. (a)
A4
(12)A4
A4
(12)A4
A4
(12)A4
(12)A4
A4
(c) D4 is not normal in S4 .

8. If a G is a generator for G, then aH is a generator for G/H.
11. For any g G, show that the map ig : G G defined by
ig : x 7 gxg 1 is an isomorphism of G with itself. Then consider
ig (H).
12. Suppose that g is normal in G and let y be an arbitrary
element of G. If x C(g), we must show that yxy 1 is also in
C(g). Show that (yxy 1 )g = g(yxy 1 ).
14. (a) Let g G and h G . If h = aba1 b1 , then
ghg 1 = gaba1 b1 g 1
= (gag 1 )(gbg 1 )(ga1 g 1 )(gb1 g 1 )
= (gag 1 )(gbg 1 )(gag 1 )1 (gbg 1 )1 .
1
We also need to show that if h = h1 hn with hi = ai bi a1
i bi ,
then ghg 1 is a product of elements of the same type. However,
ghg 1 = gh1 hn g 1 = (gh1 g 1 )(gh2 g 1 ) (ghn g 1 ).
11.3 Exercises
2. (a) is a homomorphism with kernel {0}; (c) is not a homomorphism.

4. Since (m + n) = 7(m + n) = 7m + 7n = (m) + (n), is a
homomorphism.
5. For any homomorphism : Z24 Z18 , the kernel of must
be a subgroup of Z24 and the image of must be a subgroup of
Z18 . Now use the fact that a generator must map to a generator.
9. Let a, b G. Then (a)(b) = (ab) = (ba) = (b)(a).
17. Find a counterexample.
12.3 Exercises
1.
] 1[
]
1[
x + y2 + x2 y2 =
x + y, x + y x2 y2
2
2
]
1[
=
x2 + 2x, y + y2 x2 y2
2
= x, y.
3. (a) is in SO(2); (c) is not in O(3).
5. (a) x, y = y, x.
7. Use the unimodular matrix
(
)
5 2
.
2 1
10. Show that the kernel of the map det : O(n) R is SO(n).
13. True.
17. p6m
13.3 Exercises
1. There are three possible groups.
4. (a) {0} 6 3 Z12 ; (e) {(1)}{0} {(1), (123), (132)}
{0} S3 {0} S3 2 S3 Z4 .
7. Use the Fundamental Theorem of Finitely Generated Abelian
Groups.
397
12. If N and G/N are solvable, then they have solvable series
N = Nn Nn1 N1 N0 = {e}
G/N = Gn /N Gn1 /N G1 /N G0 /N = {N }.
16. Use the fact that Dn has a cyclic subgroup of index 2.
21. G/G is abelian.
14.4 Exercises
1. Example 14.1: 0, R2 \ {0}. Example 14.2: X = {1, 2, 3, 4}.
2. (a) X(1) = {1, 2, 3}, X(12) = {3}, X(13) = {2}, X(23) = {1},
X(123) = X(132) = . G1 = {(1), (23)}, G2 = {(1), (13)}, G3 =
{(1), (12)}.
3. (a) O1 = O2 = O3 = {1, 2, 3}.
6. The conjugacy classes for S4 are
O(1) = {(1)},
O(12) = {(12), (13), (14), (23), (24), (34)},
O(12)(34) = {(12)(34), (13)(24), (14)(23)},
O(123) = {(123), (132), (124), (142), (134), (143), (234), (243)},
O(1234) = {(1234), (1243), (1324), (1342), (1423), (1432)}.
The class equation is 1 + 3 + 6 + 6 + 8 = 24.
8. (34 + 31 + 32 + 31 + 32 + 32 + 33 + 33 )/8 = 21.
11. The group of rigid motions of the cube can be described by
the allowable permutations of the six faces and is isomorphic to
S4 . There are the identity cycle, 6 permutations with the structure
(abcd) that correspond to the quarter turns, 3 permutations with
the structure (ab)(cd) that correspond to the half turns, 6 permutations with the structure (ab)(cd)(ef ) that correspond to rotating
the cube about the centers of opposite edges, and 8 permutations
with the structure (abc)(def ) that correspond to rotating the cube
about opposite vertices.
15. (1 26 + 3 24 + 4 23 + 2 22 + 2 21 )/12 = 13.
17. (1 28 + 3 26 + 2 24 )/6 = 80.
22. Use the fact that x gC(a)g 1 if and only if g 1 xg C(a).
15.3 Exercises
1. If |G| = 18 = 2 32 , then the order of a Sylow 2-subgroup is 2,
and the order of a Sylow 3-subgroup is 9.
2. The four Sylow 3-subgroups of S4 are P1 = {(1), (123), (132)},
P2 = {(1), (124), (142)}, P3 = {(1), (134), (143)}, P4 = {(1), (234), (243)}.

