B3.

4 Algebraic Number Theory

Victor Flynn (flynn@maths.ox.ac.uk)
January 2021

These notes are modified from previous versions (due to Neil Dummigan,
Alan Lauder and Roger Heath-Brown) and have been recently revised by
me. They draw mainly upon “A Classical Introduction to Modern Num-
ber Theory”, by Ireland and Rosen, and “Algebraic Number Theory”, by
Stewart and Tall. While I take full responsibility for their current contents,
considerable thanks are clearly due to Neil, Alan and Roger.

I will be pleased to hear of any misprints or errors!

Email me at flynn@maths.ox.ac.uk.

Throughout these notes we use the abbreviation NE for “not examinable

in this course”.

Lectures will omit some of the non-examinable proofs, and some of the
examples in Section 9. However these should prove helpful for examination
revision.

Useful texts
Algebraic Number Theory and Fermat’s Last Theorem, I. Stewart and D.
Tall, Third Edition. We shall frequently cite this as “S&T”.
Older editions under the name “Algebraic Number Theory” will also suf-
fice.
Other useful but more advanced references:
A Classical Introduction to Modern Number Theory, (Chapter 12) K. Ireland
and M. Rosen
Algebraic Number Theory, A. Frohlich and M.J. Taylor
A Course in Computational Algebraic Number Theory, H. Cohen.

1
1 Introduction
1.1 Motivation
Consider “Fermat’s Last Theorem” which asserts that xn + y n = z n has no
solution x, y, z ∈ Z (x, y, z all nonzero) if n ∈ N, n > 3. It is sufficient to
prove this for n = 4 and n = p > 3 prime [since any n > 3 is divisible by 4
or some prime p > 3; if n = 4k, then any solution to xn + y n = z n would give
(xk )4 + (y k )4 = (z k )4 ; similarly if n = pk, then any solution to xn + y n = z n
would give (xk )p + (y k )p = (z k )p ].
Fermat himself proved the result for n = 4 after which it remained to
prove it for n = p > 3 prime. Let ζp = exp(2πi/p) ∈ C and let K := Q(ζp ).
Factoring the left hand side in Z[ζp ] we see that

(x + y)(x + ζp y) . . . (x + ζpp−1 y) = z p .

Now in Z it is true that if a1 . . . ap = bp and the ai have no common factors,

then each ai is an p-th power, by the unique factorisation property of Z. To
make progress on Fermat’s Last Theorem it would be useful to know whether
an analogous result holds true in Z[ζp ]. More generally we might ask what
sort of number theory can we do in a ring such as Z[ζp ]? In particular do we
still have an analogue of unique factorisation into primes?
These are the questions addressed in this course.

1.2 Background material

We need to know the statements (but not proof) of various pre-requisites
for this course. Firstly we have, some results from “Polynomial Rings and
Galois Theory”.
Lemma 1.1 (Gauss’s Lemma). Let p(t) ∈ Z[t] be irreducible in Z[t]; then it
is also irreducible in Q[t].
Proof. NE. See S&T, page 18, Lemma 1.7. The broad strategy is to imagine
p(t) were reducible over Q, with p(t) = g(t)h(t) where g(t), h(t) ∈ Q[t], and
then show there exists λ ∈ Q, λ 6= 0, such that λg, λ−1 h ∈ Z[t] (the existence
of such λ is sometimes included in the statement of Gauss’ Lemma).
Theorem 1.2 (Eisenstein). Let f (t) = a0 + a1 t + · · · + an tn ∈ Z[t]. Suppose
there exists a prime p such that p does not divide an , but p divides ai for

2
i = 0, . . . , n − 1, and p2 does not divide a0 . Then, apart from constant
factors, f (t) is irreducible over Z, and hence irreducible over Q.

Such a polynomial is said to be Eisenstein with respect to the prime p.

Note also: irreducible over K is just another way of saying: irreducible in
K[t].
Proof. NE. See S&T, page 19, Theorem 1.8.

Definition 1.3. A number field (or algebraic number field) is a finite ex-
tension K of Q. The index [K : Q] is the degree of the number field.

Theorem 1.4. If K is a number field then K = Q(θ) for some (algebraic)

number θ ∈ K.

Proof. NE. See S&T, page 32, Theorem 2.2.

Theorem 1.5. Let K = Q(θ) be a number field of degree n over Q. Then

there are exactly n distinct monomorphisms (embeddings)

σi : K → C (i = 1, . . . , n).

The elements σi (θ) are the distinct zeros in C of the minimal polynomial mθ
of θ over Q.

If σi (K) ⊆ R then σi is called a real embedding, and otherwise it is called

a complex embedding.
Recall that a monomorphism is a one-to-one map satisfying σ(α + β) =
σ(α) + σ(β) and σ(αβ) = σ(α)σ(β).
Proof. NE. See S&T, page 38, Theorem 2.4.
We now have some elementary results on free abelian groups. We shall
express such groups with the operation written additively.

Definition 1.6. A square matrix over Z is unimodular if it has determinant

±1.

Note that A is unimodular if and only if A−1 has coefficients in Z.

3
Lemma 1.7. Let G be a free abelian group of rank n with Z-basis {x1 , . . . , xn }.
Suppose (aij ) is an n × n matrix with integer entries. Let
X
yi = aij xj (1 6 i 6 n).
j

Then the elements {y1 , . . . , yn } form a Z-basis for G if and only if (aij ) is
unimodular.
Proof. NE. See S&T, page 28, Lemma 1.15.
Theorem 1.8. Let G be a free abelian group of rank n, and H a subgroup.
Then G/H is finite if and only if H has rank Pn. Moreover, if G and H have
Z-bases x1 , . . . , xn and y1 , . . . , yn with yi = j aij xj we have
#G/H = | det(aij )|.
Proof. NE. See S&T, page 30, Theorem 1.17.

2 Discriminants, Norms and Traces

Definition 2.1. Let K/Q be an algebraic number field of degree n, and let
α ∈ K. Let σi : K → C be the n embeddings, i = 1, . . . , n. P
The σi (α) are
n
called the (K-)conjugates of α. Define the trace
QnTrK/Q (α) = i=1 σi (α) and
norm NormK/Q (α) = NK/Q (α) = N (α) = i=1 σi (α). When K = Q(α)
these are called the absolute conjugates, trace and norm.
For any K = Q(β), suppose that β has minimal polynomial mβ (X). If
β1 , . . . , βn are the n roots of mβ in C then one can choose the embeddings so
that σi : β 7→ βi .
We record the trivial properties:-
NormK/Q (γδ) = NormK/Q (γ)NormK/Q (δ);
NormK/Q (γ) = 0 if and only if γ = 0;
NormK/Q (q) = q n for q ∈ Q.
If K = Q(α) and mα (X) = X n + cn−1 X n−1 + · · · + c0 , then we have
TrK/Q (α) = −cn−1 and NormK/Q (α) = (−1)n c0 . In particular the norm and
trace are in Q.
More generally, for any K = Q(β), α ∈ K, the norm and trace of α are
symmetric functions of the conjugates σi (α), and are therefore in Q.

4
Definition 2.2. Let w = {w1 , . . . , wn } be an n-tuple of elements of K, where
n = [K : Q].

• The determinant is ∆(w) := det(σi (wj )), i.e., the determinant of the
n × n matrix whose (i, j)th entry is σi (wj ).

• The discriminant of w is ∆(w)2 . [sometimes also written as ∆2 (w).]

*Warning*: S&T and some other books use ∆ where we write ∆2 (!).

Lemma 2.3. We have ∆(w)2 = det(TrK/Q (wi wj )), and so ∆(w)2 ∈ Q.

Proof. Let A = (σi (wj )). Then

!
X
∆(w)2 = det(A)2 = det(AT A) = det σk (wi )σk (wj )
k
!
X
= det σk (wi wj ) = det(TrK/Q (wi wj )).
k

Lemma 2.4. PIf v = {v1 , . . . , vn } is a basis for K/Q and w = {w1 , . . . , wn } ⊆

K, with wi = j cij vj and cij ∈ Q, then

∆(w) = det(C)∆(v) where C = (cij ).

Proof. Left as exercise.

Lemma 2.5. If K = Q(α) and v = {1, α, . . . , αn−1 } then

Y
∆(v)2 = (αj − αi )2 .
i<j

Here α1 , . . . , αn are the conjugates of α.

Proof. We have  

 1 α1 α12 . . . α1n−1 

 1 α2 α22 . . . α2n−1 
∆(v) =  .. ..
 

 . . 
1 αn αn2 . . . αnn−1
 
 

5
(This is a so-called van der Monde determinant.) We can view this as a
polynomial of degree n(n − 1)/2 in α1 , . . . , αn . Since it vanishes when we
set αi = αj the polynomial is divisible by αi − αj for all i < j. There
are n(n − 1)/2 of these factors. Hence, on checking that the coefficient of
α2 α32 . . . αnn−1 is +1 we deduce that
Y
∆(w) = (αj − αi ).
i<j

Corollary 2.6. ∆(w1 . . . , wn ) 6= 0 if and only if w1 . . . , wn is a basis for

K/Q.
Proof. Suppose K = Q(α) and v = {1, α, . . . , αn−1 } are as in the previous
lemma. Since the αi are distinct, ∆(v) 6= 0. By Lemma 2.4, ∆(w) 6= 0
for any other basis w of K/Q. If w is not a basis then det(C) = 0 and so
∆(w) = 0.

3 The Ring of Integers

Definition 3.1. We say that α ∈ K is an algebraic integer if and only if
there exists a monic g(x) ∈ Z[x] such that g(α) = 0. Define OK as the set
of all algebraic integers in K.
We shall see that the set OK will bear the same relation to K as Z does
to Q.
Note 3.2
1. Suppose α ∈ K. Then α ∈ OK if and only if the minimal polynomial
mα (x) is in Z[x], by Gauss’s lemma.

2. Suppose α ∈ K and αd + ad−1 αd−1 + · · · + a0 = 0, ai ∈ Q. If n ∈ Z

then
(nα)d + nad−1 (nα)d−1 + · · · + nd a0 = 0.
Choosing n to clear the denominators of all the ai we can get nα ∈ OK .

3. The minimal polynomial of r ∈ Q is x − r which is in Z[x] if and only

if r ∈ Z. Hence if K = Q then OK = Z. Generally, Z ⊆ OK .

6
 √
Example 3.3 Let K = Q( d), where d ∈ Z, d 6= ±1, with d squarefree
2
(i.e. there is
√ no prime p for which p |d). Then
√ [K : Q] = 2, and K has√a
Q-basis {1, d}. If√a, b ∈ Q then α = a + b d ∈ K. Since σ1 (α) = a + b d
and σ2 (α) = a − b d we have TrK/Q (α) = 2a and NormK/Q (α) = a2 − db2 .
Moreover mα (x) = x2 − 2ax + (a2 − db2 ) (if b 6= 0). Hence α ∈ OK if and
only if 2a, a2 − db2 ∈ Z.
Suppose α ∈ OK . Then (2a)2 − d(2b)2 ∈ Z, giving d(2b)2 ∈ Z. Writing
2b = u/v (u, v ∈ Z) we have du2 v −2 ∈ Z, so that v 2 |du2 . Since d is squarefree
this implies v|u, giving 2b ∈ Z. Write 2a = A, 2b = B, with A, B ∈ Z.
Then a2 − db2 ∈ Z, so that A2 ≡ dB 2 mod 4. Now observe that any square
is congruent to 0 or 1 modulo 4.

• Case 1: Suppose d ≡ 2 or 3 mod 4. Then we must have A, B even, and

a, b ∈ Z.

• Case 2: Suppose that d ≡ 1 mod 4. This implies that A ≡ B mod 2,

so a, b are both in Z or both in Z + 12 .

Of course we cannot have d ≡ 0 mod 4 since d is squarefree. We conclude

that
( √ √
h1, di = {m + n d :√m, n ∈ Z}, d ≡ 2, 3 mod 4,
OK = √
1+ d 1+ d
h1, 2 i = {m + n 2 : m, n ∈ Z}, d ≡ 1 mod 4.
√
e.g. In Q(i) we have 21√+ 32 i ∈ K and 1 + 5i ∈ OK . In Q( −3) we
√
have 35 − −3 ∈ K, − 21 + 2−3 ∈ OK . (The latter has minimal polynomial
x2 + x + 1).
We now require a little about modules.

