Proof. These are straightforward verifications from the definitions. For (1), \(a \mid b\) means \(b = ar\) for some \(r \in R\), which says exactly that \(b \in \langle a \rangle\), and \(b \in \langle a \rangle\) if and only if every multiple of \(b\) is a multiple of \(a\), i.e., \(\langle b \rangle \subseteq \langle a \rangle\). Parts (2)-(4) follow directly from (1). For (5), if \(a \sim b\) then \(b = au\) and \(a = bv\) for some \(u, v \in R\), so \(a = auv\), and since \(R\) is an integral domain and \(a \neq 0\) (the case \(a = b = 0\) being trivial), we get \(uv = 1\), so \(u\) is a unit. The converse is immediate. ∎

Proof. Since \(a \sim b\), we have \(a \mid b\) and \(b \mid a\), so \(\langle a \rangle = \langle b \rangle\). Parts (1) and (2) follow from Theorem 1.2. For (3), if \(a\) is irreducible and \(b = cd\) for some \(c, d \in R\), then since \(a = bu\) for some unit \(u\), we have \(a = cdu\), and since \(a\) is irreducible, one of \(c\) or \(du\) must be a unit; if \(du\) is a unit then \(d\) is a unit, and if \(c\) is a unit then \(c\) is a unit, so \(b\) is irreducible. For (4), suppose \(a\) is prime and \(b \mid cd\). Since \(a \sim b\), we have \(a \mid cd\), so \(a \mid c\) or \(a \mid d\), giving \(b \mid c\) or \(b \mid d\). ∎

Proof. Let \(p \in R\) be prime. Since \(p\) is a non-zero non-unit, suppose \(p = ab\) for some \(a, b \in R\). Then \(p \mid ab\), so \(p \mid a\) or \(p \mid b\). Say \(p \mid a\), so \(a = pc\) for some \(c \in R\). Then \(p = ab = pcb\), and since \(R\) is an integral domain and \(p \neq 0\), we get \(cb = 1\), so \(b\) is a unit. Thus \(p\) is irreducible. ∎

Proof. For (1), suppose \(a\) is prime. Then \(a\) is a non-zero non-unit, so \(\langle a \rangle \neq \{0\}\) and \(\langle a \rangle \neq R\). If \(bc \in \langle a \rangle\), then \(a \mid bc\), so \(a \mid b\) or \(a \mid c\), meaning \(b \in \langle a \rangle\) or \(c \in \langle a \rangle\). Conversely, if \(\langle a \rangle\) is a non-zero prime ideal, then \(a \neq 0\) and \(a\) is not a unit (since \(\langle a \rangle \neq R\)), and if \(a \mid bc\) then \(bc \in \langle a \rangle\), so \(b \in \langle a \rangle\) or \(c \in \langle a \rangle\), meaning \(a \mid b\) or \(a \mid c\).

For (2), suppose \(a\) is irreducible and \(\langle a \rangle \subseteq \langle b \rangle\) for some non-zero \(b \in R\). Then \(b \mid a\), so \(a = bc\) for some \(c \in R\). Since \(a\) is irreducible, either \(b\) or \(c\) is a unit. If \(b\) is a unit, then \(\langle b \rangle = R\). If \(c\) is a unit, then \(a \sim b\) and \(\langle a \rangle = \langle b \rangle\). Conversely, if \(\langle a \rangle\) is maximal among non-zero principal ideals and \(a = bc\), then \(\langle a \rangle \subseteq \langle b \rangle\), so either \(\langle a \rangle = \langle b \rangle\) (meaning \(b \sim a\), so \(c\) is a unit) or \(\langle b \rangle = R\) (meaning \(b\) is a unit). ∎

Proof. Suppose that \(P\) is prime. Since \(P \neq R\), we have \(1 \notin P\), so \(1 + P \neq 0 + P\) in \(R/P\). Since \(R\) is commutative, so is \(R/P\). For the absence of zero divisors, let \(a, b \in R\) and suppose \((a+P)(b+P) = 0 + P\). Then \(ab + P = 0 + P\), so \(ab \in P\). Since \(P\) is prime, \(a \in P\) or \(b \in P\), giving \(a + P = 0 + P\) or \(b + P = 0 + P\).

Conversely, suppose \(R/P\) is an integral domain. Since \(1 + P \neq 0 + P\), we have \(1 \notin P\), so \(P \neq R\). Let \(a, b \in R\) with \(ab \in P\). Then \((a+P)(b+P) = ab + P = 0 + P\). Since \(R/P\) has no zero divisors, \(a + P = 0 + P\) or \(b + P = 0 + P\), so \(a \in P\) or \(b \in P\). ∎

Proof. Suppose \(M\) is maximal. Since \(M \neq R\), we have \(1 + M \neq 0 + M\) in \(R/M\), and \(R/M\) is commutative since \(R\) is. Let \(a + M\) be a nonzero element of \(R/M\). We must show it is a unit. Since \(a + M \neq 0 + M\), we have \(a \notin M\), so \(M \subsetneq M + \langle a \rangle\). Since \(M\) is maximal, \(M + \langle a \rangle = R\). In particular, \(1 \in M + \langle a \rangle\), say \(1 = m + ar\) for some \(m \in M\) and \(r \in R\). Then \(1 + M = ar + M = (a+M)(r+M)\), so \(r + M\) is the inverse of \(a + M\).