5. Since |G| = 96 = 25 3, G has either one or three Sylow
2-subgroups by the Third Sylow Theorem. If there is only one
subgroup, we are done. If there are three Sylow 2-subgroups, let H
and K be two of them. Therefore, |H K| 16; otherwise, HK
would have (32 32)/8 = 128 elements, which is impossible. Thus,
H K is normal in both H and K since it has index 2 in both
groups.
8. Show that G has a normal Sylow p-subgroup of order p2 and
a normal Sylow q-subgroup of order q 2 .
10. False.
17. If G is abelian, then G is cyclic, since |G| = 3 5 17. Now
look at Example 15.14.
23. Define a mapping between the right cosets of N (H) in G and
the conjugates of H in G by N (H)g 7 g 1 Hg. Prove that this
map is a bijection.
26. Let aG , bG G/G . Then (aG )(bG ) = abG = ab(b1 a1 ba)G =
(abb1 a1 )baG = baG .
16.6 Exercises
1. (a) 7Z is a ring but not a field; (c) Q( 2 ) is a field; (f) R is

not a ring.
3. (a) {1, 3, 7, 9}; (c) {1, 2, 3, 4, 5, 6}; (e)
{(
) (
) (
) (
) (
) (
) }
1 0
1 1
1 0
0 1
1 1
0 1
,
,
,
,
,
, .
0 1
0 1
1 1
1 0
1 0
1 1
4. (a) {0}, {0, 9}, {0, 6, 12}, {0, 3, 6, 9, 12, 15}, {0, 2, 4, 6, 8, 10, 12, 14, 16};
(c) there are no nontrivial ideals.
7. Assume there is an isomorphism : C R with (i) = a.
8. False. Assume
there is an isomorphism : Q( 2 ) Q( 3 )
such that ( 2 ) = a.
13. (a) x 17 (mod 55); (c) x 214 (mod 2772).
16. If I = {0}, show that 1 I.
18. (a) (a)(b) = (ab) = (ba) = (b)(a).
26. Let a R with a = 0. Then the principal ideal generated by
a is R. Thus, there exists a b R such that ab = 1.
28. Compute (a + b)2 and (ab)2 .
34. Let a/b, c/d Z(p) . Then a/b + c/d = (ad + bc)/bd and (a/b)
(c/d) = (ac)/(bd) are both in Z(p) , since gcd(bd, p) = 1.
38. Suppose that x2 = x and x = 0. Since R is an integral
domain, x = 1. To find a nontrivial idempotent, look in M2 (R).
399
17.4 Exercises
2. (a) 9x2 + 2x + 5; (b) 8x4 + 7x3 + 2x2 + 7x.
3. (a) 5x3 + 6x2 3x + 4 = (5x2 + 2x + 1)(x 2) + 6; (c) 4x5
x3 + x2 + 4 = (4x2 + 4)(x3 + 3) + 4x2 + 2.
5. (a) No zeros in Z12 ; (c) 3, 4.
7. Look at (2x + 1).
8. (a) Reducible; (c) irreducible.
10. One factorization is x2 + x + 8 = (x + 2)(x + 9).
13. The integers Z do not form a field.
14. False.
16. Let : R S be an isomorphism. Define : R[x] S[x]
by (a0 + a1 x + + an xn ) = (a0 ) + (a1 )x + + (an )xn .
20. The polynomial
n (x) =
xn 1
= xn1 + xn2 + + x + 1
x1
is called the cyclotomic polynomial. Show that p (x) is irreducible over Q for any prime p.
26. Find a nontrivial proper ideal in F [x].
18.3 Exercises
1. Note that z 1 = 1/(a + b 3 i) = (a b 3 i)/(a2 + 3b2 ) is in