Definition 3.4. Let R be an integral domain. An R-module M is an abelian

group (which we shall write additively) with a map R×M → M , (r, m) 7→ rm
such that
(r1 + r2 )m = r1 m + r2 m, (r1 r2 )m = r1 (r2 m)
r(m1 + m2 ) = rm1 + rm2 , 1m = m
for all r, r1 , r2 ∈ R and m, m1 , m2 ∈ M .

7
Example 3.5
1. Let R be a field and M a vector space over R. Then M is an R-module.
2. If R = Z and M is any additive abelian group then M is an R-module.

We say that M is finitely generated if there exist m1 , . . . , mk ∈ M such

that
M = {r1 m1 + · · · + mk rk : r1 , . . . , rk ∈ R}.
Lemma 3.6. α ∈ K is an algebraic integer if and only if there exists a
nonzero finitely generated Z-module M ⊆ K such that αM ⊆ M .
Proof. Suppose α ∈ OK , say αd + ad−1 αd−1 + · · · + a0 = 0, with ai ∈ Z. Let
M = Z[α] = {f (α) : f (x) ∈ Z[x]}P⊆ K. Then M = h1, α, . . . , αd−1 i and
αM ⊆ M , since α(αd−1 ) = αd = − d−1 i
i=0 ai α ∈ M .
Conversely, suppose M ⊆ K is a nonzero finitely generated Z-module
such that αM ⊆ M . Take w1 , . . . , ws to be a generating set for M . Let
X
αwi = cij wj , cij ∈ Z.
j

Putting C = (cij ) we see that

   
w1 0
 w2   0 
(αI − C)  .. = ..
   

 .   . 
ws 0
so that α satisfies det(xI − C) = 0, a monic polynomial with integer coeffi-
cients. Hence α ∈ OK .
Theorem 3.7. Let K be an algebraic number field. If α, β ∈ OK then
α + β, αβ ∈ OK .
Hence OK is a ring, called the ring of integers of K.
Proof. Suppose α, β ∈ OK . Let M, N ⊆ K be finitely generated Z-modules,
generated respectively by {v1 , . . . , vd } and {w1 , . . . , we }, such that αM ⊆ M
and βN ⊆ N . Consider
Xk
M N := { mi ni : mi ∈ M, ni ∈ N }.
i=1

8
Then M N is finitely generatedy (by {vi wj : 1 6 i 6 d, 1 6 j 6 e}) and in
K. Moreover,

(α + β)M N ⊆ (αM )N + M (βN ) ⊆ M N

(αβ)M N ⊆ (αM )(βN ) ⊆ M N.

It follows from Lemma 3.6 that α + β, αβ ∈ OK .
Corollary 3.8. If α ∈ OK then TrK/Q (α), NormK/Q (α) ∈ Z.
Proof. Assume that α ∈ OK . Then all the K/Q-conjugates α1 , . . . , αn belong
to OL (where L is the splitting field of the polynomial mα (x)(= mαi (x))).
Thus TrK/Q (α) = α1 + · · · + αn ∈ OL and NormK/Q (α) = α1 . . . αn ∈ OL , by
Theorem 3.7. However TrK/Q (α), NormK/Q (α) ∈ Q, and Q ∩ OL = Z.
Definition 3.9. α ∈ OK is a unit if and only if α−1 ∈ OK .
Proposition 3.10. α ∈ OK is a unit if and only if NormK/Q (α) = ±1.
Proof. Suppose α is a unit. Then

NormK/Q (α)NormK/Q (α−1 ) = NormK/Q (αα−1 ) = NormK/Q (1) = 1.

However NormK/Q (α) and NormK/Q (α−1 ) are in Z, so both are ±1.
Conversely, suppose that NormK/Q (α) = ±1. Let α1 , . . . , αn be the K/Q-
conjugates, with α = α1 , say. Then α1 . . . αn = ±1, so that α(α2 . . . αn ) =
±1. Hence α−1 = ±(α2 . . . αn ), which by Theorem 3.7 lies in OL . However
we know that α−1 lies in K, and so α−1 ∈ OL ∩ K = OK .

P3.11. We say that w1 , . . . , wn ∈ OK is an integral basis for OK

Definition
if OK = { j cj wj : cj ∈ Z}.
It can easily be shown that the above definition is equivalent to saying
that w1 , . . . , wn is a Z-basis for OK . We shall show that every OK has an
integral basis. The set {w1 , . . . , wn } is sometimes called an integral basis for
OK , and sometimes just an integral basis for K.
√
Example 3.12 K = Q( d), d squarefree integer; [K : Q] = 2; OK has
integral basis ( √
{1, d},
√
d ≡ 2, 3 mod 4,
1+ d
{1, 2 }, d ≡ 1 mod 4.

9
Note 3.13 Let v = {v1 , . . . , vn } and w = {w1 , . . . , wn } be any two Q-bases
of K. Let M = hv1 , . . . , vn iZ and N = hw1 , . . . , wn iZ , as Z-submodules of
K. Suppose v, w ⊆ OK , then ∆(v)2 , ∆(w)2 ∈ Z. (Recall that ∆(v)2 =
det(TrP
K/Q (vi vj )).) Suppose N ⊆ M . Then there exist cij ∈ Z such that
wi = nj=1 cij vj . Let C = (cij ). Then by Theorem 1.8 we have

| det(C)| = [M : N ] = #M/N = m, say,

as additive groups. So by Lemma 2.4 we have

∆(w)2 = (det(C))2 ∆(v)2 = m2 ∆(v)2 .

If M = N then det(C) = ±1 by Lemma 1.7, and ∆(w)2 = ∆(v)2 .

This allows us to make the following definition.

Definition 3.14. Let M be any subset of OK which has a Z-basis. Define

∆(M )2 := ∆(w)2 for any Z-basis w of M .

Note that if N ⊆ M then ∆(N )2 = m2 ∆(M )2 , and so in particular

∆(M )2 |∆(N )2 .

Theorem 3.15 (Integral Basis Theorem). The ring OK has an integral basis
(that is, a Z-basis).

Proof. Let v = {v1 , . . . , vn } be any Q-basis for K. Multiplying each vi

by a sufficiently large integer, we may suppose that v ⊆ OK . Let M =
hv1 , . . . , vn iZ . Then ∆(M )2 6= 0 (and ∈ Z) since {v1 , . . . , vn } are Q-linearly
independent. Choose the basis v such that |∆(M )2 | is minimal.
Claim: M = OK , so that {v1 , . . . , vn } is an integral basis.
Proof
Pn of claim: Suppose there exists α ∈ OK such that α 6∈ M . Certainly
α = j=1 cj vj with cj ∈ Q. Then for any j and any m ∈ Z we have
α + mvj ∈ OK but α + mvj 6∈ M . Hence by adding suitable Z-multiples of
the vj to α we may assume that |cj | 6 1/2. Moreover, since α 6∈ M there
exists j such that cj 6= 0. Choose such a j.

10
 Let w be a new Q-basis for K obtained from v by replacing vj by α. Then
w ⊆ OK . The change of basis matrix

1 0 ... 0
 
 0 1 ... 0 
 . . 
 . ..
 .

C=

 c1 . . . c2 . . . cn 

 . ..
 ..

. 
0 0 ... 0 1

has determinant cj . Hence

|∆(w)2 | = c2j |∆(v)2 | < |∆(v)2 |,

by Note 3.13, contradicting the minimality of |∆(v)2 |. So such α does not

exist, and M = OK .
We can therefore define ∆(OK )2 , as in Definition 3.14, to be ∆(w)2 ,
where w is any integral basis of OK ; we also define ∆(K)2 to be the same as
∆(OK )2 .
The following proposition will be helpful for finding an integral basis
for OK .
Proposition 3.16. Let w = {w1 , . . . , wn } be any Q-basis for K such that
w ⊆ OK . Let M = hw1 , . . . , wn iZ and let M 6= OK . Then there exist p
prime with p2 |∆(M )2 and c1 , . . . , cn ∈ Z, not all divisible by p, such that
1
(c w + . . . + cn wn ) ∈ OK .
p 1 1

Proof. Let m = [OK : M ] > 1, so that |∆(M )2 | = m2 |∆(OK )2 |. Since

m > 1, there is a prime p dividing m, so that p2 |∆(M )2 . Since m = #OK /M
we conclude (by a theorem of Cauchy on finite groups) that OP K /M has an
element of order p. Let α + M be such an element. Then α =P dj wj with
dj ∈ Q. Moreover pα ∈ M so that all pdj ∈ Z. Hence α = p1 j cj wj with
cj ∈ Z not all being mutiples of p.
We now describe how to go about finding an integral basis for OK , where
[K : Q] = n.

1. Let w = {w1 , . . . , wn } be any Q-basis for K such that w ⊆ OK . Cal-

culate ∆(w)2 . Let M = hw1 , . . . , wn iZ . We know M ⊆ OK .

11
 2. If [OK : M ] = m, then |∆(M )2 | = m2 |∆(OK )2 |. If ∆(M )2 is squarefree
then m = 1 and OK = M . Otherwise (and if OK 6= M ), by Proposi-
tion 3.16, there exist p prime with p2 |∆(M )2 and c1 , . . . , cn ∈ Z, not
all divisible by p, such that p1 (c1 w1 + . . . + cn wn ) ∈ OK .

3. Hence if ∆(M )2 is not squarefree than for eachPprime p such that

p2 |∆(M )2 , we look for α ∈ OK of the form α = p1 j cj wj with cj ∈ Z,
not all divisible by p. Suppose that p does not divide cj for j = k.
Multiplying through by r ∈ Z such that rck ≡ 1 mod p, we may assume
that ck ≡ 1 mod p. Subtracting integer multiples of the wi we may
assume that 0 6 ci < p for all i, and so ck = 1. Replacing wk by our
new α we get another basis, spanning a Z-module M ′ , say. The change
of basis matrix is
1 0 ... 0 0
 
 0 1 ... 0 0 
 . .. 
 .
 . .


c /p . . . . . . c /p
 
 1 n 
 . ..
 ..

. 
0 0 ... 0 1
1
and so ∆(M ′ )2 = p2
∆(M )2 .

4. Repeat the whole process with M ′ instead of M . If α does not exist

(there are only finitely many possibilities to check, since we only need
to check each ci in the range 0 6 ci < p) then p cannot divide m.
Eventually we reach a basis for which none of the available primes
divide m, so that m = 1 and we have arrived at an integral basis.

√ √
Example√ 3.17 K = Q( d), d squarefree. Start with Q-basis {1, d}.
Then {1, d} ⊆ OK and
√ 2
√

 1 − d
2 √

∆({1, d}) = 
  = 4d.
1 + d 
√
Since d is squarefree the only prime p such that p2 |∆({1, d})2 is p = 2.

12
 √
• Case 1: d ≡ 1 mod 4. We find 21 (1 + d) ∈ OK (This element has
minimal polynomial x2 − x + (1 − d)/4 ∈ Z[x]). In this case we find
1 √ 1
∆({1, (1 + d)})2 = 2 4d = d.
2 2
√
• Case 2: d 6≡ 1 mod 4. Then 21 (1 + d) 6∈ OK since x2 − x + 1−d 6∈ Z[x].
1 1
√ 4
The only other cases to check are 2 , 2 d, which are not in OK . Since
we did not find√any “α”, we conclude
√ that 2 does not divide the index
m = [OK : h1, diZ ]. Hence {1, d} is an integral basis.

4 Cyclotomic fields
None of the proofs in this section are examinable!
Let p > 2 be a prime and ζp := e2πi/p , so that ζpp = 1. Let K = Q(ζp ), a
cyclotomic field. Clearly ζ := ζp satisfies

xp − 1
f (x) = = xp−1 + xp−2 + · · · + x + 1.
x−1
Lemma 4.1. f (x) is irreducible in Q[x].

Proof. Let g(x) = f (x + 1). It suffices to show g(x) is irreducible. But

(x + 1)p − 1
g(x) = = xp−1 + pxp−2 + · · · + p.
(x + 1) − 1

Since p divides all the coefficients apart from the first, but p2 does not divide
the final coefficient p, the polynomial g(x) is irreducible over Z by Eisenstein’s
criterion and so over Q by Gauss’ Lemma.

Corollary 4.2. [K : Q] = p − 1.