Conversely, suppose \(R/M\) is a field. Since \(1 + M \neq 0 + M\), we have \(M \neq R\). Let \(I\) be an ideal with \(M \subseteq I \subseteq R\) and \(I \neq M\). Choose \(a \in I\) with \(a \notin M\). Then \(a + M \neq 0 + M\) in \(R/M\), so \(a + M\) has an inverse: \((a+M)(b+M) = 1 + M\) for some \(b\). Then \(1 - ab \in M \subseteq I\), and since \(a \in I\) we have \(ab \in I\), so \(1 \in I\), giving \(I = R\). ∎

Proof. Let \(R\) be a Euclidean domain with norm \(E\). Let \(A\) be an ideal in \(R\). If \(A = \{0\}\), then \(A = \langle 0 \rangle\) is principal. Suppose \(A \neq \{0\}\). Choose a nonzero element \(a \in A\) of smallest possible Euclidean norm. We claim \(A = \langle a \rangle\). Since \(a \in A\), we have \(\langle a \rangle \subseteq A\). Let \(b \in A\). Choose \(q, r \in R\) such that \(b = qa + r\) and either \(r = 0\) or \(E(r) < E(a)\). Note that \(r = b - qa \in A\), so by the minimality of \(E(a)\) we must have \(r = 0\). Thus \(b = qa \in \langle a \rangle\). ∎

Proof. Let \(R\) be a principal ideal domain and let \(\langle a_1 \rangle \subseteq \langle a_2 \rangle \subseteq \langle a_3 \rangle \subseteq \cdots\) be an ascending chain of ideals. Let \(A = \bigcup_{k=1}^{\infty} \langle a_k \rangle\). Then \(A\) is an ideal in \(R\), so \(A = \langle a \rangle\) for some \(a \in R\). Since \(a \in A\), we can choose \(n \in \mathbb{Z}^+\) with \(a \in \langle a_n \rangle\). For all \(k \geq n\), we have \(\langle a_k \rangle \subseteq A = \langle a \rangle \subseteq \langle a_n \rangle \subseteq \langle a_k \rangle\), so \(\langle a_k \rangle = \langle a_n \rangle\). ∎

Proof. Let \(R\) be a principal ideal domain and let \(a \in R\) be a nonzero non-unit. We must establish both existence and uniqueness of factorization into irreducibles.

Existence of an irreducible factor. If \(a\) is irreducible, we are done. Otherwise, \(a = a_1 b_1\) where \(a_1, b_1\) are non-units, and \(\langle a \rangle \subsetneq \langle a_1 \rangle\). If \(a_1\) is irreducible, we are done. Otherwise, \(a_1 = a_2 b_2\) with \(a_2, b_2\) non-units, and \(\langle a \rangle \subsetneq \langle a_1 \rangle \subsetneq \langle a_2 \rangle\). Continuing, this process must terminate since \(R\) is Noetherian (Theorem 1.16), yielding an irreducible factor \(a_n\) of \(a\).

Existence of a complete factorization. If \(a\) is irreducible, we are done. Otherwise, let \(a_1\) be an irreducible factor of \(a\), say \(a = a_1 b_1\). Then \(b_1\) is not a unit (since \(a\) is reducible while \(a_1\) is irreducible). If \(b_1\) is irreducible, we are done. Otherwise, let \(a_2\) be an irreducible factor of \(b_1\), say \(b_1 = a_2 b_2\). Continuing, we obtain \(\langle a \rangle \subsetneq \langle b_1 \rangle \subsetneq \langle b_2 \rangle \subsetneq \cdots\). By the Noetherian property, this chain must stabilize, so eventually some \(b_n\) is irreducible and \(a = a_1 a_2 \cdots a_n b_n\).

Uniqueness. Suppose \(a = a_1 a_2 \cdots a_\ell = b_1 b_2 \cdots b_m\) where each \(a_i\) and \(b_j\) is irreducible. Since \(a_1 \mid b_1 b_2 \cdots b_m\), and since \(a_1\) is irreducible in a PID, the ideal \(\langle a_1 \rangle\) is maximal among nonzero principal ideals (Theorem 1.7), hence is a nonzero maximal ideal (in a PID, maximal among principal ideals means maximal), hence prime (Corollary 1.10), so \(a_1\) is prime. Thus \(a_1 \mid b_k\) for some \(k\). After reindexing, we may assume \(a_1 \mid b_1\). Since \(b_1\) is irreducible and \(a_1\) is not a unit, \(a_1 \sim b_1\), say \(b_1 = a_1 u\) for some unit \(u\). Then \(a_1 a_2 \cdots a_\ell = a_1 u b_2 \cdots b_m\), and by cancellation \(a_2 \cdots a_\ell = u b_2 \cdots b_m\). By induction, \(\ell = m\) and \(a_i \sim b_i\) after a suitable permutation of \(b_2, \ldots, b_m\). ∎

Proof. Since \(\mathbb{Z}[i]\) is a Euclidean domain (hence a PID, hence a UFD), primes and irreducibles coincide. The norm \(N : \mathbb{Z}[i] \to \mathbb{N}\) given by \(N(a+bi) = a^2 + b^2\) is multiplicative: \(N(\alpha\beta) = N(\alpha)N(\beta)\). The units in \(\mathbb{Z}[i]\) are exactly the elements of norm 1, i.e., \(\{1, -1, i, -i\}\).

Let \(\pi\) be a prime in \(\mathbb{Z}[i]\). Then \(\pi \mid \pi\bar{\pi} = N(\pi) \in \mathbb{Z}^+\), so \(\pi\) divides some rational prime \(p\). Write \(p = \pi \alpha\) in \(\mathbb{Z}[i]\), so \(p^2 = N(p) = N(\pi)N(\alpha)\). Since \(\pi\) is not a unit, \(N(\pi) > 1\), so \(N(\pi) = p\) or \(N(\pi) = p^2\).

Case 1: \(N(\pi) = p\). Then \(p = a^2 + b^2\) where \(\pi = a + bi\). This requires \(p = 2\) (giving \(\pi \sim 1+i\)) or \(p \equiv 1 \pmod{4}\) (by Fermat’s theorem on sums of two squares).