Z[ 3 i] if and only if a2 + 3b2 = 1. The only integer solutions to
the equation are a = 1, b = 0.
2. (a) 5 = i(1 + 2i)(2 + i); (c) 6 + 8i = i(1 + i)2 (2 + i)2 .
4. True.
9. Let z = a + bi and w = c + di = 0 be in Z[i]. Prove that
z/w Q(i).
15. Let a = ub with u a unit. Then (b) (ub) (a). Similarly, (a) (b).
16. Show that 21 can be factored in two different ways.
19.4 Exercises
2.

30
10
15
1
5. False.
6. (a) (a b a ) a
a
a
b
a
(c) a (a b)
a
a
8. Not equivalent.
10. (a) a [(a b ) b] = a (a b).
14. Let I, J be ideals in R. We need to show that I + J = {r + s :
r I and s J} is the smallest ideal in R containing both I and
J. If r1 , r2 I and s1 , s2 J, then (r1 + s1 ) + (r2 + s2 ) = (r1 +
r2 ) + (s1 + s2 ) is in I + J. For a R, a(r1 + s1 ) = ar1 + as1 I + J;
hence, I + J is an ideal in R.
18. (a) No.
20. (). a = b (ab )(a b) = (aa )(a a) = OO = O.
(). (a b ) (a b) = O a b = (a a) b = a (a b) =
a [I (a b)] = a [(a a ) (a b)] = [a (a b )] [a (a b)] =
a [(a b ) (a b)] = a 0 = a. A symmetric argument shows
that a b = b.
20.4 Exercises
3.
5.
7.
(d)

Q( 2, 3 ) has basis {1, 2, 3, 6 } over Q.
The set {1, x, x2 , . . . , xn1 } is a basis for Pn .
(a) Subspace of dimension 2 with basis {(1, 0, 3), (0, 1, 2)};
not a subspace
401
10. Since 0 = 0 = (v + v) = (v) + v, it follows that
v = (v).
12. Let v0 = 0, v1 , . . . , vn V and 0 = 0, 1 , . . . , n F . Then
0 v0 + + n vn = 0.
15. (a) Let u, v ker(T ) and F . Then
T (u + v) = T (u) + T (v) = 0
T (v) = T (v) = 0 = 0.
Hence, u + v, v ker(T ), and ker(T ) is a subspace of V .
(c) The statement that T (u) = T (v) is equivalent to T (u v) =
T (u) T (v) = 0, which is true if and only if u v = 0 or u = v.
17. (a) Let u, u U and v, v V . Then
(u + v) + (u + v ) = (u + u ) + (v + v ) U + V
(u + v) = u + v U + V.
21.4 Exercises
1. (a) x4 (2/3)x2 62/9; (c) x4 2x2 + 25.

2. (a) {1, 2, 3, 6 }; (c) {1, i, 2, 2 i}; (e) {1, 21/6 , 21/3 , 21/2 , 22/3 , 25/6 }.

3. (a) Q( 3, 7 ).
5. Use the fact that the elements of Z2 [x]/x3 + x + 1 are 0, 1, ,
1+, 2 , 1+2 , +2 , 1++2 and the fact that 3 ++1 = 0.
8. False.
14. Suppose that E is algebraic over F and K is algebraic over
E. Let K. It suffices to show that is algebraic over some
finite extension of F . Since is algebraic over E, it must be the
zero of some polynomial p(x) = 0 + 1 x + + n xn in E[x].
Hence is algebraic over F (0 , . . . , n ).