So a regular p-gon can be constructed with a ruler and compass only if

p − 1 is a power of 2.
The roots of xp−1 + xp−2 +Q . . . x + 1 are ζ, ζ 2 , . . . , ζ p−1 . These are the
conjugates of ζ, and so f (x) = p−1 i
i=1 (x − ζ ).

13
Note 4.3
Qp−1
1. NormK/Q (1 − ζ) = i=1 (1 − ζ i ) = f (1) = p

2. NormK/Q (1 − ζ) = NormK/Q (ζ − 1) since p − 1 is even. Thus ζ − 1 has

minimal polynomial g(x) = f (x + 1).
[this last statement uses: f (x+1) = NormK/Q (x+1−ζ) = NormK/Q (x−
(ζ − 1)) = minimal polynomial of ζ − 1.]

Lemma 4.4. If w = {1, ζ, . . . , ζ p−2 } then ∆(w)2 = (−1)(p−1)/2 pp−2 .

Proof. From Question 5 on Problem Sheet 1 we see that

∆(1, ζ, . . . , ζ p−2 )2 = (−1)(p−1)(p−2)/2 NormK/Q (f ′ (ζ)).

Here K = Q(ζ) and

xp − 1
f (x) = .
x−1
Since p is odd the first factor reduces to (−1)(p−1)/2 . Now

(x − 1)pxp−1 − (xp − 1)
f ′ (x) =
(x − 1)2
and so
−pζ p−1
f ′ (ζ) = .
1−ζ
Hence from Note 4.3 above,
NormK/Q (−p)NormK/Q (ζ)p−1 (−p)p−1 1p−1
′
NormK/Q (f (ζ)) = = = pp−2
NormK/Q (1 − ζ) p

as required.
Theorem 4.5. The set {1, ζ, . . . , ζ p−2 } is an integral basis for OK .
Proof. Let θ = ζ − 1. Certainly we have Z[θ] = Z[ζ]. We shall show that
{1, θ, . . . , θp−2 } is an integral basis.
By Lemma 4.4 and Note 3.13 we see that

∆(Z[θ])2 = ∆(Z[ζ])2 = (−1)(p−1)/2 pp−2 .

14
Hence p is the only prime whose square divides ∆(Z[θ])2 . It follows that p is
the only prime which may divide [OK : Z[θ]]. If OK 6= Z[θ] then there exists
α ∈ OK such that
p−2
1X j
α= cj θ ,
p j=0

with cj ∈ Z not all divisible by p. Let r be minimal such that p does not
divide cr . We may assume cj = 0 for j < r by subtracting integer multiples
of the basis elements. Now αθp−2−r ∈ OK , since α and θ are in OK . Write
1
θp−2−r α = (cr θp−2 + cr+1 θp−1 + · · · + cp−2 θ2p−4−r ). (4.1)
p
Then
p(p − 1) p−3
θp−1 = −pθp−2 − θ − ··· − p
2
and so p−1 θp−1 ∈ OK . Hence by subtracting multiples of this from both sides
of (4.1) we see that p−1 cr θp−2 ∈ OK . However
p−1
cp−1
  
cr p−2 cr
NormK/Q θ = p p−2
= r ,
p p p

since NormK/Q (θ) = p and NormK/Q (cr /p) = (cr /p)p−1 . This, finally, con-
tradicts the fact that NormK/Q (α) ∈ Z for all α ∈ OK , since p does not
divide cr .

5 Unique Factorisation Domains

5.1 Revision from Part A Algebra
Let R be an integral domain.

Definition 5.1.

1. α ∈ R is a unit if and only if there exists β ∈ R such that αβ = 1. The

units in R form a group under multiplication; the group of units.

2. α, β ∈ R are associates if and only if there exists a unit u ∈ R such

that α = βu.

15
 3. A nonzero, non-unit element α ∈ R is irreducible if (α = βγ ⇒ β or
γ is a unit). We write β|α if there exists γ ∈ R such that α = βγ.

4. A nonzero, non-unit element α ∈ R is prime if (α|βγ ⇒ α|β or α|γ).

A prime element in R is irreducible (Problem Sheet 2).

Definition 5.2. Let R be an integral domain. R is a Euclidean domain (ED)

if and only if there exists a function (a Euclidean function) d : R\{0} →
N ∪ {0} such that

1. For all a, b ∈ R with b 6= 0, there exist q, r ∈ R such that a = qb + r

and either r = 0 or d(r) < d(b).

2. For all nonzero a, b ∈ R, d(a) 6 d(ab).

Definition 5.3. R is a principal ideal domain (PID) if and only if every

ideal is principal (recall that I is an ideal if it is an additive subgroup of R
and ∀r ∈ R, a ∈ I, ra ∈ I; furthermore I is principal if it is of the form
(γ) = {rγ : r ∈ R}).

Definition 5.4. R is a unique factorisation domain (UFD) if and only if for

all nonzero and non-unit α ∈ R there exist irreducible β1 , . . . , βn ∈ R such
that

1. α = β1 . . . βn

2. If α = γ1 . . . γm with irreducible γi , then m = n and there exists a

permutation σ of {1, . . . , n} such that βi and γσ(i) are associates.

In Part A algebra you proved:

R a ED ⇒ R a PID ⇒ R a UFD.

In an integral domain R in which factorisation into irreducibles is possible

then this factorisation is unique if and only if all irreducible elements are
prime (Problem Sheet 2).

16
5.2 Some applications of unique factorisation
First, a useful lemma:
Lemma 5.5. Let OK be the ring of integers in a number field K, and α, β ∈
OK . Then
1. α is a unit (in OK ) if and only if NormK/Q (α) = ±1.
2. If α and β are associates (in OK ) then NormK/Q (α) = ±NormK/Q (β).
3. If NormK/Q (α) is a rational prime, i.e. a prime number in Z, then α
is irreducible in OK .
Proof. 1. Proposition 3.10.
2. We have α = uβ with u a unit, and so:
NormK/Q (α) = NormK/Q (u)NormK/Q (β) = ±NormK/Q (β), by part 1.
3. Let α = γδ. Then NormK/Q (α) = p = NormK/Q (γ)NormK/Q (δ) for
some prime p ∈ Z. The result now follows from 1.

The converses of 2 and 3 are false (see later the proof of Proposition 5.8).

Application (1). Take K = Q(i), so that OK = Z[i]. This is a UFD (the

“Gaussian Integers”) — see Problem Sheet 2. We have NormK/Q (a + bi) =
a2 + b2 , so that the only units are ±1, ±i, by Proposition 3.10.

Theorem 5.6 (Fermat/Euler). If p is a prime, and p ≡ 1 mod 4, then there

exist a, b ∈ Z such that p = a2 + b2 , and this decomposition is unique. [here
‘unique’ means: up to ± and up to swapping a and b.]
 
Proof. Assume p ≡ 1 mod 4. Then −1 p
= 1, so there exists r ∈ Z such
that p|1 + r2 (e.g. r = g (p−1)/4 mod p where g is a primitive root modulo
p). In Z[i], we have p|(1 + ri)(1 − ri). If p is irreducible in the UFD Z[i],
then p|(1 + ri) or p|(1 − ri), because any irreducible is prime. However p
cannot divide 1 + ri, for example, because p1 + pr i 6∈ OK . Hence there exist
(a + bi), (c + di) ∈ Z[i], neither units, such that p = (a + bi)(c + di). Taking
norms
p2 = (a2 + b2 )(c2 + d2 ).

17
Now Z is a UFD and neither a+bi or c+di has norm ±1, giving p = a2 +b2 =
(a + bi)(a − bi). This yields the existence part of the theorem.
If a + bi = αβ in Z[i] then, taking norms, we find that
p = Norm(α)Norm(β).
Thus α or β must be a unit. Hence a + bi is irreducible in Z[i], and similarly
for a − bi. Thus p = (a + bi)(a − bi) is the unique factorisation of p into
irreducibles.
If also p = e2 + f 2 = (e + f i)(e − f i), then e + f i is an associate of either
a + bi or a − bi, so that e + f i is one of a + bi, −(a + bi), i(a + bi), −i(a + bi),
or a − bi, −(a − bi), i(a − bi), −i(a − bi). It follows that {a2 , b2 } = {e2 , f 2 },
which proves uniqueness.
√ √
Application (2). Take K = Q( −2) so that O √ K = Z[ −2]. This is a
UFD (Problem Sheet 2). We have NormK/Q (a + b −2) = a + 2b2 , so that2

the only units are ±1.

Theorem 5.7 (Fermat/Euler). The only integer solutions of y 2 + 2 = x3 are
x = 3, y = ±5.
Proof. If y were even then x would be even, giving 8|y 2 +2, which is impossible
since 4|y 2 . So y is √
odd. √
We have (y + −2)(y − −2)√= x3 . Suppose √ there is an irreducible
element α which
√ divides
√ both y + −2 and
√ y − −2. Then α divides the
3
difference 2 −2 = −( −2) . However −2 is √ irreducible since its norm is
2, which is prime in Z. So we must have α = ± −2. Now
√ √
α|y + −2 ⇒ −2|y ⇒ 2|y 2 ,
√ √
a contradiction, since y is odd. Hence y + −2 and y − −2 have no
irreducible
√ factor √in common. Unique factorisation therefore implies that
y + −2 and y − −2 are associates of cubes. √ Since the only units are ±1,
which are both cubes, we deduce that y ± −2 are both cubes.
We now have √ √
y + −2 = (a + b −2)3
√ √ √
= a3 + 3a2 b −2 + 3ab2 (−2) + b3 (−2) −2 = (a3 − 6ab2 ) + (3a2 b − 2b3 ) −2,
and hence b(3a2 − 2b2 ) = 1. Thus b = ±1, a = ±1, and so
y = a3 − 6ab2 = a(a2 − 6b2 ) = ±5 and x = 3.

18
 More theorems of Fermat

1. If prime p ≡ 1 or 3 mod 8 then p = x2 + 2y 2 uniquely (Problem Sheet

2).

2. If prime p ≡ 1 mod 3 then p = x2 + 3y 2 .

√ √
Proposition 5.8. For K = Q( −5) the ring OK = Z[ −5] is not a UFD.
√ √
Proof. We have the factorisation 6 = 2.3 =√(1 − −5)(1
√ + −5) in OK . We
claim that the elements in S = {2, 3, 1 + −5, 1 − −5} are irreducible in
OK . Now √
NormK/Q (a + b −5) = a2 + 5b2
so the norms of the elements in S are 4, 9, 6, 6, respectively. For α ∈ S, if α =
βγ with non-units β, γ ∈ OK , then Norm(β), Norm(γ) = ±2, ±3. However
there are no elements in OK with norm ±2, ±3, since a2 + 5b2 = ±2, ±3 has
no solutions in integers a, b. This proves the claim. √
By
√ Lemma 5.5 Part 2, the elements 2, 3 cannot be associates of 1 + −5,
1 − −5. So we have two distinct factorisations into irreducibles.

6 Unique Factorisation of Ideals

To recover unique factorisation we will use ideals instead of elements. Recall
that an ideal I of a commutative ring R is a non-empty subset for which
a ± b ∈ I whenever a, b ∈ I, and for which ra ∈ I whenever r ∈ R and a ∈ I.

6.1 Statement of the Unique Factorisation Theorem

6.1. Let R be an integral domain,
Definition n o and let I, J be ideals of R.
Pk
Then IJ := i=1 ai bi : ai ∈ I, bi ∈ J, k > 1 .

Observe that IJ consists of finite sums of arbitrary length k. We write

(a) := {ra : r ∈ R}

for the principal ideal generated by a.

19
Note 6.2 It is easy to check that:

1. IJ is an ideal of R,

2. If I = (α) and J = (β), then IJ = (αβ).

3. If I = (α) then IJ = (α)J = {αj : j ∈ J}.

Definition 6.3. Let R be an integral domain. An ideal I of R is prime if it

is proper and (ab ∈ I ⇒ a ∈ I or b ∈ I). (recall: an ideal I ✁ R is proper if
I 6= R).

Comment. We shall prove later (Theorem 6.26) that any nonzero proper
ideal A of OK can be written as a product of prime ideals A = P1 P2 . . . Pr
and this factorisation is unique up to the order of the factors.

Definition 6.4. Let K, L be fields with K ⊆ L. Let I be an ideal of OK .