Case 2: \(N(\pi) = p^2\). Then \(N(\alpha) = 1\), so \(\alpha\) is a unit and \(\pi \sim p\). Taking norms, \(p^2 = N(\pi)\), so \(p\) is irreducible in \(\mathbb{Z}[i]\). If \(p \equiv 1 \pmod{4}\), then \(p = a^2 + b^2\) for some integers \(a, b\), giving \(p = (a+bi)(a-bi)\) with both factors non-units, contradicting irreducibility. If \(p = 2\), then \(2 = -i(1+i)^2\) is not irreducible. Thus \(p \equiv 3 \pmod{4}\).

Conversely, one verifies that each element listed is indeed prime. ∎

Proof. Existence. If \(\deg(f) < \deg(g)\), take \(q = 0\) and \(r = f\). Suppose \(\deg(f) \geq \deg(g)\). Write \(f(x) = \sum_{i=0}^n a_i x^i\) with \(a_n \neq 0\) and \(g(x) = \sum_{i=0}^m b_i x^i\) with \(b_m\) a unit. Then the polynomial \(f(x) - a_n b_m^{-1} x^{n-m} g(x)\) has degree less than \(n\). By induction, there exist \(p, r \in R[x]\) with \(f(x) - a_n b_m^{-1} x^{n-m} g(x) = p(x)g(x) + r(x)\) and \(\deg(r) < \deg(g)\). Setting \(q(x) = a_n b_m^{-1} x^{n-m} + p(x)\) gives \(f = qg + r\).

Uniqueness. Suppose \(f = qg + r = pg + s\) with \(\deg(r), \deg(s) < \deg(g)\). Then \((q-p)g = s - r\). Since the leading coefficient of \(g\) is a unit (hence not a zero divisor), \(\deg((q-p)g) = \deg(q-p) + \deg(g)\). If \(q - p \neq 0\), then \(\deg((q-p)g) \geq \deg(g)\), contradicting \(\deg(s-r) < \deg(g)\). Thus \(q = p\) and \(r = s\). ∎

Proof. By induction on \(n\). If \(\deg(f) = 0\), then \(f\) is a nonzero constant with no roots. Let \(n \geq 1\) and assume every polynomial of degree \(n-1\) has at most \(n-1\) roots. If \(a\) is a root of \(f\), by the Factor Theorem \(f(x) = (x-a)g(x)\) for some \(g \in R[x]\) with \(\deg(g) = n - 1\). By induction, \(g\) has at most \(n-1\) roots. If \(b \neq a\) is another root of \(f\), then \(0 = (b-a)g(b)\), and since \(R\) is an integral domain and \(b - a \neq 0\), we get \(g(b) = 0\). Thus every root of \(f\) other than \(a\) is a root of \(g\), giving at most \(1 + (n-1) = n\) roots total. ∎

Proof. Part (1). If \(f = 0\) or \(g = 0\), then \(c(fg) = 0 = c(f)c(g)\). Suppose \(f, g \neq 0\). Let \(h(x) = \frac{1}{c(f)} f(x)\) and \(k(x) = \frac{1}{c(g)} g(x)\), so \(h, k \in \mathbb{Z}[x]\) with \(c(h) = c(k) = 1\) and \(fg = c(f)c(g)hk\), giving \(c(fg) = c(f)c(g)c(hk)\). It suffices to show \(c(hk) = 1\). \[c_{r+s} = a_0 b_{r+s} + \cdots + a_r b_s + \cdots + a_{r+s} b_0.\]

Since \(p \mid c_{r+s}\) and \(p \mid a_i\) for \(i < r\) and \(p \mid b_j\) for \(j < s\), it follows that \(p \mid a_r b_s\). Since \(p\) is prime, \(p \mid a_r\) or \(p \mid b_s\), contradicting our choices.

Part (2). Let \(g(x) = \frac{1}{c(f)} f(x)\) so \(c(g) = 1\).

Suppose \(g\) is reducible in \(\mathbb{Z}[x]\), say \(g = hk\) with \(h, k\) non-units in \(\mathbb{Z}[x]\). Since \(c(h)c(k) = c(g) = 1\), both \(h\) and \(k\) are primitive, hence nonconstant. Then \(f = c(f)g = c(f) \cdot h \cdot k\), and since \(c(f)h\) and \(k\) are nonconstant in \(\mathbb{Q}[x]\), \(f\) is reducible in \(\mathbb{Q}[x]\).

Conversely, suppose \(f\) is reducible in \(\mathbb{Q}[x]\), say \(f = h \cdot k\) with \(h, k\) nonconstant in \(\mathbb{Q}[x]\). Clearing denominators and dividing out content, write \(h = \frac{c(ah)}{a} p\) and \(k = \frac{c(bk)}{b} q\) where \(p, q \in \mathbb{Z}[x]\) are primitive and nonconstant. Then \(f = c(ah)c(bk) \cdot pq / (ab)\), and comparing content yields \(g = pq\), a product of nonconstant polynomials in \(\mathbb{Z}[x]\). ∎

Proof. From \(f(r/s) = 0\), multiplying by \(s^n\) gives \[0 = c_0 s^n + c_1 s^{n-1} r + \cdots + c_n r^n.\] Thus \(r \mid c_0 s^n\). Since \(\gcd(r, s) = 1\), we have \(\gcd(r, s^n) = 1\), so \(r \mid c_0\). Similarly, \(s \mid c_n r^n\) and \(\gcd(s, r^n) = 1\) give \(s \mid c_n\). ∎

Proof. We prove the contrapositive. Suppose \(f\) is reducible in \(\mathbb{Q}[x]\). By Corollary 1.28, choose nonconstant \(g, h \in \mathbb{Z}[x]\) with \(f = gh\). Write \(g(x) = \sum a_i x^i\) with leading coefficient \(a_k \neq 0\) and \(h(x) = \sum b_i x^i\) with leading coefficient \(b_\ell \neq 0\), where \(k, \ell \geq 1\). Since \(c_n = a_k b_\ell\) and \(p \nmid c_n\), we have \(p \nmid a_k\) and \(p \nmid b_\ell\). Thus \(\bar{g}\) has degree \(k\) and \(\bar{h}\) has degree \(\ell\), both nonconstant, and \(\bar{f} = \bar{g}\bar{h}\) is reducible in \(\mathbb{Z}_p[x]\). ∎