22. Since
21 }
is a basis for Q( 3, 7 )
over Q, Q( 3, 7 )
{1, 3, 7,
Q( 3 + 7 ). Since [Q( 3, 7 ) : Q] = 4, [Q( 3 + 7 ) :Q] = 2
or
4. Since
of
the degree
the minimal polynomial of 3 + 7 is 4,

Q( 3, 7 ) = Q( 3 + 7 ).
27. Let F () not in F . Then = p()/q(), where p and q
are polynomials in with q() = 0 and coefficients in F . If is
algebraic over F , then there exists a polynomial f (x) F [x] such
that f () = 0. Let f (x) = a0 + a1 x + + an xn . Then
(
)
(
)
(
)
p()
p()
p() n
0 = f () = f
= a0 + a1
+ + an
.
q()
q()
q()
Now multiply both sides by q()n to show that there is a polynomial in F [x] that has as a zero.
22.3 Exercises
1. Make sure that you have a field extension.
4. There are eight elements in Z2 (). Exhibit two more zeros of
x3 + x2 + 1 other than in these eight elements.
5. Find an irreducible polynomial p(x) in Z3 [x] of degree 3 and
show that Z3 [x]/p(x) has 27 elements.
7. (a) x5 1 = (x + 1)(x4 + x3 + x2 + x + 1); (c) x9 1 =
(x + 1)(x2 + x + 1)(x6 + x3 + 1).
8. True.
11. (a) Use the fact that x7 1 = (x + 1)(x3 + x + 1)(x3 + x2 + 1).
12. False.
17. If p(x) F [x], then p(x) E[x].
18. Since is algebraic over F of degree n, we can write any
element F () uniquely as = a0 + a1 + + an1 n1 with
ai F . There are q n possible n-tuples (a0 , a1 , . . . , an1 ).
24. Factor xp1 1 over Zp .
23.4 Exercises
1.
2.
(c)
3.
(a) Z2 ; (c) Z2 Z2 Z2 .
(a) Separable over Q since x3 +2x2 x2 = (x1)(x+1)(x+2);
not separable over Z3 since x4 + x2 + 1 = (x + 1)2 (x + 2)2 .
If
[GF(729) : GF(9)] = [GF(729) : GF(3)]/[GF(9) : GF(3)] = 6/2 = 3,

then G(GF(729)/ GF(9))
= Z3 . A generator for G(GF(729)/ GF(9))
6
is , where 36 () = 3 = 729 for GF(729).
4. (a) S5 ; (c) S3 ; (g) see Example 23.10.
5. (a) Q(i)
7. Let E be the splitting field of a cubic polynomial in F [x]. Show
that [E : F ] is less than or equal to 6 and is divisible by 3. Since
G(E/F ) is a subgroup of S3 whose order is divisible by 3, conclude
that this group must be isomorphic to Z3 or S3 .
9. G is a subgroup of Sn .
16. True.
20.
(a) Clearly , 2 , . . . , p1 are distinct since = 1 or 0. To show
that i is a zero of p , calculate p ( i ).
(b) The conjugates of are , 2 , . . . , p1 . Define a map i :
Q() Q( i ) by
i (a0 + a1 + + ap2 p2 ) = a0 + a1 i + + cp2 ( i )p2 ,
403
where ai Q. Prove that i is an isomorphism of fields.
Show that 2 generates G(Q()/Q).
(c) Show that {, 2 , . . . , p1 } is a basis for Q() over Q, and
consider which linear combinations of , 2 , . . . , p1 are left
fixed by all elements of G(Q()/Q).
Notation
The following table defines the notation used in this book. Page
numbers or references refer to the first appearance of each symbol.
Symbol
Description
aA
N
Z
Q
R
C
AB
AB
AB
A
A\B
AB
An
id
f 1
a b (mod n)
n!
(n )
a is in the set A
4
the natural numbers
5
the integers
5
the rational numbers
5
the real numbers
5
the complex numbers
5
A is a subset of B
5
the empty set
5
the union of sets A and B
5
the intersection of sets A and B
5
complement of the set A
6
difference between sets A and B
6
Cartesian product of sets A and B
7
A A (n times)
8
identity mapping
11
inverse of the function f
11
a is congruent to b modulo n
15
n factorial
22
binomial coefficient n!/(k!(n k)!)
22
a divides b
25
greatest common divisor of a and b
25
power set of X
30
the least common multiple of m and n
31
the integers modulo n
34
group of units in Zn
41
the n n matrices with entries in R
41
the determinant of A
41
the general linear group
42
the group of quaternions
42
(Continued on next page)
a|b
gcd(a, b)
P(X)
lcm(m, n)
Zn
U (n)
Mn (R)
det A
GLn (R)
Q8
404
Page
405
Symbol
Description
Page
C
|G|
R
Q
SLn (R)
Z(G)
a
|a|
cis
T
Sn
(a1 , a2 , . . . , ak )
An
Dn
[G : H]
LH
RH
d(x, y)
dmin
w(x)
Mmn (Z2 )
Null(H)
ij
G
=H
Aut(G)
ig
Inn(G)
g
G/N
G
ker
(aij )
O(n)
x
SO(n)
E(n)
Ox
Xg
Gx
N (H)
H
Z[i]
the multiplicative group of complex numbers