Then I · OL is defined to be the ideal of OL generated by products of the form
iℓ, such that i ∈ I, ℓ ∈ OL (sometimes called the image of I in OL ). Note
that, for any ideals I, J of OK , any n ∈ N and any principal ideal (a) = aOK
of OK , (IJ) · OL = (I · OL )(J · OL ), I n · OL = (I · OL )n and (a) · OL = aOL ,
the principal ideal of OL generated by the same element (Problem Sheet 3).

6.2 Finiteness of the class number

Definition 6.5. If I, J are nonzero ideals of OK , we write I ∼ J (and say
that I is equivalent to J) if there exist α, β ∈ OK \{0} such that I(α) = J(β).

Lemma 6.6. The relation ∼ is an equivalence relation on the set of nonzero

ideals of OK .

Proof. Problem Sheet 3.

Definition 6.7. Equivalence classes in OK under ∼ are called ideal classes.

Let CK denote the set of ideal classes. The cardinality hK = |CK | is the class
number of K.

We shall prove shortly that hK < ∞.

Proposition 6.8. We have hK = 1 if and only if OK is a PID.

20
Proof. (⇐): Suppose OK is a PID. Then for any nonzero I ⊆ OK , there
exists α ∈ Ok such that I = (α). Then I(1) = OK (α), so I ∼ OK .
(⇒): Suppose hK = 1. Then for all I ✁ OK there exist α, β ∈ OK such
that
I(α) = OK (β). (6.1)
Now the right hand side is just (β). Since β ∈ (β) from Note 6.2 (3), we see
that β = iα for some i ∈ I. Hence β/α ∈ I ⊆ OK . We claim I = (β/α).
Certainly (β/α) ⊆ I. Also, a ∈ I =⇒ aα ∈ I(α) = (β), so aα = rβ, for
some r ∈ OK , giving: a = rβ/α, and so a ∈ (β/α); hence I ⊆ (β/α).
Lemma 6.9. Let I ⊆ OK be a nonzero ideal. Then I ∩ Z 6= {0}.
Proof. Choose any nonzero α ∈ I. Suppose that αd + ad−1 αd−1 + · · · + a0 = 0
(all ai ∈ Z) with a0 6= 0. Then a0 = −α(a1 + · · · + αd−1 ) ∈ I ∩ Z.
Lemma 6.10. Let I ⊆ OK be a nonzero ideal. Then OK /I is a finite ring.
Proof. Choose any nonzero a ∈ I ∩ Z. Then OK ⊇ I ⊇ (a). The map from
OK /(a) to OK /I which takes α + (a) to α + I is well-defined and onto. It
therefore suffices to show that OK /(a) is finite. Let w = {w1 , . . . , wn } be an
integral basis for OK . Then OK /(a) is isomorphic as an additive group to
⊕ni=1 (Z/(a))wi ∼
= (Z/(a))n , where n := [K : Q]. So #OK /(a) = an < ∞.
Definition 6.11. The norm of I is defined as N (I) := #OK /I.
Proposition 6.12. Let σ : K → K be an automorphism. Then I =
σ σ
(α1 , . . . , αn ) and , αnσ )
have the same
√ I = (α1 , . . . √ √ norm.

[So, for example,
in OQ( 7) = Z[ 7], N (3, 1 + 7) = N (3, 1 − 7) .]
√

Proof. Problem Sheet 4.

Proposition 6.13. If I = (α) then N (I) = |NormK/Q (α)|.
Proof. Let w = {w1 , . . . , wn } be an integral basis for OK . Then αw :=
{αw1 , . . . , αwn } will be a Z-basis forI = (α). Directly from the definition
Qn
one sees that ∆(αw) = i=1 σi (α) ∆(w) = NormK/Q (α)∆(w). However
I is an additive subgroup of OK with index P N (I), by Definition 6.11. Thus
if αwi is expressed in terms of w as αwi = cij wj , with cij ∈ Z, then we
will have N (I) = | det(cij )|, by Theorem 1.8. On the other hand, we have
∆(αw) = det(cij )∆(w), by Lemma 2.4. Hence N (I) = |∆(αw)/∆(w)| =
|NormK/Q (α)|.

21
Lemma 6.14 (Hurwitz). Let K be a number field with [K : Q] = n. Then
there exists a positive integer M , depending only on the choice of integral
basis for OK , such that for any γ ∈ K, there exist w ∈ OK and 1 6 t 6 M ,
t ∈ Z with  
NormK/Q (tγ − w) < 1.

Remark. If one could take M = 1 then for any γ ∈ K there would be a

w ∈ OK with |NormK/Q (γ − w)| < 1. This is equivalent to the Euclidean
property for the norm function. That is to say, if one can take M = 1 then
OK is a Euclidean Domain with Euclidean function d(α) = |NormK/Q (α)|.
In general one can regard Hurwitz’s lemma as providing a statement
weaker than the Euclidean property, but valid for any number field.
Proof.
PLet {w1 , . . . , wn } be an integral basis for OK . For any γ ∈ K we write
n
γ = i=1 γi wi with γi ∈ Q. Let γi = ai + bi with ai P ∈ Z and 0 6 bi < 1.
n
We
Pn define (for the duration of this proof only) [γ] = i=1 ai wi and {γ} =
i=1 bi wi . Hence we will have γ = [γ] + {γ} and [γ] ∈ OK for all γ ∈ K.
(1) (n)
Let wi , . . . , wi be the K/Q-conjugates of wi , and set
n X n
(j)
Y
C := ( |wi |).
j=1 i=1
Pn
Then if γ = γi wi and µ := max16i6n |γi |, we have
i=1
 n n
! n n
!
Y X  Y  
(j)   (j) 
X
|NormK/Q (γ)| =  γi wi  6 µ wi  = Cµn . (6.2)

 
j=1 i=1 j=1 i=1

Choose m to be the first integer after C 1/n and let M = mn , so that M

depends only on our choice of w1 . . . , wn . Define a linear map φ : K → Rn
by !
Xn
φ γi wi = (γ1 , . . . , γn ). (6.3)
i=1

Now φ({γ}) lies in the unit cube

B := {(x1 , . . . , xn ) ∈ Rn : 0 6 xi < 1} .

Partition B into mn subcubes of side 1/m, and consider the points φ({kγ}),
for 0 6 k 6 mn . There are mn + 1 such points and only mn available

22
subcubes. Hence, by the “Pigeon-hole principle”, there are two points lying
in the same subcube. Suppose these correspond to k = h and l, with h > l.
Letting t = h − l, we have 1 6 t 6 mn = M . It follows that tγ = w + δ
where w := [hγ] − [lγ] ∈ OK and δ := {hγ} − {lγ} with

φ(δ) ∈ [−1/m, 1/m]n .

By (6.2) and (6.3), we now find that

|NormK/Q (δ)| 6 C(1/m)n < 1,

since we took m > C 1/n . The lemma then follows, since δ = tγ − w.

Theorem 6.15. The class number hK = #CK is finite.

Proof. Let I be a nonzero ideal of OK . Choose 0 6= β ∈ I such that |Norm(β)|

is minimal, and let M be as in Hurwitz’s lemma. Now consider an arbitrary
α ∈ I, and apply the lemma with γ := α/β. Then there exists an integer t
in the range 1 6 t 6 M such that |Norm(t(α/β) − w)| < 1 with w ∈ OK .
Thus tα − βw ∈ I and |Norm(tα − βw)| < |Norm(β)|. This contradicts
the minimality of |Norm(β)| unless tα − wβ = 0. We therefore deduce that
tα ∈ (β). In general the integer t will be different for different values of
α, but we can always deduce that M !α ∈ (β). Since α was arbitrary we
conclude that
(M !)I ⊆ (β). (6.4)
Let
J := {1/β × M ! × α : α ∈ I}.
Then J is an ideal; the only non-trivial part is checking that J ⊆ OK , but
this follows from (6.4). Moreover (β)J = (M !)I, so that I ∼ J.
By taking α = β in the definition of J we see that OK ⊇ J ⊇ (M !). By
Lemma 6.10 we know that OK /(M !) is finite, and so there are only finitely
many possibilities for J. Hence I is equivalent to one of finitely many ideals.
It follows that there are finitely many equivalence classes.

6.3 Ideal classes form a group under multiplication

Lemma 6.16. If I, J ⊆ OK are ideals, with I nonzero, and JI = I then
J = OK .

23
Proof. Let {α1 , . P
. . , αn } be a Z-basis for I. Since I = JI there exist bij ∈ J
n
such that αi = j=1 bij αj . Hence det(bij − δij ) = 0, and expanding this
determinant out, one sees that all terms lie in J, except the product of the
1’s in the identity matrix. Hence 1 ∈ J and so J = (1) = OK .
Lemma 6.17. If I is a nonzero ideal of OK , and w ∈ K with wI ⊆ I, then
w ∈ OK .
Proof. Take M = I in Lemma 3.6.
Lemma 6.18. If I, J are nonzero ideals in OK , and w ∈ OK is such that
(w)I = JI, then (w) = J.
Proof. Choose an arbitrary β ∈ J. Then (w)I ⊇ (β)I, so that {β/w}I ⊆ I.
By Lemma 6.17 we therefore have β/w ∈ OK , and so β ∈ (w). Since β was
arbitrary we deduce that J ⊆ (w), giving that w−1 J is an ideal in OK . We
then have I = (w−1 J)I and so by Lemma 6.16, we obtain w−1 J = OK , so
that J = (w).
Proposition 6.19. For any nonzero ideal I ⊆ OK , there exists k such that
1 6 k 6 hK and I k is principal.
Proof. Among the hK + 1 ideals {I i : 1 6 i 6 hK + 1} some two must be
equivalent. Suppose that I i ∼ I j with j > i. Then (α)I i = (β)I j for some
α, β ∈ OK . Let k = j − i and J = I k . Then (α)I i = (β)I i J ⊆ (β)I i , so that
{α/β}I i ⊆ I i . By Lemma 6.17 we have α/β ∈ OK . Also (α/β)I i = JI i and
so, by Lemma 6.18, (α/β) = J. It follows that J = I k is principal.
Proposition 6.20. The ideal classes form a group CK . It is called the class
group of K and its order is the class number hK .
Proof. Given two ideal classes [I], [J] we define the product [I] · [J] := [IJ].
This is well-defined (easy). The element [OK ] acts as an identity, and asso-
ciativity is easily verified. Thus it remains to show the existence of inverses.
Let [I] be the class of I, and [OK ] = [(1)] the identity. However, given
[I] ∈ CK , if I k is principal, then [I k−1 ] is an inverse of [I].

6.4 Proof of the unique factorisation theorem

Lemma 6.21 (Cancellation Lemma). Let A, B, C ⊆ OK be nonzero ideals
with AB = AC. Then B = C.

24
Proof. Let k be such that Ak = (α) is principal. Multiplying by Ak−1 , we
get (α)B = (α)C, and so B = C.
Definition 6.22. Let A, B ⊆ OK be nonzero ideals. We write B|A if there
exists an ideal C ⊆ OK such that A = BC.
Proposition 6.23. Let A, B be nonzero ideals in OK . Then B ⊇ A if and
only if there exists an ideal C such that A = BC, i.e., B|A.
So to contain is to divide!
Proof. Let k > 1 be such that B k = (β) is principal. If B ⊇ A then we
have B k−1 A ⊆ B k = (β). Let C := {1/β}B k−1 A, so that C ⊆ OK is an
ideal. Then BC = B{1/β}B k−1 A = A. Hence B|A. Conversely, if B|A then
A = BC ′ , for some C ′ ; furthermore BC ′ ⊆ B, since B is an ideal. Hence
B ⊇ A.
Lemma 6.24. Let A, B be nonzero ideals, and P a prime ideal of OK such
that P |AB. Then either P |A or P |B.
Proof. Suppose that P |AB and P does not divide A. We must show that
P |B. Now P ⊇ AB but P 6⊇ A, so there exists α ∈ A with α 6∈ P . For any
β ∈ B we will have αβ ∈ P , since P ⊇ AB. However P is a prime ideal,
so if αβ ∈ P one of α or β must belong to P . In our case we conclude that
β ∈ P . Hence P ⊇ B, so that P |B by Proposition 6.23.

Note 6.25 In general, for any ring, every maximal ideal is prime. In the
case of rings OK the converse is true for nonzero ideals. To prove this, note
that if P is a nonzero prime ideal of OK then OK /P is a finite integral
domain. Any finite integral domain is a field, and hence OK /P is a field. It
then follows that P is maximal.
This following key theorem is due to Dedekind — as is most of the theory
of ideals in number fields.