Proof. Suppose for contradiction that \(f\) is reducible in \(\mathbb{Q}[x]\). By Corollary 1.28, write \(f = gh\) with \(g(x) = \sum_{i=0}^k a_i x^i\) and \(h(x) = \sum_{i=0}^\ell b_i x^i\) nonconstant in \(\mathbb{Z}[x]\). Since \(c_0 = a_0 b_0\) and \(p \mid c_0\) but \(p^2 \nmid c_0\), exactly one of \(a_0, b_0\) is divisible by \(p\). Say \(p \mid a_0\) and \(p \nmid b_0\).

Since \(p \mid c_1 = a_0 b_1 + a_1 b_0\) and \(p \mid a_0\), we get \(p \mid a_1 b_0\), and since \(p \nmid b_0\), we get \(p \mid a_1\). Continuing inductively, \(p \mid c_j\) for \(j < n\) and \(p \mid a_i\) for \(i < j\) together imply \(p \mid a_j b_0\), hence \(p \mid a_j\). In particular, \(p \mid a_k\). But then \(p \mid a_k b_\ell = c_n\), contradicting \(p \nmid c_n\). ∎

Proof. Let \(U = \{u_i\}\) be a basis for \(K/F\) and \(V = \{v_j\}\) a basis for \(L/K\). We show \(W = \{u_i v_j\}\) is a basis for \(L/F\).

Spanning. Let \(a \in L\). Since \(V\) spans \(L/K\), write \(a = \sum_j s_j v_j\) with \(s_j \in K\). Since \(U\) spans \(K/F\), write each \(s_j = \sum_i r_{ij} u_i\) with \(r_{ij} \in F\). Then \(a = \sum_{i,j} r_{ij} u_i v_j\), so \(W\) spans \(L/F\).

Linear independence. Suppose \(\sum_{i,j} r_{ij} u_i v_j = 0\) with \(r_{ij} \in F\). Then \(\sum_j \left(\sum_i r_{ij} u_i\right) v_j = 0\). Since each \(\sum_i r_{ij} u_i \in K\) and \(V\) is linearly independent over \(K\), we get \(\sum_i r_{ij} u_i = 0\) for each \(j\). Since \(U\) is linearly independent over \(F\), we get \(r_{ij} = 0\) for all \(i, j\). ∎

Proof. Consider the evaluation homomorphism \(\phi : F[x] \to K\) defined by \(\phi(g) = g(a)\). Its image is \(F[a]\) and its kernel is \(\ker(\phi) = \{g \in F[x] : g(a) = 0\}\).

(1) If \(a\) is transcendental, then \(\ker(\phi) = \{0\}\), so \(\phi\) is injective and \(F[a] \cong F[x]\). Since \(F[x]\) is an integral domain, \(F(a)\) is its field of fractions, isomorphic to \(F(x)\).

(2) If \(a\) is algebraic, then \(\ker(\phi) \neq \{0\}\). Since \(F[x]\) is a PID, \(\ker(\phi) = \langle f \rangle\) for some monic polynomial \(f\). We claim \(f\) is irreducible. If \(f = gh\) with \(g, h\) nonconstant, then \(0 = f(a) = g(a)h(a)\). Since \(K\) is a field (hence an integral domain), \(g(a) = 0\) or \(h(a) = 0\), contradicting the minimality of \(\deg(f)\) among nonzero elements of \(\ker(\phi)\). By the first isomorphism theorem, \(F[a] \cong F[x]/\langle f \rangle\). Since \(f\) is irreducible in the PID \(F[x]\), \(\langle f \rangle\) is maximal, so \(F[x]/\langle f \rangle\) is a field, giving \(F[a] = F(a)\). The images of \(1, x, \ldots, x^{n-1}\) form a basis for \(F[x]/\langle f \rangle\), so \(\{1, a, \ldots, a^{n-1}\}\) is a basis for \(F(a)/F\). ∎

Proof. Since \(f(a) = 0\) and \(f(x) \in F[x] \subseteq K[x]\), and since \(g\) generates the kernel of evaluation at \(a\) in \(K[x]\), we have \(g \mid f\) in \(K[x]\). ∎

Proof. If \([K : F] = n < \infty\), then any \(a \in K\) satisfies a nontrivial \(F\)-linear relation among \(\{1, a, \ldots, a^n\}\), so \(a\) is algebraic over \(F\). Moreover, any basis \(\{u_1, \ldots, u_n\}\) generates \(K\) as a field over \(F\). Conversely, if \(K = F(a_1, \ldots, a_m)\) with each \(a_i\) algebraic, then by the tower law applied to the chain \(F \subseteq F(a_1) \subseteq F(a_1, a_2) \subseteq \cdots \subseteq K\), each step has finite degree, so \([K : F]\) is finite. ∎

Proof. Let \(a \in L\). Since \(a\) is algebraic over \(K\), choose a polynomial \(f(x) = \sum_{i=0}^n c_i x^i \in K[x]\) with \(f(a) = 0\). Consider the tower \[F \subseteq F(c_0) \subseteq F(c_0, c_1) \subseteq \cdots \subseteq F(c_0, \ldots, c_{n-1}) \subseteq F(c_0, \ldots, c_{n-1}, a).\] Each \(c_i\) is algebraic over \(F\), so each step \(F(c_0, \ldots, c_{i-1}) \subseteq F(c_0, \ldots, c_i)\) has finite degree. The final step also has finite degree since \(a\) is a root of \(f(x) \in F(c_0, \ldots, c_{n-1})[x]\). By the tower law, \([F(c_0, \ldots, c_{n-1}, a) : F]\) is finite, so \(a\) is algebraic over \(F\). ∎