42
the order of a group
42
the multiplicative group of real numbers
45
the multiplicative group of rational numbers
45
the special linear group
45
the center of a group
52
cyclic group generated by a
55
the order of an element a
56
cos + i sin
61
the circle group
62
the symmetric group on n letters
71
cycle of length k
73
the alternating group on n letters
78
the dihedral group
79
index of a subgroup H in a group G
89
the set of left cosets of a subgroup H in a group G
89
the set of right cosets of a subgroup H in a group G
89
Hamming distance between x and y
113
the minimum distance of a code
113
the weight of x
113
the set of m n matrices with entries in Z2
118
null space of a matrix H
118
Kronecker delta
122
G is isomorphic to a group H
135
automorphism group of a group G
147
1
ig (x) = gxg
147
inner automorphism group of a group G
147
right regular representation
147
factor group of G mod N
150
commutator subgroup of G
157
kernel of
160
matrix
169
orthogonal group
172
length of a vector x
172
special orthogonal group
175
Euclidean group
175
orbit of x
200
fixed point set of g
200
isotropy subgroup of x
200
normalizer of s subgroup H
217
the ring of quaternions
229
the Gaussian integers
231
(Continued on next page)

Symbol
Description
char R
Z(p)
deg f (x)
R[x]
R[x1 , x2 , . . . , xn ]
Q(x)
(a)
F (x)
F (x1 , . . . , xn )
ab
ab
ab
I
O
a
dim V
U V
Hom(V, W )
V
F (1 , . . . , n )
[E : F ]
GF(pn )
F
G(E/F )
F{i }
FG
2
characteristic of a ring R
ring of integers localized at p
degree of a polynomial
ring of polynomials over a ring R
ring of polynomials in n indeterminants
evaluation homomorphism at
field of rational functions over Q
Euclidean valuation of a
field of rational functions in x
field of rational functions in x1 , . . . , xn
a is less than b
join of a and b
meet of a and b
largest element in a lattice
smallest element in a lattice
complement of a in a lattice
dimension of a vector space V
direct sum of vector spaces U and V
set of all linear transformations from U into V
dual of a vector space V
smallest field containing F and 1 , . . . , n
dimension of a field extension of E over F
Galois field of order pn
multiplicative group of a field F
Galois group of E over F
field fixed by the automorphism i
field fixed by the automorphism group G
discriminant of a polynomial
Page
232
248
252
252
255
255
275
279
285
285
288
290
290
292
292
292
310
312
313
313
318
321
340
341
357
362
362
377
Index
G-equivalent, 199
G-set, 198
nth root of unity, 62, 369
RSA cryptosystem, 99
Abel, Niels Henrik, 368
Abelian group, 40
Adleman, L., 99
Algebraic closure, 325
Algebraic extension, 318
Algebraic number, 318
Algorithm
Euclidean, 27
Ascending chain condition, 277
Associate elements, 275
Atom, 295
Automorphism
inner, 166
Basis of a lattice, 179
Bieberbach, L., 183
Binary operation, 39
Binary symmetric channel, 111
Boole, George, 300
Boolean algebra
atom in a, 295
definition of, 293
finite, 295
isomorphism, 295
Boolean function, 208, 303
Burnside, William, 45, 155, 210
Cancellation law
for groups, 44
Cardano, Gerolamo, 264
Carmichael numbers, 105
Cauchys Theorem, 215
Cauchy, Augustin-Louis, 79
Cayley table, 40
Cayley, Arthur, 139
Centralizer
of a subgroup, 202
Characteristic of a ring, 232
Cipher, 95
Ciphertext, 95
Circuit
parallel, 298
series, 298
series-parallel, 299
Class equation, 202
Code
BCH, 349
cyclic, 342
group, 116
linear, 118
minimum distance of, 113
polynomial, 344
Commutative diagrams, 162
Commutative rings, 228
Composite integer, 27
Composition series, 192
Congruence modulo n, 15
Conjugacy classes, 202
Conjugate elements, 358
Conjugate, complex, 59
Conjugation, 199
Constructible number, 329
Coset
leader, 127
left, 87
representative, 87
right, 87
Coset decoding, 126
Cryptanalysis, 96