Theorem 6.26. (Unique Factorisation Theorem for ideals of OK ). Let A

be any nonzero proper ideal of OK . Then there exist prime ideals P1 , . . . , Pr
such that A = P1 . . . Pr . The factorsiation is unique up to the order of the
factors; that is, if A = Q1 . . . Qs is another prime ideal factorisation then
s = r and there exists a permutation σ such that Qi = Pσ(i) , 1 6 i 6 r.

25
Proof. Assume not every ideal A (nonzero and proper) has a prime factori-
sation. Let A be such an ideal with N (A) minimal. There exists a maximal
(hence prime) ideal P1 containing A. So Proposition 6.23 shows that there
is an ideal C with A = P1 C.
If A = C then P1 C = C and P1 = OK , by Lemma 6.16. This is clearly
impossible. Hence A ⊆ C, and by the definition of the norm (Definition
6.11) we have N (A) = N (C)[C : A] > N (C). Hence, by our minimality
assumption for A, one can factor C into prime ideals as C = P2 . . . Pr (or
C = OK and A = P1 ). Therefore A = P1 . . . Pr , a contradiction. Hence every
nonzero proper ideal has a prime factorisation.
Suppose
A = P1 P2 . . . Pr = Q1 Q2 . . . Qs .
Now P1 |Q1 . . . Qs . Let k be minimal such that P1 |Q1 . . . Qk . If k = 1 then
P1 |Q1 . If k > 1 then P1 |(Q1 . . . Qk−1 )Qk , but P1 does not divide Q1 . . . Qk−1 .
Since P1 is prime, we must have P1 |Qk . We therefore have P1 |Qk (so P1 ⊇ Qk )
in either case. Since Qk is maximal this implies that P1 = Qk . Without loss
of generality we take k = 1 and then, by the cancellation lemma 6.21, we
have P2 . . . Pr = Q2 . . . Qs . We may now repeat the process until every Pi
has been shown to equal some Qj .
Note that the prime ideals which occur in the factorisation of A are those
which contain A.
Note also that if u ∈ OK is a unit, then (u) = OK and so (u)I = I for any
ideal I ⊆ R; that is to say, ideals “absorb” units. Thus “unique factorisation
of ideals” is simpler to describe than “unique factorisation of elements”. If
OK is a PID then the theorem implies directly that it is a UFD. However, in
general OK will not be a PID, that is to say, not all ideals will be principal.
Note 6.27
At this point we explain how to multiply ideals in practice. It is a fact,
which we will not prove here, that every ideal can be written with at most 2
generators. We shall write (α, β) for the ideal

(α, β) = {αa + βb : a, b ∈ OK }.

Then the product

Xn
(α, β)(γ, δ) = { µi νi : µi ∈ (α, β), νi ∈ (γ, δ)}
1

26
clearly contains the four elements αγ, αδ, βγ, βδ, giving

(αγ, αδ, βγ, βδ) ⊆ (α, β)(γ, δ).

Moreover any term µi νi in the sum above is of the shape (αa + βb)(γc + δd) ∈
(αγ, αδ, βγ, βδ), so that

Xn
(α, β)(γ, δ) = { µi νi : µi ∈ (α, β), νi ∈ (γ, δ)} ⊆ (αγ, αδ, βγ, βδ).
1

Thus we must have

(α, β)(γ, δ) = (αγ, αδ, βγ, βδ).

To reduce the 4 generators on the right to at most 2 requires ad hoc

methods (given only the technology from the present course). As an example
consider
√ √ √ √
(11, 3 + −13)(11, 3 − −13) = (121, 33 − 11 −13, 33 + 11 −13, 22).

All the generators belong to (11), and so

√ √
(121, 33 − 11 −13, 33 + 11 −13, 22) ⊆ (11).

On the other hand 11 is the highest common factor of 121 and 22, over Z,
so that one can solve 11 = 121m + 22n over Z. It follows that
√ √
(11) ⊆ (121, 22) ⊆ (121, 33 − 11 −13, 33 + 11 −13, 22).

We can therefore conclude that

√ √
(121, 33 − 11 −13, 33 + 11 −13, 22) = (11)

and hence that

√ √
(11, 3 + −13)(11, 3 − −13) = (11).

27
6.5 Multiplicativity of the Norm
Definition 6.28. Let A, B be ideals. We define

A + B := {a + b : a ∈ A, b ∈ B},

which is clearly an ideal. We say that A, B are coprime if A + B = OK .

This will occur if and only if there does not exist a maximal P such that
P ⊇ A and P ⊇ B. Thus, A and B are coprime if and only if they have no
prime ideal factor in common.
Note also that, if A, B are coprime and A|BC then A|C; furthermore, if
A, B are coprime and A|I, B|I then AB|I (Problem Sheet 2).
Lemma 6.29. If A and B are coprime then AB = A ∩ B.
Proof. Certainly AB ⊆ A ∩ B, and so A ∩ B|AB. On the other hand, since
A|A ∩ B and B|A ∩ B, it follows by coprimality and unique factorisation that
AB|A ∩ B. These two divisibility relations suffice for the proof.
Lemma 6.30. If nonzero A, B are coprime then N (AB) = N (A)N (B).
Proof. The Chinese Remainder Theorem gives

OK /(A ∩ B) ∼
= OK /A ⊕ OK /B

when A + B = OK , (that is to say, when they are coprime). By the previous

lemma, A ∩ B = AB. The lemma then follows on considering the cardinality
of the two sides.
Lemma 6.31. If P is a nonzero prime ideal of OK and i > 0 then #P i /P i+1 =
#OK /P .
Proof. We have P i+1 ⊆ P i , but by the Cancellation Lemma 6.21, we cannot
have P i = P i+1 . We may therefore choose π ∈ P i with π 6∈ P i+1 . Then
P i ⊇ (π). Let (π) = P i B with B not divisible by P . Define a homomorphism
of additive groups by
θ : OK → P i /P i+1
α 7→ απ.
(So one multiplies α by π and then reduces modulo P i+1 .) We now have

θ(α) = 0 ⇔ απ ∈ P i+1 ⇔ (απ) ⊆ P i+1 ⇔ (α)P i B ⊆ P i+1

28
 ⇔ P i+1 |(α)P i B ⇔ P |B(α) ⇔ P |(α).
Hence ker θ = P .
It now suffices to show that θ is surjective. However

(π) + P i+1 = P i B + P i+1 = P i

since B + P = OK . Thus, given any β + P i+1 ∈ P i /P i+1 (so that β ∈ P i )

there exist α ∈ OK and γ ∈ P i+1 such that απ + γ = β. We then have
θ(α) = β + P i+1 , as required. Finally, the First Isomorphism Theorem for
groups gives that:

OK /P ∼
= OK / ker θ ∼
= imθ = P i /P i+1 .

Taking orders of both sides gives the required result.

Corollary 6.32. If P is a nonzero prime ideal and e > 1 then N (P e ) =
N (P )e .
Proof. Considering OK and P i as additive groups we have

N (P e ) = #OK /P e = #OK /P · #P/P 2 · · · · · #P e−1 /P e

= (#OK /P )e = N (P )e .

Corollary 6.33. If AQ= i Piei , (Pi being distinct nonzero prime ideals),
Q
then we have N (A) = N (Pi )ei .
Proof. Use the corollary above and Lemma 6.30.
From the Unique Factorisation Theorem 6.26 and this last corollary we
deduce:
Proposition 6.34. If A, B are nonzero ideals then N (AB) = N (A)N (B).
Note that if N (I) = p, a rational prime, then I is automatically prime.
The converse is not true, but we shall soon see that every prime ideal P does
have N (P ) = pk for some rational prime p and integer k.
√
Example 6.35 What happens in Z[ −5]? Recall that
√ √
6 = 2 × 3 = [1 − −5] × [1 + −5].

29
In terms of ideals we write this as
√ √
(6) = (2)(3) = (1 − −5)(1 + −5).
√ √ √
= (2, 1 + −5), P2 = (2, 1 − −5), Q1 = (3, 1 + −5) and Q2 =
Let P1 √
(3, 1 − −5) where (α, β) := {rα + sβ : r, s ∈ OK }. Now

(2) = (4, 6) ⊆ P1 P2 ⊆ (2, 6) = (2)

giving P1 P2 = (2). We have N ((2)) = Norm(2) = 4, and so N (P1 )N (P√ 2 ) = 4.

Moreover an easy calculation shows that a ≡ b mod 2 whenever a + b −5 ∈
Pi , and so Pi 6= OK . We therefore deduce that N (P1 ) = N (P2 ) = 2. Similarly
(3) = (9, 6) ⊆ Q1 Q2 ⊆ (3, 6) = (3), so that Q1 Q2 = (3), and N (Q1 ) =
N (Q2 ) = 3. It follows
√ that P1 , P2 ,√Q1 , Q2 are all prime ideals. (In fact,
P1 = P2 , e.g. 1 − −5 = 2.1 −√(1 + −5).1 ∈ P1 .) √
We also have P1 , Q1 ⊇ (1+ √−5) and P2 , Q2 ⊇ (1− √−5). Consideration
of norms then shows that (1 + −5) = P1 Q1 and (1 − −5) = P2 Q2 . Thus
√ √
(2)(3) = (1 + −5)(1 − −5) becomes P1 P2 Q1 Q2 = P1 Q1 P2 Q2 ,

demonstrating that we have the same factorisation into ideals, even though
the factorisations into irreducibles are different.

7 Decomposition into prime ideals

Let K be a number field of degree [K : Q] = n. Let P be a nonzero prime
ideal of OK . Then P ∩ Z is a prime ideal of Z, and so is of the form pZ for
some rational prime p. We therefore have P ⊇ pOK = (p). We say that P
lies above the prime p.
Suppose that
(p) = P1e1 . . . Prer
where P1 , . . . , Pr are distinct prime ideals in OK . Then P1 , . . . , Pr are the
prime ideals lying above the rational prime p. Taking norms we have

pn = N (P1 )e1 . . . N (Pr )er

Hence, each N (Pi ) = pfi and ri=1 ei fi = n.

P
Note also that P must be one of the Pi and so N (P ) is a power of p.

30
Definition 7.1. The integer ei is called the ramification index of Pi . If
ei > 1 we say that Pi is ramified. If some ei > 1 we say that p ramifies in
K. The integer fi is called the degree of Pi .
Note that pfi = #OK /Pi and that OK /Pi is isomorphic to the finite field
with pfi elements.
Theorem 7.2 (Dedekind). Suppose that K = Q(α) with α ∈ OK having
minimal polynomial m(x) ∈ Z[x] of degree n. If p does not divide [OK : Z[α]]
and m̄(x) := m(x) mod p ∈ Fp [x] factorises as
r
Y
m̄(x) = ḡi (x)ei
i=1

with ḡi distinct and irreducible, then

1. Pi = (p, gi (α)) is a prime ideal of OK (here gi (x) ∈ Z[x] is any polyno-
mial such that gi (x) ≡ ḡi (x) mod p).

2. The prime ideals Pi are distinct.

3. The degree of Pi is the degree of g¯i .

4. (p) = ri=1 Piei .

Q

Proof. Suppose that p does not divide the index [OK : Z[α]]. Consider the
natural map Z[α] → OK /pOK . An element γ of the kernel must have the
form pβ for β ∈ OK . Since p does not divide the index [OK : Z[α]] we must
have β ∈ Z[α]. The kernel is thus precisely pZ[α] and we get an injection
Z[α]/pZ[α] ֒→ OK /pOK . Indeed this must be an isomorphism of rings since
both sides have order pn . Now consider the ring homomorphism from Z[x]
to Z[α]/pZ[α] taking g(x) to g(α) + pZ[α]. This has kernel

{g(x) : g(x) = m(x)h(x) + pj(x)} = (p, m(x)),

giving
Z[α]/pZ[α] ∼
= Z[x]/(p, m(x)).
Finally consider the homomorphism from Z[x] to Fp [x]/(m̄(x)), sending g(x)
to ḡ(x) + (m̄(x)). The kernel of this map is

{g(x) : m̄(x)|ḡ(x)} = {g(x) : g(x) = m(x)h(x) + pj(x)} = (p, m(x)).