Proof. If \(\phi \in \operatorname{Aut}_K(L)\), then \(\phi(L) = L\). Conversely, suppose \(\phi(L) \subseteq L\). Since \(\phi\) fixes \(K\), we have \(K \subseteq \phi(L)\). Since \(\phi : L \to \phi(L)\) is a \(K\)-fixing isomorphism, if \(\{u_1, \ldots, u_n\}\) is a basis for \(L/K\), then \(\{\phi(u_1), \ldots, \phi(u_n)\}\) is a basis for \(\phi(L)/K\). Thus \([\phi(L) : K] = [L : K]\). Since \(K \subseteq \phi(L) \subseteq L\) and \([\phi(L) : K] = [L : K]\), we get \(\phi(L) = L\). ∎

Proof. Suppose \(f(x)\) has a multiple root \(a \in \mathbb{C}\), so \((x-a)^2 \mid f(x)\) in \(\mathbb{C}[x]\). Then \((x-a) \mid f'(x)\) in \(\mathbb{C}[x]\). Let \(d(x) = \gcd(f(x), f'(x))\) in \(K[x]\), computed via the Euclidean algorithm. Since \((x-a)\) divides both \(f\) and \(f'\) in \(\mathbb{C}[x]\), we have \(\deg(d) \geq 1\). Since \(d \mid f'\) and \(\deg(f') = \deg(f) - 1\), we have \(\deg(d) < \deg(f)\). Since \(d \mid f\) in \(K[x]\) with \(1 \leq \deg(d) < \deg(f)\), the polynomial \(f\) is reducible in \(K[x]\), a contradiction. ∎

Proof. Let \(\phi : K \to \mathbb{C}\) be an embedding and let \(f(x) = \sum_{i=0}^n c_i x^i \in K[x]\) be the minimal polynomial of \(a\) over \(K\). Define \(g(x) = \sum_{i=0}^n \phi(c_i) x^i \in \phi(K)[x]\). Since \(\phi : K \to \phi(K)\) is an isomorphism, and \(f\) is irreducible of degree \(n\) in \(K[x]\), the polynomial \(g\) is irreducible of degree \(n\) in \(\phi(K)[x]\). By separability (Theorem 2.13), \(g\) has \(n\) distinct roots \(b_1, b_2, \ldots, b_n\) in \(\mathbb{C}\).

Let \(\psi : K(a) \to \mathbb{C}\) be any embedding extending \(\phi\). Since \(\psi(c_i) = \phi(c_i)\), applying \(\psi\) to \(f(a) = 0\) gives \(g(\psi(a)) = 0\). Thus \(\psi(a)\) must be one of \(b_1, \ldots, b_n\).

\[\psi_k\left(\sum_{i=0}^{n-1} r_i a^i\right) = \sum_{i=0}^{n-1} \phi(r_i) b_k^i\]

defines an embedding \(\psi_k : K(a) \to \mathbb{C}\) extending \(\phi\) with \(\psi_k(a) = b_k\). This is well-defined since \(\{1, a, \ldots, a^{n-1}\}\) is a basis for \(K(a)/K\), and one verifies it is an injective ring homomorphism. Thus there are exactly \(n\) extensions. ∎

Proof. By the Primitive Element Theorem (Theorem 2.17), \(L = K(a)\) for some \(a \in L\). The result follows from Theorem 2.14. Alternatively, one can prove this by induction on \([L:K]\): if \([L:K] > 1\), pick \(a \in L \setminus K\) and apply Theorem 2.14 to the extension \(K(a)/K\), then use induction for \(L/K(a)\), with the tower law giving \([L:K(a)] \cdot [K(a):K] = [L:K]\) embeddings in total. ∎

Proof. Since \([L : K]\) is finite, write \(L = K(u_1, u_2, \ldots, u_n)\) for some basis elements \(u_i\). It suffices to show that for any \(u, v \in L\), there exists \(w \in L\) with \(K(u, v) = K(w)\), since then we can inductively reduce the number of generators.

Let \(u, v \in L\). Let \(f(x) \in K[x]\) be the minimal polynomial of \(u\) over \(K\) with roots \(a_1 = u, a_2, \ldots, a_k\) in \(\mathbb{C}\), and let \(g(x) \in K[x]\) be the minimal polynomial of \(v\) over \(K\) with roots \(b_1 = v, b_2, \ldots, b_\ell\) in \(\mathbb{C}\). Choose \(t \in K\) such that \(t \neq -\frac{u - a_i}{v - b_j}\) for any pair of indices \((i, j)\) with \((i,j) \neq (1,1)\). Such a choice is possible since \(K\) is infinite (as it contains \(\mathbb{Q}\)). Let \(w = u + tv\).

Clearly \(w \in K(u, v)\), so \(K(w) \subseteq K(u, v)\). We claim \(K(u, v) \subseteq K(w)\). Consider the polynomial \(h(x) = f(w - tx) \in K(w)[x]\). Note that \(h(v) = f(w - tv) = f(u) = 0\) and \(g(v) = 0\). If \(x \in \mathbb{C}\) is a common root of \(g\) and \(h\), then \(g(x) = 0\) implies \(x = b_j\) for some \(j\), and \(h(x) = 0\) implies \(f(w - tx) = 0\), so \(w - tb_j = a_i\) for some \(i\), giving \(t = \frac{w - a_i}{b_j} = \frac{u + tv - a_i}{b_j}\). If \(b_j \neq v\), then \(t = -\frac{u - a_i}{v - b_j}\) for some \((i, j) \neq (1,1)\), contradicting our choice of \(t\). Thus \(v\) is the only common root of \(g\) and \(h\).