Cryptosystem
407
408
RSA, 99
affine, 97
definition of, 95
monoalphabetic, 97
polyalphabetic, 97
private key, 96
public key, 95
single key, 96
Cycle
definition of, 73
disjoint, 74
INDEX
Euclidean inner product, 172
Euclidean valuation, 279
Euler -function, 91
Euler, Leonhard, 92, 334
Extension
algebraic, 318
field, 315
finite, 321
normal, 364
radical, 369
separable, 339, 360
simple, 318
External direct product, 140
De Morgans laws
for Boolean algebras, 295
De Morgan, Augustus, 300
Faltings, Gerd, 334
Decoding table, 127
Feit, W., 155, 211
Deligne, Pierre, 334
Fermats factorizationalgorithm,
Derivative, 339
104
Determinant, Vandermonde, 347
Fermat, Pierre de, 92, 334
Dickson, L. E., 155
Ferrari, Ludovico, 265
Diffie, W., 98
Ferro, Scipione del, 264
Direct product of groups
Field, 228
external, 140
algebraically closed, 325
internal, 143
base, 315
Discriminant
extension, 315
of the cubic equation, 269
fixed, 362
of the quadratic equation, 268
Galois, 340
Division ring, 228
of fractions, 274
Domain
of quotients, 274
Euclidean, 279
splitting, 326
principal ideal, 276
Finitely generated group, 188
unique factorization, 275
Fior, Antonio, 264
Doubling the cube, 332
Fixed point set, 200
Function
Element
bijective, 9
associate, 275
Boolean, 208, 303
identity, 40
composition of, 9
inverse, 40
definition of, 8
irreducible, 275
domain of, 8
order of, 56
identity, 11
prime, 275
injective, 9
primitive, 361
invertible, 11
transcendental, 318
one-to-one, 9
Equivalence class, 14
onto, 9
Equivalence relation, 13
range of, 8
Euclidean algorithm, 27
surjective, 9
Euclidean domain, 279
Euclidean group, 175
switching, 208, 303
INDEX
Galois field, 340
Galois group, 357
Galois, variste, 44, 368
Gauss, Karl Friedrich, 283
Gaussian integers, 231
Generator of a cyclic subgroup,
56
Generators for a group, 188
Glide reflection, 176
Gorenstein, Daniel, 155
Greatest common divisor
of two integers, 25
of two polynomials, 258
Greatest lower bound, 290
Greiss, R., 155
Grothendieck, Alexander, 334
Group
p-group, 188, 215
abelian, 40
action, 198
alternating, 78
center of, 202
circle, 62
commutative, 40
cyclic, 56
definition of, 39
dihedral, 79
Euclidean, 175
factor, 150
finite, 42
finitely generated, 188
Galois, 357
general linear, 42, 171
generators of, 188
homomorphism of, 158
infinite, 42
isomorphic, 135
isomorphism of, 135
nonabelian, 40
noncommutative, 40
of units, 41
order of, 42
orthogonal, 172
permutation, 72
point, 180
quaternion, 42
quotient, 150
simple, 152, 155
409
solvable, 194
space, 180
special linear, 46, 171
special orthogonal, 175
symmetric, 71
symmetry, 177
Gdel, Kurt, 300
Hamming distance, 113
Hamming, R., 115
Hellman, M., 98
Hilbert, David, 183, 239, 300,
334
Homomorphic image, 158
Homomorphism
canonical, 161, 236
evaluation, 234, 255
kernel of a group, 160
kernel of a ring, 233
natural, 161, 236
of groups, 158
ring, 233
Ideal
definition of, 234
maximal, 237
one-sided, 235
prime, 238
principal, 235
trivial, 234
two-sided, 235
Indeterminate, 252
Index of a subgroup, 89
Infimum, 290
Inner product, 117
Integral domain, 228
Internal direct product, 143
International standard book number, 53
Irreducible element, 275
Irreducible polynomial, 259
Isometry, 176
Isomorphism
of Boolean algebras, 295
of groups, 135
ring, 233
Join, 290
Jordan, C., 155
410
Kernel
of a group homomorphism,
160
of a ring homomorphism, 233
Key
definition of, 95
private, 96
public, 95
single, 96
Klein, Felix, 45, 168, 239
Kronecker delta, 122, 173
Kronecker, Leopold, 334
Kummer, Ernst, 334
INDEX
Maximum-likelihood decoding, 111
Meet, 290
Minimal generator polynomial, 345
Minimal polynomial, 319
Minkowski, Hermann, 334
Monic polynomial, 252
Mordell-Weil conjecture, 334
Multiplicity of a root, 360
Noether, A. Emmy, 239