31
Thus Z[x]/(p, m(x)) ∼
= Fp [x]/(m̄(x)), and composing our various maps we
obtain

OK /pOK ∼
= Z[α]/pZ[α] ∼
= Z[x]/(p, m(x)) ∼
= Fp [x]/(m̄(x)).

We are looking for prime ideals P with OK ⊇ P ⊇ pOK . There is a 1 − 1

correspondence between the prime ideals of OK containing (p) and the prime
ideals of OK /pOK , and between these latter prime ideals and the prime ideals
of Fp [x]/(m̄(x)). However the prime ideals of Fp [x]/(m̄(x)) are generated by
irreducible factors ḡi (x) of m̄(x). Tracing back the effect of our various
isomorphisms one sees that these correspond to Pi = (p, gi (α)) in OK . This
proves parts 1 and 2 of the theorem. Moreover one sees, again by checking
the effect of our three isomorphisms, that N (Pi ) = #Fp [x]/(ḡi (x)), which
proves part 3.
Finally we have
r
Y r
Y r
Y r
Y
Piei = ei
(p, gi (α)) ⊆ ei
(p, gi (α) ) ⊆ (p, gi (α)ei ) = (p).
i=1 i=1 i=1 i=1

However pfi = N (Pi ) = pdeg(gi ) (by part 3), so that

r
!
Y Pr Pr
N Piei = p i=1 ei fi = p i=1 ei deg(gi ) = pn .
i=1
Qr
On the other hand, N ((p)) = pn and so (p) = i=1 Piei . This proves part 4,
the final assertion of the theorem.
Corollary 7.3. If p ramifies then p|∆(Z[α])2 .
Proof. If p|[OK : Z[α]] then p|∆(Z[α])2 . So we may suppose that p does not
divide [OK : Z[α]]. Then the above theorem shows that if p ramifies, with a
factor P 2 , then m̄(x) has a multiple irreducible factor ḡ(x) over Fp , for which
g(α) ∈ (p, g(α)) = P . We then have m(x) = g(x)2 h(x) + pk(x), say, so that

m′ (x) = g(x){2g ′ (x)h(x) + g(x)h′ (x)} + pk ′ (x) = g(x)j(x) + pl(x),

say. Thus m′ (α) = g(α)j(α) + pβ with β ∈ OK . It follows that

Y Y
NormK/Q (m′ (α)) = σ(m′ (α)) = σ(g(α)j(α)) + pγ
σ σ

32
for some algebraic integer γ. We now have

NormK/Q (m′ (α)) = NormK/Q (g(α))NormK/Q (j(α)) + pγ,

so that in particular we see that γ ∈ Z. However, since P |(g(α)) we will

have N (P )|NormK/Q (g(α)) and hence p|NormK/Q (g(α)). We therefore con-
clude that p|NormK/Q (m′ (α)). The result now follows, since ∆2 (Z[α]) =
±NormK/Q (m′ (α)), by Problem Sheet 1.
√ √ √
Example 7.4 Let K = Q( −5), so that OK = Z[ −5] and ∆(Z[ −5])2 =
4(−5) = −20. The possible ramified primes are 2 and 5. We have m(x) =
x2 + 5, and
x2 + 5 ≡ x2 + 1 ≡ (x + 1)2 mod 2
so that √
(2) = (2, −5 + 1)2 .
Similarly, x2 + 5 ≡ x2 mod 5 so that
√ √
(5) = (5, −5)2 = ( −5)2 .

For all primes we have ri=1 ei fi = 2, so r 6 2. Thus one of the following

P
cases holds: r = 1, e1 = 2, f1 = 1 (ramified case), or r = 1, e1 = 1, f1 = 2
(we say p remains inert), or r = 2, e1 = e2 = 1, f1 = f2 = 1 (we say p splits).
We extend this language to general algebraic number fields, saying that p is
inert if (p) is prime in OK , and that p splits otherwise.
We havealready  dealt with p = 2, 5 so consider p 6= 2, 5.
Case 1: p = −1. Then x2 + 5 is irreducible modulo p, and
−5

√
(p) = P := (p, −5 2 + 5) = (p)

is inert.  
Case 2: −5
p
= 1. Then

x2 + 5 ≡ (x − a)(x + a) mod p
√
where a 6≡ −a√mod p. In this case (p) = P1 P2 where P1 = (p, −5 − a)
and P2 = (p, −5√+ a). e.g. √ x2 + 5 ≡ x2 − 1 ≡ (x − 1)(x + 1) mod 3,
so that (3) = (3, −5 − 1)(3, −5 + 1). (Note that for case 2 we have
p ≡ 1, 3, 7, 9 mod 20 by quadratic reciprocity.)

33
8 Minkowski: computation of the class group
8.1 Minkowski’s convex body theorem
Let {v1 , . . . , vn } be any basis for Rn . Let L = { ni=1 ai vi : ai ∈ Z} be
P
n
the
Pnlattice generated by the vi . It is an additive subgroup of R . Let D =
{ i=1 ai vi : ai ∈ [0, 1)}. We call D a fundamental domain for L. Every
v ∈ Rn canP be expressed uniquely as v = u + w with u ∈ L and w ∈ D.
If vi = nj=1 aij ej where {e1 , . . . , en } is the “standard basis” for Rn , then
we define Vol(D) := | det(aij )|; this is sometimes denoted Vol(L). We also
have Vol(D)2 = det(vi · vj ), being the determinant of matrix (aij )(aij )t . One
can easily check that Vol(D) is independent of the choice of Z-basis for the
lattice L.
Lemma 8.1 (Blichfeldt). Let L be a lattice in Rn , and let S be a bounded,
measurable subset of Rn such that Vol(S) > Vol(L). Then there exist x, y ∈ S
with x 6= y and such that x − y ∈ L.
Proof. (Non-examinable)
Let D be a fundamental domain for L. When a ∈ L write S(a) = (S −a)∩
D. Then S is the
Pdisjoint union of the sets S(a)+a as a runs over L. It follows
that Vol(S) = a∈L Vol(S(a)). However Vol(S) > Vol(D) and S(a) ⊆ D.
Thus some S(b) and S(c) with b 6= c must overlap. Let v ∈ S(b) ∩ S(c). Then
x = v + b ∈ S and y = v + c ∈ S, and x − y = b − c ∈ L.
Definition 8.2. We say S ⊆ Rn is convex if
x, y ∈ S, 0 6 λ 6 1 ⇒ λx + (1 − λ)y ∈ S.
We say S is symmetric (about the origin) if
x ∈ S ⇒ −x ∈ S.
Theorem 8.3 (Minkowski’s Convex Body Theorem). Let L be a lattice in
Rn . Let S be a bounded measurable subset of Rn which is convex and sym-
metric. If Vol(S) > 2n Vol(L) then there exists v ∈ L − {0} with v ∈ S.
Proof. (Non-examinable)
We have Vol( 12 S) = 2−n Vol(S) > Vol(L). Thus Blichfeldt’s result tells us
that there exist x, y ∈ 21 S such that x − y ∈ L − {0}. Now 2x ∈ S and, by
symmetry, −2y ∈ S. Using convexity we then find that 12 (2x + (−2y)) ∈ S,
that is to say, x − y ∈ S.

34
Note 8.4 If S is closed, and therefore compact, then it is enough to have
Vol(S) > 2n Vol(L).

Example 8.5 We give another proof that if p ≡ 1 mod 4 then there exist
p = x2 + y 2 .
x, y ∈ Z such that 
We know that −1 p
= 1, so there is an s such that s2 ≡ −1 mod p. If
p = x2 + y 2 then x2 + y 2 ≡ 0 mod p and so (x/y)2 ≡ −1 mod p. Hence x ≡
±sy mod p. We will search for a “small” integer solution to x ≡ sy mod p.
Such points form a lattice L in R2 . We have
x ≡ sy mod p ⇔ x = sy + pz, with z ∈ Z ⇔ (x, y) = y(s, 1) + z(p, 0).
Hence {(s, 1), (p, 0}} is a basis for L, and
  
 s p 
Vol(L) = det
 = p.
1 0 
√
Let C be the disc x2 + y 2 < 2p, with radius 2p. The set C is clearly convex
and symmetric about the origin, and
p
Vol(C) = π( 2p)2 = 2πp > 22 p = 22 Vol(L).
Hence by Minkowski’s Theorem there exists a nonzero v ∈ L such that
v ∈ C. Suppose that v = (x, y). Since v ∈ L we have x ≡ sy mod p, and
hence x2 + y 2 ≡ 0 mod p. However v ∈ C implies x2 + y 2 < 2p, so that
x2 + y 2 = 0 or p. Finally, since v 6= 0 we must have x2 + y 2 = p.

8.2 Minkowski’s bound

Let [K : Q] := n = r + 2s where r is the number of real embeddings
σ1 , . . . , σr : K → R, and s the number of pairs of complex embeddings
σr+1 , . . . , σr+s , σ̄r+1 , . . . , σ̄r+s : K → C
Definition 8.6. Let σ : K → Rr × Cs ∼ = Rn be defined as σ(x) :=
(σ1 (x), . . . , σr (x), ℜ(σr+1 (x)), ℑ(σr+1 (x)), . . . , ℜ(σr+s (x)), ℑ(σr+s (x))) .
Let OK be the ring of integers of K, and let {v1 , . . . , vn } be an integral
basis for OK . Write A for the matrix whose ith row is σ(vi ). By elementary
column operations we find that
p
(−2i)s det(A) = det(σj (vi )) = ± |∆2 | 6= 0

35
where ∆p 2
:= ∆2 (K). Thus det(A) 6= 0, and σ(OK ) is a lattice in Rn of
volume |∆2 |/2s . P
If I is an ideal of OK , with basis w = {w1 , . . . , wn } then wi = j cij vj
and
N (I) = [OK : I] = | det(cij )|
by Theorem 1.8. Moreover, ∆2 (w) = det2 (cij )∆2 (v) by Lemma 2.4, and
so ∆2 (w) = N (I)2 ∆2 (v). We can now replace the basis v in the previous
calculation by w, to deduce that
p p p
|∆2 (w)| N (I) |∆2 (v)| N (I) |∆2 |
Vol(σ(I)) = = = .
2s 2s 2s
Lemma 8.7. For t > 0 let
( r s
)
X X
Rt := (x1 , . . . , xr , z1 , . . . , zs ) ∈ Rr × Cs : |xi | + 2 |zi | 6 t .
i=1 i=1

Then

1. Rt is a compact, symmetric, and convex subset of Rn ,

2. Vol(Rt ) = 2r tn (π/2)s /n!

Proof. Non-examinable. See Lang, Algebraic Number Theory, (Addison-

Wesley, 1970), page 116.

Theorem 8.8. Let I ⊆ OK be a nonzero ideal. Then there exists a nonzero

α ∈ I with
|NormK/Q (α)| 6 cK N (I)
where  s
4 n! p 2
cK := |∆ (K)|
π nn
is Minkowski’s constant for K.
p
Proof. Choose t ∈ R so that π s tn /n! = 4s |∆2 (K)|N (I). Then
p
2r tn (π/2)s 2n |∆2 (K)|N (I)
Vol(Rt ) = = s
= 2n Vol(σ(I)).
n! 2

36
By Minkowski’s theorem (compact version), there exists a nonzero α ∈ I
such that σ(α) ∈ Rt . Hence
r
X r+s
X p
|σi (α)| + 2 ℜ(σi (α))2 + ℑ(σi (α))2 6 t.
i=1 i=r+1
Pn
This means that i=1 |σi (α)| 6 t and so
n
1X t
|σi (α)| 6 .
n i=1 n

By the inequality of the arithmetic and geometric means we have

n
!1/n n
!
Y 1 X t
|σi (α)| 6 |σi (α)| 6 ,
i=1
n i=1
n

t n


giving |NormK/Q (α)| 6 n
= cK N (I).

Theorem 8.9. Any ideal class c ∈ CK contains an ideal J such that N (J) 6
cK , that is to say  s
4 n! p 2
N (J) 6 |∆ (K)|.
π nn
Proof. Let I be any ideal in the inverse class c−1 . We now know there
exists a nonzero α ∈ I such that |NormK/Q (α)| 6 cK N (I). Since (α) ⊆ I
we have I|(α), and so there exists an ideal J such that IJ = (α). The
relations I ∈ c−1 and IJ = (α) imply that [J] = c and J ∈ c. Moreover
N (I)N (J) = N (IJ) = |NormK/Q (α)| 6 cK N (I), and so N (J) 6 cK .