Let \(d(x) = \gcd(g(x), h(x))\) in \(K(w)[x]\). Since \(v\) is the only common root and all roots are simple (by separability), \(d(x) = (x - v)\). Since \(d(x) \in K(w)[x]\), it follows that \(v \in K(w)\). Then \(u = w - tv \in K(w)\), so \(K(u, v) \subseteq K(w)\). ∎

Proof. (1) \(\Leftrightarrow\) (2): By Corollary 2.15, \(|\operatorname{Hom}_K(L, \mathbb{C})| = [L : K]\). Since \(\operatorname{Aut}_K(L) \subseteq \operatorname{Hom}_K(L, \mathbb{C})\), we have \(|\operatorname{Aut}_K(L)| = [L : K]\) if and only if \(\operatorname{Aut}_K(L) = \operatorname{Hom}_K(L, \mathbb{C})\).

(2) \(\Rightarrow\) (3): Suppose \(\operatorname{Hom}_K(L, \mathbb{C}) = \operatorname{Aut}_K(L)\). Let \(a \in L\) and let \(f(x) \in K[x]\) be the minimal polynomial of \(a\) over \(K\), with roots \(a_1 = a, a_2, \ldots, a_m\) in \(\mathbb{C}\). The identity embedding \(\operatorname{id} : K \hookrightarrow \mathbb{C}\) extends to \(m\) embeddings \(\phi_j : K(a) \to \mathbb{C}\) with \(\phi_j(a) = a_j\). Each \(\phi_j\) extends to at least one embedding \(\psi_j : L \to \mathbb{C}\). Since \(\psi_j\) fixes \(K\), we have \(\psi_j \in \operatorname{Hom}_K(L, \mathbb{C}) = \operatorname{Aut}_K(L)\). Therefore \(a_j = \psi_j(a) \in L\) for all \(j\), so \(f\) splits in \(L\).

(3) \(\Rightarrow\) (4): By the Primitive Element Theorem, choose \(a \in L\) with \(L = K(a)\). Let \(f(x)\) be the minimal polynomial of \(a\) with roots \(a_1, \ldots, a_n\). By hypothesis, each \(a_i \in L\), so \(L = K(a) = K(a_1, \ldots, a_n)\) is the splitting field of \(f\).

(4) \(\Rightarrow\) (1): Let \(L\) be the splitting field of \(f(x) \in K[x]\) with roots \(a_1, \ldots, a_n \in L\). We use an inductive construction. If \(f\) splits completely in \(K\), then \(L = K\) and \(|\operatorname{Aut}_K(L)| = 1 = [L:K]\). Otherwise, let \(g_1(x) \in K[x]\) be a nonlinear irreducible factor of \(f\) with roots \(a_{1,1}, \ldots, a_{1,\ell_1}\). The identity extends to \(\ell_1\) embeddings \(\phi_{j_1} : K(a_{1,1}) \to \mathbb{C}\) with \(\phi_{j_1}(a_{1,1}) = a_{1,j_1}\). Since all roots lie in \(L\), the image lands in \(L\). Continuing inductively through a tower \(K \subset K(a_{1,1}) \subset K(a_{1,1}, a_{2,1}) \subset \cdots = L\), we obtain \(\ell_1 \ell_2 \cdots \ell_m = [L:K]\) embeddings, each of which maps \(L\) into \(L\) (since images of roots of \(f\) are roots of \(f\), hence in \(L\)). By Proposition 2.12, these are all automorphisms, giving \(|\operatorname{Aut}_K(L)| = [L:K]\). ∎

Proof. Let \(\sigma : L \hookrightarrow \mathbb{C}\) be an embedding fixing \(K\). By the Primitive Element Theorem, \(L = K(\theta)\) where \(\theta = f(\alpha_1, \ldots, \alpha_n)\) for some \(f \in K[x_1, \ldots, x_n]\). Then \(\sigma(\theta) = f(\sigma(\alpha_1), \ldots, \sigma(\alpha_n))\). Since each \(\sigma(\alpha_i)\) is a conjugate of \(\alpha_i\), hence in \(L\) by hypothesis, we have \(\sigma(\theta) \in L\). Thus \(\sigma(L) \subseteq L\), so \(\sigma \in \operatorname{Aut}_K(L)\) by Proposition 2.12. ∎

Proof. By the Primitive Element Theorem, \(L = K(\theta)\). Let \(\theta_1, \ldots, \theta_n\) be the conjugates of \(\theta\) over \(K\). Set \(H = K(\theta_1, \ldots, \theta_n)\). By Corollary 2.22, \(H\) is normal over \(K\), and clearly \(H \supseteq L\). ∎

Proof. (1) We show \(L^G = K\). Clearly \(K \subseteq L^G\). Since \(L/K\) is normal, every \(K\)-fixing embedding \(\sigma : L \hookrightarrow \mathbb{C}\) is an automorphism of \(L\), i.e., \(\sigma \in G\). So \(\sigma\) fixes \(L^G\). The number of embeddings of \(L\) fixing \(L^G\) is at most \([L : L^G]\), but there are \([L : K]\) of them (since they are all the \(K\)-fixing embeddings). Thus \[[L : K] \leq [L : L^G] \leq [L : K],\] so \([L^G : K] = 1\) and \(L^G = K\). \[f(x) = \prod_{\sigma \in H} (x - \sigma(\alpha)).\]\[[L : K] = [K(\alpha) : K] \leq |H| \leq |G| = [L : K].\]

Therefore \(|H| = |G|\), and since \(H \leq G\), we conclude \(H = G\). ∎

Proof. (i) Since \(L/K\) is normal and \(K \subseteq F \subseteq L\), the extension \(L/F\) is also normal (the conjugates of any element of \(L\) over \(F\) are a subset of its conjugates over \(K\), all of which lie in \(L\)). By Theorem 2.25(1) applied to \(L/F\), we get \(L^{\operatorname{Gal}(L/F)} = F\).