Noether, Max, 239
Normal extension, 364
Normal series of a group, 191
Normal subgroup, 149
Lagrange, Joseph-Louis, 44, 79, Normalizer, 217
Null space
92
of a matrix, 118
Laplace, Pierre-Simon, 79
Lattice
Orbit, 200
completed, 292
Orthogonal group, 172
definition of, 290
Orthogonal matrix, 172
distributive, 293
Orthonormal set, 173
Lattice of points, 179
Least upper bound, 290
Partial order, 288
Left regular representation, 139 Partially ordered set, 288
Lie, Sophus, 45, 219
Partitions, 14
Linear combination, 307
Permutation
definition of, 10, 71
Linear dependence, 308
even, 77
Linear independence, 308
odd, 77
Linear map, 168
Permutation group, 72
Linear transformation
Plaintext, 95
definition of, 10, 168
Polynomial
Lower bound, 290
code, 344
Mapping, see Function
content of, 281
Matrix
definition of, 252
distance-preserving, 173
degree of, 252
generator, 119
error, 354
inner product-preserving, 173
error-locator, 354
invertible, 170
greatest common divisor of,
length-preserving, 173
258
nonsingular, 170
in n indeterminates, 255
null space of, 118
irreducible, 259
orthogonal, 172
leading coefficient of, 252
parity-check, 119
minimal, 319
similar, 14
minimal generator, 345
unimodular, 179
monic, 252
Matrix, Vandermonde, 347
primitive, 281
Maximal ideal, 237
root of, 257
INDEX
separable, 360
zero of, 257
Polynomial separable, 339
Poset
definition of, 288
largest element in, 292
smallest element in, 292
Power set, 289
Prime element, 275
Prime ideal, 238
Prime integer, 27
Primitive nth root of unity, 63,
369
Primitive element, 361
Primitive polynomial, 281
Principal ideal, 235
Principal ideal domain (PID), 276
Principal series, 192
Pseudoprime, 105
Quaternions, 42, 230
Resolvent cubic equation, 270
Rigid motion, 37, 176
Ring
characteristic of, 232
commutative, 228
definition of, 227
division, 228
factor, 236
homomorphism, 233
isomorphism, 233
Noetherian, 277
quotient, 236
with identity, 228
with unity, 228
Rivest, R., 99
Ruffini, P., 368
Russell, Bertrand, 300
Scalar product, 305
Shamir, A., 99
Shannon, C.., 115
Simple extension, 318
Simple group, 152
Simple root, 360
Solvability by radicals, 369
Spanning set, 307
Splitting field, 326
411
Squaring the circle is impossible,
333
Standard decoding, 126
Subgroup
p-subgroup, 215
centralizer, 202
commutator, 220
cyclic, 56
definition of, 45
index of, 89
isotropy, 200
normal, 149
normalizer of, 217
proper, 45
stabilizer, 200
Sylowp-subgroup, 217
translation, 180
trivial, 45
Subnormal series of a group, 191
Subring, 230
Supremum, 290
Switch
closed, 298
definition of, 298
open, 298
Switching function, 208, 303
Sylow p-subgroup, 217
Sylow, Ludvig, 219
Syndrome of a code, 125, 354
Tartaglia, 264
Thompson, J., 155, 211
Transcendental element, 318
Transcendental number, 318
Transposition, 76
Trisection of an angle, 333
Unique factorization domain (UFD),
275
Unit, 228, 275
Universal Product Code, 52
Upper bound, 290
Vandermonde determinant, 347
Vandermonde matrix, 347
Vector space
basis of, 309
definition of, 305
dimension of, 310
412
INDEX
subspace of, 307
Weight of a codeword, 113