Note 8.10 For a nonzero ideal J ⊆ OK we have N (J) = #OK /J so that

N (J).x ∈ J for any x ∈ OK , by Lagrange’s Theorem, regarding OK /J as
an additive group. Taking x = 1 shows that N (J) ∈ J. It follows that
J ⊇ (N (J)), and hence that J|(N (J)).
We can therefore deduce that every class c contains an ideal J such that
J has an element m ∈ J ∩ N with m 6 cK .

Corollary 8.11. If K 6= Q then |∆2 (K)| > 1.

37
Proof. Since N (J) > 1 for any ideal J ⊆ OK , we must have
 s  n
4 n! p 2 4 n! p 2
16 |∆ (K)| 6 |∆ (K)|.
π nn π nn

n n
Let bn := π4 nn! . It will suffice to show that bn > 1 for all n > 2. Now
b2 = π 2 /8 > 1. Moreover
 n  
bn+1 π 1 π 1 π
= 1+ = 1 + n + . . . > > 1.
bn 4 n 4 n 2
Hence bn > 1 for all n > 2.

9 Class group computations and Diophantine

applications

Note 9.1 The class group is abelian. Let c be any ideal class. Then
there exists J ∈ c with N (J) 6 cK . Write J as a product of prime ideals,
J = P1 . . . Ps , say. By the multiplicativity of the norm, N (Pi ) 6 cK for each
i. Moreover c = [J] = [P1 . . . Ps ] = [P1 ] . . . [Ps ]. Hence c is in the group
generated by ideal classes of prime ideals of norm at most cK . Thus the class
group itself is generated by classes of prime ideals in OK of norm at most
cK .
In order to find a suitable set of generators we observe that prime ideals
of norm 6 cK are factors of ideals (p) where p ∈ N is prime and p 6 cK .
Using Dedekind’s Theorem 7.2, we can factor all such primes p into prime
ideals, to give a complete set of generators.
To determine the class group it remains to find any relations satisfied by
the classes of these prime ideals. Some such relations can be found from the
prime factorisations of the ideals (p), since these are principal, and others can
be obtained by factoring principal ideals (α) generated by elements α ∈ OK
of small norm.
To show that the set of relations found is complete one needs to show that
appropriate combinations of the generators are not principal. In general this
can be awkward, but for complex quadratic fields one can prove that an ideal
I is non-principal by finding all elements α ∈ OK with NormK/Q (α) = N (I),
and checking whether or not I = (α). If K is complex quadratic there will
only be finitely many possible α with NormK/Q (α) = N (I) to check.

38
 √ √
Example 9.2 Let K = Q( −5), so that OK = Z[ −5]. We know from
Proposition 5.8 that OK is not a PID, so that hK > 1. We have n = 2, s =
1, r = 0, and ∆2 (K) = −20. Thus
√
2! 4 √
 
4 5
cK = 2 20 = < 3.
2 π π
It follows that every ideal class contains an ideal of norm at most 2, and
that CK is generated by classes√ of prime ideals of norm at most 2. However
(2) = P22 where P2 = (2, 1 + −5) with N (P2 ) = 2. Hence [P2 ] generates
CK . Moreover P22 = (2), giving [P2 ]2 = [(2)] = [OK ], which is the identity in
CK . Hence CK is cyclic of order 2, and hK = 2.
√ √
Example 9.3 Next consider K = Q( −6), for which OK = Z[ −6], with
n = 2, r = 0, s = 1 and ∆2 (K) = −24. In this case
√
2! 4 √
 
4 6
cK = 2 24 = ≈ 3.1.
2 π π
The ideal class group CK is generated by classes of prime ideals P such that
N (P ) 6 cK , which means that N (P ) = 2 or 3. √
Now x2 + 6 ≡ x2 mod 2, and so (2) = P22 where√P2 := (2, −6). Similarly
x2 +6 ≡ x2 mod 3, so that (3) = P32 with P3 := (3, −6). We have N (P2 ) = 2
and N (P3 ) = 3. (Indeed e = 2, f = 1 in both cases.) It follows that CK
is generated by [P2 ] and [P3 ], but we need to see if there are any relations
satisfied by these classes. √
If P2 is principal then P2 = (x + y −6) with x, y ∈ Z. Taking norms
this gives 2 = |x2 + 6y 2 |, which is impossible. Similarly P3 is not principal,
so that [P2 ], [P3 ] 6= [OK ] in CK .
Since P22 = (2) we have√[P2 ]2 = [O√ K ], and similarly
√ [P3 ]2 = [OK ].
We next √ observe that −6 = −6.3 − 2. −6√∈ P2 P3 . We also have
NormK/Q ( −6) = 6, and we therefore deduce that ( −6) = P2 P3 . It follows
that [P2 ][P3 ] = [OK ]. Thus [P3 ] = [P2 ]−1 = [P2 ], and CK must be cyclic of
order 2, generated by [P2 ], and hK = 2.

Example 9.4 Find all integer solutions of the equation y 2 + 54 = x3 .

Let x, y ∈ Z be a solution. If y is even then x3 ≡ 54 ≡ 2 mod 4, which
is impossible. If 3|y then 3|x, and on setting x = 3x1 , y = 3y1 we will have

39
y12 + 6 = 3x31 . Hence 3|y1 , and on writing y1 = 3y2 we obtain 3y22 + 2 =
x31 . However 3y22 + 2 ≡ 2 or 5 mod 9 while x31 ≡ 0, 1 or 8 mod 9. This
contradiction shows that we must have y coprime to 3.
It follows that hcf(y, 6) = 1, and hence that√ hcf(x, 6) =√1.
We now use the ideal factorisation (y + 3 −6)(y − 3 −6) = (x)3 . We
proceed to show that the factors
√ on the left
√ are coprime. √If a prime ideal P
divides
√ both factors then 6 −6 = √ {y + 3 −6} − {y − 3 −6} ∈ P , and so
P |(6 −6) = P23 P33 . (Recall
√ that ( −6) = P2 P3 .) Thus P can only be P2
or P3 . However P |(y + 3 −6) implies P |(x)3 , and on taking norms we find
that N (P )|x6 , which is impossible,
√ since hcf(x,
√ 6) = 1.
It follows that (y + 3 −6) and (y − 3 −6) are coprime as ideals of OK .
By unique factorisation of ideals we have
√
(y + 3 −6) = I 3
for some ideal I. Since I 3 is principal we have [I]3 = [OK ], the identity
in CK . However we know from above that hK = 2 (giving [I]2 = [OK ] by
Lagrange’s Theorem), and so we must have [I] = [OK ]. Thus I is principal,
so that I = (α) for some √ α ∈ OK . √
It follows that (y + 3 −6) = (α)3 = (α3 ), giving y + 3 −6 = uα3 with
u a unit. (Recall√ that if (α) = (β) then α = uβ for some unit u ∈ OK .)
For K = Q( −6) the only units in OK are u = ±1, and for both of these
we have u = u3 . It follows that
√ √
y + 3 −6 = {uα}3 = {a + b −6}3 ,
√
say. Equating the coefficient of −6 on both sides gives 3 = b{3a2 − 6b2 },
and so 1 = b{a2 − 2b2 }. Hence b = −1 and a2 = 1, giving y = a3 − 18b2 a =
a{a2 − 18b2 } = ±17. With these y the only possible x is 7, so that the
complete solution is x = 7, y = ±17.
√ √
Example 9.5 Let K = Q( −163), so that OK = Z[ 12 (1 + −163)] and
2√
cK = 163 ≈ 8.13 < 9.
π
Thus the class group CK is generated by the classes of prime ideals dividing
(2), (3), (5) and (7), so we proceed to factor
√ (2), (3), (5) and (7) in OK .
The minimal polynomial of 21 {1 + −163} is x2 − x + 41. However we
find that x2 − x + 41 ≡ x2 + x + 1 mod 2, which is irreducible. Thus (2) is
inert, so that the only prime ideal above 2 is (2), which is principal.

40
 For p = 3, 5 and 7 it is enough to consider the factorisation of
√the polyno-
2
mial x + 163 mod p, since p does not divide the index [OK : Z[ −163]] = 2.

• x2 + 163 ≡ x2 + 1 mod 3, which is irreducible. Hence (3) is inert.

• x2 + 163 ≡ x2 + 3 mod 5, which is irreducible. Hence (5) is inert.

• x2 + 163 ≡ x2 + 2 mod 7, which is irreducible. Hence (7) is inert.

Thus the only relevant prime ideals are all principal; hence CK is trivial
and hK = 1. It follows that OK is a UFD. However, it is not a Euclidean
domain. (For this non-examinable fact see S&T, Theorem 4.18)
Note: it is known that there are only finitely many imaginary quadratic
fields K with hK = 1 (the proof of this is hard!). On the other hand it is
conjectured that OK is a UFD for infinitely many real quadratic fields.
√
Proposition 9.6. The fact that hK = 1 for K = Q( −163) implies that
n2 + n + 41 is prime for 0 6 n 6 39.

Proof. Suppose n2 + n + 41 is not prime for some n < 40. Now n2 + n + 41 <
412 , and so n2 + n + 41 must have a prime factor q < 41.
Now
√ √
  
2 1
1

q|n + n + 41 = n + 1 + −163 n+ 1 − −163 .
2 2

However q clearly does not divide either factor in OK , and so q cannot be

prime in OK . Since we are in a UFD, it follows that q cannot be irreducible.
Thus q = αβ where NormK/Q (α) = NormK/Q (β) = q.
If √
1 + −163
α=x+y , x, y ∈ Z,
2
then  y 2  y 2
q = NormK/Q (α) = x + + 163 .
2 2
Since q is not a square we have y 6= 0, and we deduce that q > 163/4 > 40,
which gives a contradiction.
For similar reasons

41
 √
• n2 + n + 17 is prime for 0 6 n 6 15 (consider Q( −67)).
√
• n2 + n + 11 is prime for 0 6 n 6 9 (consider Q( −43)).
√
• n2 + n + 5 is prime for 0 6 n 6 3 (consider Q( −19)).
√
• n2 + n + 3 is prime for 0 6 n 6 1 (consider Q( −11)).

Example 9.7 [Paper

√ B9 2005] Find the structure of the ideal class group
of OK for K = Q( −29). √
Since −29 ≡ 3 mod 4 we have OK = Z[ −29], and ∆2 (K) = −4 × 29 =
−116. Moreover n = 2 and s = 1, so that

2 √
 
cK = 116 ≈ 6.9 < 7.
π

Thus CK is generated by the classes of prime ideals dividing (2), (3) and (5).
We need to factor (2), (3), (5) in OK , using Theorem 7.2.
√
• x2 + 29 ≡ (x + 1)2 mod 2, so that (2) = P22 where P2 := (2, −29 + 1)
is a prime ideal of norm 2.

• x2 + 29 ≡√x2 − 1 ≡ (x + 1)(x − 1)√mod 3, so that (3) = P3 P3′ where

P3 := (3, −29 + 1) and P3′ := (3, −29 − 1) are distinct prime ideals
of norm 3.

• x2 + 29 ≡√x2 − 1 ≡ (x + 1)(x − 1) √
mod 5, so that (5) = P5 P5′ with
P5 := (5, −29 + 1) and P5′ := (5, −29 − 1) being distinct prime
ideals of norm 5.

We have [P2 ]2 = [P3 ][P3′ ] = [P5 ][P5′ ] = [OK ]. Hence CK is generated by

[P2 ], [P3 ], [P5 ].
We proceed to find the orders of these elements, and relations between
them: √
We have NormK/Q (x + y −29) = x2 + 29y 2 , so there are no elements in
OK of norms ±2, ±3, ±5. Thus P2 , P3 , P5 are not principal, and [P2 ] must
have order 2.
The only element α ∈ OK of norm ±9 is ±3. Thus if P32 = (α) we
must have P32 = (3) = P3 P3′ . However this would imply P3 = P3′ , giving a
contradiction. Thus the order of [P3 ] is at least 3. Indeed it cannot have

42
order 3 since there are no solutions to x2 + 29y 2 = ±27. We shall come back
to [P3 ] later. √
Turning to√[P5 ], note that 32 +29×22 = 125, so that N ((3+2 −29)) = 53 .
3 2 ′ ′2 ′3
Hence
√ (3 + 2 −29) must √ be one of P5 , P5 P5 , P5 P5 or P5 . However√ 2+
2 −29 ∈ P5 , giving 3+2 √ −29 ∈
6 P 5 . Hence P5 does not divide (3+2 −29).
′3
It follows
√ that (33 + 2 −29) = P5 , and, taking conjugates, we also have
(3−2 −29) = P5 . Hence [P5 ] has order dividing 3. Since P5 is not principal,
it must have order exactly 3. √ √
Finally we note that 30 = {1 + −29}{1 − −29}. Thus
√ √
(2)(3)(5) = (1 + −29)(1 − −29).