(ii) Let \(H' = \operatorname{Gal}(L/L^H)\). By definition, \(H\) fixes \(L^H\), so \(H \leq H'\). Since \(L/L^H\) is normal (as it is a sub-extension of the normal extension \(L/K\)), and \(H \leq \operatorname{Gal}(L/L^H)\) has \(L^H\) as its fixed field, Theorem 2.25(2) gives \(H = H'\).

\[H \trianglelefteq G \iff \operatorname{Gal}(L/\sigma(F)) = \operatorname{Gal}(L/F) \text{ for all } \sigma \in G \iff \sigma(F) = F \text{ for all } \sigma \in G.\]

The condition \(\sigma(F) = F\) for all \(\sigma \in G\) means exactly that every \(K\)-fixing automorphism of \(L\) maps \(F\) into itself, which (since each such restriction \(\sigma|_F : F \to F\) is an automorphism) is equivalent to \(F/K\) being normal.

When \(H \trianglelefteq G\), the restriction map \(\operatorname{Gal}(L/K) \to \operatorname{Gal}(F/K)\) given by \(\sigma \mapsto \sigma|_F\) is a well-defined group homomorphism (since \(\sigma(F) = F\)). Its kernel is \(\{\sigma \in G : \sigma|_F = \operatorname{id}_F\} = \operatorname{Gal}(L/F) = H\). By the first isomorphism theorem, \(\operatorname{Gal}(F/K) \cong G/H\). ∎

Proof. If the minimal polynomial \(m(x) \in \mathbb{Q}[x]\) of \(\alpha\) already lies in \(\mathbb{Z}[x]\), then \(\alpha\) is visibly an algebraic integer. Conversely, suppose \(\alpha\) is a root of a monic polynomial \(f(x) \in \mathbb{Z}[x]\). Factor \(f(x)\) into monic irreducible factors in \(\mathbb{Z}[x]\), say \(f(x) = g_1(x) g_2(x) \cdots g_k(x)\). Since \(f(\alpha) = 0\), we have \(g_j(\alpha) = 0\) for some index \(j\). Now \(g_j(x)\) is monic and irreducible in \(\mathbb{Z}[x]\), hence irreducible in \(\mathbb{Q}[x]\) by Gauss's Lemma. Therefore \(g_j(x)\) is the minimal polynomial of \(\alpha\) over \(\mathbb{Q}\), and it lies in \(\mathbb{Z}[x]\). ∎

Proof. (i) \(\Rightarrow\) (ii): Suppose \(\alpha\) satisfies a monic polynomial \(f(x) = x^n + a_{n-1}x^{n-1} + \cdots + a_0 \in R[x]\). Then \[\alpha^n = -a_{n-1}\alpha^{n-1} - \cdots - a_0,\] so \(\alpha^n\) lies in the \(R\)-module \(M\) generated by \(\{1, \alpha, \alpha^2, \ldots, \alpha^{n-1}\}\). Multiplying by \(\alpha\) shows that \(\alpha^{n+1} \in M\) as well, and by induction every power of \(\alpha\) lies in \(M\). Therefore \(R[\alpha] = M\) is finitely generated.

(ii) \(\Rightarrow\) (iii): Take \(T = R[\alpha]\).

\[\alpha t_i = \sum_{j=1}^{n} a_{ij} t_j\]

for some \(a_{ij} \in R\). In matrix form, \((\alpha I_n - A)\mathbf{t} = 0\), where \(A = (a_{ij})\) and \(\mathbf{t} = (t_1, \ldots, t_n)^T\). Multiplying on the left by the adjugate matrix gives \(\det(\alpha I_n - A) \cdot t_i = 0\) for each \(i\). Since \(1 \in T\) is an \(R\)-linear combination of the \(t_i\), we obtain \(\det(\alpha I_n - A) = 0\). Expanding the determinant gives a monic polynomial in \(\alpha\) with coefficients in \(R\). ∎

Proof. Clearly \(0, 1 \in \mathcal{O}_K\). Let \(\alpha, \beta \in \mathcal{O}_K\). Then \(\mathbb{Z}[\alpha]\) is a finitely generated \(\mathbb{Z}\)-module, generated by \(\{1, \alpha, \ldots, \alpha^{a-1}\}\) for some \(a\), and \(\mathbb{Z}[\beta]\) is finitely generated, generated by \(\{1, \beta, \ldots, \beta^{b-1}\}\). The ring \(\mathbb{Z}[\alpha, \beta]\) is then generated as a \(\mathbb{Z}\)-module by the finite set \(\{\alpha^i \beta^j : 0 \le i \le a-1, \, 0 \le j \le b-1\}\).

Now \(\mathbb{Z}[\alpha + \beta]\), \(\mathbb{Z}[\alpha - \beta]\), and \(\mathbb{Z}[\alpha\beta]\) are all subrings of \(\mathbb{Z}[\alpha, \beta]\). Since \(\mathbb{Z}\) is a Noetherian ring, every submodule of a finitely generated \(\mathbb{Z}\)-module is itself finitely generated. Thus \(\alpha \pm \beta\) and \(\alpha\beta\) are each contained in a finitely generated \(\mathbb{Z}\)-module, hence are integral over \(\mathbb{Z}\) by condition (iii) of Theorem 3.4. ∎