Weil, Andr, 334
Well-defined map, 9
Well-ordered set, 23
Whitehead, Alfred North, 300
Zero
multiplicity of, 360
of a polynomial, 257
Zero divisor, 228

Abstract Algebra Theory and Practice

Uploaded by

Copyright:

Available Formats

Abstract Algebra Theory and Practice

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Abstract Algebra Theory and Practice

Uploaded by

Copyright:

Available Formats

What is the intended audience and purpose of the textbook?

What is the intended audience and purpose of the textbook?

What mathematical areas does the textbook cover?

What mathematical areas does the textbook cover?

Abstract Algebra

Theory and Applications

Sage Exercises for Abstract Algebra

August 12, 2015

Thomas W. Judson, Robert A. Beezer

I would like to acknowledge the following reviewers for their helpful

This text is intended for a one or two-semester undergraduate

6 Cosets and Lagranges Theorem

8 Algebraic Coding Theory

10 Normal Subgroups and Factor Groups

12 Matrix Groups and Symmetry

13.5 References and Suggested Readings . . . . . . . . . . 197

A GNU Free Documentation License

Hints and Solutions to Selected Exercises

A certain amount of mathematical maturity is necessary to find

A Short Note on Proofs

The hypothesis is ax2 + bx + c = 0 and a = 0; the conclusion is

1.1. A SHORT NOTE ON PROOFS

Some Cautions and Suggestions

Sets and Equivalence Relations

E = {x : x is an even integer and x > 0}.

We write 2 E when we want to say that 2 is in the set E, and

1.2. SETS AND EQUIVALENCE RELATIONS

and A B = {1, 3}.

for the union and intersection, respectively, of the sets A1 , . . . , An .

When two sets have no elements in common, they are said to

1.2. SETS AND EQUIVALENCE RELATIONS

Cartesian Products and Mappings

If A = A1 = A2 = = An , we often write An for A A

We usually write f : A B or A B. Instead of writing down

Figure 1.6: Mappings and relations

1.2. SETS AND EQUIVALENCE RELATIONS

number to its cube is a mapping that must be described by writing

Figure 1.9: Composition of maps

f (x) = x3 and g(x) = 3 x. Then

Example 1.13. Given a 2 2 matrix

1.2. SETS AND EQUIVALENCE RELATIONS

4. If f and g are bijective, then so is g f .

If S is any set, we will use idS or id to denote the identity

Example 1.16. The function f (x) = x3 has inverse f 1 (x) = 3 x

f 1 (f (x)) = f 1 (ln x) = eln x = x

whenever composition makes sense.

Then A defines a map from R2 to R2 by

hence, the inverse map is given by

then an inverse map would have to be of the form

is the inverse of . In fact, any bijective mapping possesses an

1.2. SETS AND EQUIVALENCE RELATIONS

Proof. Suppose first that f : A B is invertible with inverse g :

Equivalence Relations and Partitions

Example 1.23. For (x1 , y1 ) and (x2 , y2 ) in R2 , define (x1 , y1 )

then A B since P AP 1 = B for

Then IAI 1 = IAI = A; therefore, the relation is reflexive. To

1.2. SETS AND EQUIVALENCE RELATIONS

Proof. Suppose there exists an equivalence relation on the set

so [x] is nonempty. Clearly X = xX [x]. Now let x, y X. We