Now (2)(3)(5)√= P22 P3 P3′ P5 P5′ . So, in order to have the correct norm, we
see that (1 ± −29) must be one of P2 P3 P5 , P2 P3′ P5 , P2 P3 P5′ or P2 P3′ P5′ . It
follows that at least one of these products is principal, and so one or other
(and hence both) of [P3 ] and [P3′ ] = [P3 ]−1 is in the group generated by [P2 ]
and [P5 ].
We conclude that CK is an abelian group generated by an element of
order 2 and√an element of order 3. Thus it is cyclic of order 6. (In fact
Norm(2√ ± 5 −29)6 = 729 = √ 36 , and by the argument above we find that
(2 + 5 −29) = P3 and (2 − 5 −29) = P3′ 6 .)
√
Example 9.8 [Paper B9 2005] Let K = Q( −37). Given that hK = 2,
prove there are no integral solutions of the equation y 2 = x3 − 37.
Suppose that x, y ∈ Z are such that y 2 + 37 = x3 . Then as ideals we have
√ √
(y + −37)(y − −37) = (x)3 .
√ √
We claim that (y + −37) and (y − −37)√are coprime ideals. For suppose
that
√ a prime ideal P divides √ both. Then y ± −37 ∈ P , so that the difference
2 −37√∈ P . Hence P |(2 −37), and since P is prime we conclude that P |(2)
or P |( −37). √
Since OK = Z[ −37], we may factor (p) = (2) and (p) = (37) in OK
by using the decomposition of X 2 + 37 modulo p. √We have X 2 + 37 ≡
(X + 1)2 mod 2, giving (2) = P22 , where P2 := (2, 1 + −37) is a prime
√ ideal
2 2
of norm 2. Similarly√X + 37 ≡ X mod 37 and hence (37) = (37, −37)2 =
2
P37 , where P37 := ( −37) is prime of norm 37. √ √
It follows that if P is a common factor of (y√+ −37) and (y − −37)
then P = P2 or P37 . In either case, since P |(y + −37), we have P |(x)3 and

43
taking norms we get 2|x6 or 37|x6 respectively. Hence either 2|x or 37|x, as
appropriate.
Suppose firstly that P = P37 . Then 37|x, and since x3 = y 2 + 37 we
must also have 37|y. Thus 372 divides x3 − y 2 = 37, which is impossible.
Alternatively if P = P2 , so that 2|x, we will have 8|x3 . The equation y 2 +37 =
x3 then implies 2
√ that y + 1 ≡ √ 0 mod 4, which is impossible.
Thus (y + −37) and (y − −37) are coprime ideals as claimed. However
their product is (x)3 , which is a cube. Hence by unique factorisation of ideals,
each of the two factors is a cube. In particular,
√
(y + −37) = I 3

for some ideal I. Since I 3 is principal, the order of [I] in CK divides 3.

However hK = 2, so I must be principal. Thus
√ √
(y + −37) = (a + b −37)3
√ √
for some a, b ∈ Z. Hence y + −37 = u(a + b −37)3 for some unit u ∈ OK .
However the only units are u = ±1, which satisfy u = u3 . Hence, on replacing
a, b by −a, −b if u = −1, we may assume that u = 1. Expanding and
comparing coefficients we obtain

y = a{a2 − 111b2 }, 1 = b{3a2 − 37b2 }.

The second equation implies that b = ±1 and 3a2 −37 = ±1. Hence 3a2 = 38
or 36, both of which are impossible.
Hence there are no solutions in integers.

10 The equation x3 + y 3 = z 3
In this section we will establish “Fermat’s Last Theorem” for cubes, that
x3 + y 3 = z 3 has no nontrivial√(x, y, z all nonzero) solutions in Z.
We shall work in K = Q( −3). It is convenient to write
√
ω = (−1 + −3)/2,

so that OK = Z[ω]. We begin by collecting together some basic facts.

√ √
Lemma 10.1. Let K = Q( −3) and ω = (−1 + −3)/2.

44
 (i) We have ω 3 = 1. Moreover the set of units of OK is {±1, ±ω, ±ω 2 }.
(ii) The ring OK is a UFD.
√
(iii) The element λ := −3 is prime, with norm 3. Moreover we have
λ = ω(1 − ω) = (−ω 2 )(1 − ω 2 ).
Proof. (i) To find the unit group we note that
NormK/Q (a + bω) = a2 − ab + b2 , a, b ∈ Z.
Thus if NormK/Q (a + bω) = 1 then (2a − b)2 + 3b2 = 4, giving solu-
tions (a, b) = ±(1, 0), ±(0, 1) and ±(1, 1), which produce the six units
specified in the lemma.
(ii) See Problem sheet 2.
(iii) Trivial.

Lemma 10.2. If α ∈ Z[ω] and λ does not divide α, then α3 ≡ ±1 mod λ4 .

We may use congruences in Z[ω] in precisely the same way as we are used
to in Z. In particular α ≡ β mod γ means that γ|α − β.
Proof. Since N ((λ)) = 3 the quotient Z[ω]/(λ) has 3 elements, which are
clearly 0 + (λ), 1 + (λ) and −1 + (λ), since these are distinct. It follows that
α + (λ) = ±1 + (λ), so that we may write α = ±1 + λµ for some µ ∈ Z[ω].
We now have
α3 = ±1 + 3µλ ± 3µ2 λ2 + µ3 λ3 = ±1 − µλ3 ∓ µ2 λ4 + µ3 λ3 ,
so that α3 ≡ ±1 + (µ3 − µ)λ3 mod λ4 .
However the coset µ + (λ) must be one of 0 + (λ), 1 + (λ) or −1 + (λ), so
that µ ≡ 0 or ±1 mod λ. It follows that µ3 ≡ µ mod λ whichever of these 3
cases holds. This yields λ|µ3 − µ and so α3 ≡ ±1 mod λ4 as required.
To prove the non-existence of nontrivial solutions in Z to x3 +y 3 = z 3 , it is
sufficient to prove there are none in Z[ω]; if there were a non-trivial solution
in Z[ω], we could remove any common factor from x, y and z; indeed any two
of the variables would then have to be coprime (since any common factor of
two of x, y, z would also divide the remaining variable). We shall first show
that at least one variable must be divisible by λ and then that we cannot
have any variable divisible by λ, to obtain a contradiction.

45
Lemma 10.3. If α3 + β 3 = γ 3 with α, β, γ ∈ Z[ω], then λ divides at least
one of α, β or γ.

Proof. If λ divides none of α, β, γ then Lemma 10.2 yields

0 = α3 + β 3 − γ 3 ≡ (±1) + (±1) − (±1) ≡ ±3 or ± 1 mod λ4 .

However λ4 = (−3)2 = 9 which does not divide ±3 or ±1.

We shall now, over the next few lemmas, show that cannot have precisely
one variable divisible by λ.

Lemma 10.4. Let

α3 + β 3 = µλ3n γ 3
with n ∈ N, with µ a unit of Z[ω] and α, β, γ ∈ Z[ω] with α, β coprime and
γ not divisible by λ. Then n > 2.

Proof. If either of α or β is a multiple of λ then the equation shows that

both are, since n > 1. However this is impossible, as α and β are assumed to
be coprime. Thus neither of them is divisible by λ. Now Lemma 10.2 yields

µλ3n γ 3 = α3 + β 3 ≡ (±1) + (±1) ≡ ±2 or 0 mod λ4 ,

so that n 6= 1.

Lemma 10.5. Under the conditions of the previous lemma each of the ele-
ments α + β, α + ωβ and α + ω 2 β is divisible by λ. Moreover the quotients

α + β α + ωβ α + ω 2 β
, ,
λ λ λ
are coprime in pairs.

Proof. We have

λ|α3 + β 3 = (α + β)(α + ωβ)(α + ω 2 β),

so that λ must divide at least one of these factors. However λ is an associate

of 1 − ω and 1 − ω 2 by Lemma 10.1. Hence

α + β ≡ α + ωβ ≡ α + ω 2 β mod λ.

46
It follows that all three factors are divisible by λ.
Moreover if δ divides both α + β and α + ωβ then it divides

(α + ωβ) − (α + β) = (ω − 1)β

and also
(α + ωβ) − ω(α + β) = (1 − ω)α.
Hence δ|ω − 1, since α and β are coprime. Similarly if δ divides both α + β
and α + ω 2 β then δ|ω 2 − 1, while if δ divides both α + ωβ and α + ω 2 β then
δ|ω 2 − ω. It follows in all three cases that δ|λ, since ω − 1, ω 2 − 1 and ω 2 − ω
are each associates of λ. The second assertion of the lemma then follows.

Theorem 10.6. The equation

α3 + β 3 = µλ3n γ 3

with n ∈ N and µ a unit of Z[ω] has no solutions α, β, γ ∈ Z[ω] with α, β

coprime and γ not divisible by λ.

Proof. We assume we have an admissible solution to

α3 + β 3 = µλ3n γ 3 ,

with the minimal possible value of n. Then

µλ3n γ 3 = (α + β)(α + ωβ)(α + ω 2 β)

and the previous two lemmas allow us to write

α + ω2β
   
3(n−1) 3 α+β α + ωβ
µλ γ =
λ λ λ

with coprime factors on the right, belonging to Z[ω]. Since the factors are
coprime there is one factor, (α + ω j β)/λ say, which is divisible by λ3(n−1) .
Write ν = ω j β; then:

α + ω2ν
   
3 α+ν α + ων
µγ =
λ3n−2 λ λ

with coprime factors on the right.

47
 We now use the fact that Z[ω] is a UFD. We have three coprime factors
whose product is a unit times a cube, and we deduce that each factor must
be a unit times a cube, say

α+ν 3 ω{α + ων} 3 ω 2 {α + ω 2 ν}

= µ γ
1 1 , = µ γ
2 2 , = µ3 γ33 ,
λ3n−2 λ λ
with γ = γ1 γ2 γ3 (and where µ2 , µ3 have absorbed the extra factors ω, ω 2 ,
respectively). We now observe that

µ1 λ3(n−1) γ13 + µ2 γ23 + µ3 γ33

= λ−1 {(α + ν) + (ωα + ω 2 ν) + (ω 2 α + ων)}
= 0,

since 1 + ω + ω 2 = 0. We therefore obtain an equation

γ23 + µ′ γ33 = µ′′ λ3(n−1) γ13

for appropriate units µ′ and µ′′ . Moreover γ2 and γ3 are coprime, since
(α + ων)/λ and (α + ω 2 ν)/λ were coprime; and λ does not divide γ1 since it
did not divide γ.
After Lemma 10.4 we know that n > 2, so that n − 1 > 1 and

γ23 + µ′ γ33 ≡ 0 mod λ3 .

From Lemma 10.2 we deduce that µ′ ≡ ±1 mod λ3 . However λ3 does not

divide any of ω ± 1 or ω 2 ± 1 since these are either units or associates of λ.
Thus only µ′ = ±1 is possible. Hence, finally, we obtain an equation of the
form
γ23 + (µ′ γ3 )3 = µ′′ λ3(n−1) γ13 ,
contradicting the supposed minimality of n. This concludes the proof of the
theorem.
We are now in a position to prove our desired result.

Theorem 10.7. The equation x3 + y 3 = z 3 has no nontrivial (x, y, z all

nonzero) solutions in Z.

48
Proof. Any such solution must also give a solution in Z[ω]. Remove any
common factor from x, y, z, which means they must be coprime in pairs
(since any common factor of two of x, y, z would also divide the remaining
variable). By Lemma 10.3, at least one of x, y, z must be a multiple of λ,
and indeed only one, since the variables are coprime in pairs. We extract
the largest possible power of λ from this variable, λn say, and use µ = 1
(and replace some of x, y, z with −x, −y, −z, as needed) to put the equation
into the form described in Theorem 10.6, which we have shown to have no
solution.

49