Proof. Since \(\alpha\) is integral over \(S\), there exist \(c_0, c_1, \ldots, c_{n-1} \in S\) such that \(\alpha^n + c_{n-1}\alpha^{n-1} + \cdots + c_0 = 0\). Consider the tower of rings \[R \subseteq R[c_0] \subseteq R[c_0, c_1] \subseteq \cdots \subseteq R[c_0, \ldots, c_{n-1}] \subseteq R[c_0, \ldots, c_{n-1}, \alpha].\] Each \(c_i\) is integral over \(R\) since \(S\) is integral over \(R\), so by Theorem 3.4, each ring \(R[c_0, \ldots, c_k]\) is finitely generated as a module over \(R[c_0, \ldots, c_{k-1}]\). The element \(\alpha\) is integral over \(R[c_0, \ldots, c_{n-1}]\), so \(R[c_0, \ldots, c_{n-1}, \alpha]\) is finitely generated over \(R[c_0, \ldots, c_{n-1}]\). By iterating the module generation (if \(M\) is finitely generated over \(N\) and \(N\) is finitely generated over \(P\), then \(M\) is finitely generated over \(P\)), we conclude that \(R[c_0, \ldots, c_{n-1}, \alpha]\) is finitely generated as an \(R\)-module. Since \(\alpha\) lies in this ring, it is integral over \(R\) by Theorem 3.4(iii). ∎

Proof. If \(\alpha\) is integral over \(\overline{R}\) and \(\overline{R}\) is integral over \(R\), then \(\alpha\) is integral over \(R\) by transitivity, hence \(\alpha \in \overline{R}\). ∎

Proof. Let \(\alpha \in K\) be algebraic over \(\mathbb{Q}\), and let \(h(x) = a_n x^n + a_{n-1}x^{n-1} + \cdots + a_0 \in \mathbb{Z}[x]\) with \(a_n > 0\) be a polynomial with \(h(\alpha) = 0\). Multiplying the equation \(h(\alpha) = 0\) by \(a_n^{n-1}\), we obtain \[(a_n \alpha)^n + a_{n-1}(a_n \alpha)^{n-1} + a_{n-2}a_n(a_n \alpha)^{n-2} + \cdots + a_0 a_n^{n-1} = 0.\] This shows that \(a_n \alpha\) is a root of a monic polynomial in \(\mathbb{Z}[x]\), so \(a_n \alpha \in \mathcal{O}_K\). ∎

Proof. Since \(K\) is the fraction field of \(\mathcal{O}_K\) and \(\mathcal{O}_K\) is the integral closure of \(\mathbb{Z}\) in \(K\), Corollary 3.9 tells us that \(\mathcal{O}_K\) is integrally closed in \(K\). ∎

Proof. Every element of \(K\) has the form \(\alpha = a + b\sqrt{d}\) with \(a, b \in \mathbb{Q}\). Its minimal polynomial over \(\mathbb{Q}\) is \[(x - a - b\sqrt{d})(x - a + b\sqrt{d}) = x^2 - 2ax + (a^2 - db^2).\] By Theorem 3.2, the element \(\alpha\) is an algebraic integer if and only if both \(2a \in \mathbb{Z}\) and \(a^2 - db^2 \in \mathbb{Z}\).

Write \(a = m/2\) and \(b = n/2\) with \(m, n \in \mathbb{Z}\) (taking \(2a \in \mathbb{Z}\) already forces \(a\) to be a half-integer, and a similar analysis of \(a^2 - db^2 \in \mathbb{Z}\) forces \(b\) to be a half-integer as well). Then the integrality condition \(a^2 - db^2 \in \mathbb{Z}\) becomes \(m^2 - dn^2 \equiv 0 \pmod{4}\).

Case 1: \(d \not\equiv 1 \pmod{4}\). Since \(d\) is squarefree, we have \(d \equiv 2\) or \(3 \pmod{4}\). A case analysis shows \(m^2 - dn^2 \equiv 0 \pmod{4}\) forces both \(m\) and \(n\) to be even. So \(a, b \in \mathbb{Z}\), and \(\mathcal{O}_K = \mathbb{Z}[\sqrt{d}]\).

Case 2: \(d \equiv 1 \pmod{4}\). Then \(m^2 - dn^2 \equiv m^2 - n^2 \equiv 0 \pmod{4}\), which holds if and only if \(m \equiv n \pmod{2}\). The algebraic integers are therefore elements of the form \(\frac{m + n\sqrt{d}}{2}\) with \(m \equiv n \pmod{2}\). This is precisely \(\mathbb{Z}\left[\frac{1+\sqrt{d}}{2}\right]\), since every such element can be written as \(a + b \cdot \frac{1+\sqrt{d}}{2}\) with \(a, b \in \mathbb{Z}\). ∎

Proof. The ring \(\mathcal{O}_K\) is an integral domain (being a subring of a field), integrally closed (Corollary 3.12), and Noetherian (since it is isomorphic to \(\mathbb{Z}^n\) as an abelian group, every ideal is a subgroup of \(\mathbb{Z}^n\) and hence finitely generated). It remains to show that every nonzero prime ideal is maximal. If \(\mathfrak{p}\) is a nonzero prime ideal of \(\mathcal{O}_K\), then \(\mathcal{O}_K/\mathfrak{p}\) is a finite integral domain (since \(\mathcal{O}_K/\mathfrak{p}\) is a quotient of the finite group \(\mathcal{O}_K/\mathfrak{p}\)), and every finite integral domain is a field. ∎

Proof. Each \(\sigma_i\) is a ring homomorphism fixing \(\mathbb{Q}\), so \(\sigma_i(\alpha + \beta) = \sigma_i(\alpha) + \sigma_i(\beta)\), \(\sigma_i(r\alpha) = r\sigma_i(\alpha)\), and \(\sigma_i(\alpha\beta) = \sigma_i(\alpha)\sigma_i(\beta)\). All four properties then follow immediately from the definitions. ∎

Proof. Let \(\ell = \deg p = [\mathbb{Q}(\alpha) : \mathbb{Q}]\), so that \(n = \ell m\). Let \(\alpha_1, \ldots, \alpha_\ell\) be the roots of \(p(x)\) in \(\mathbb{C}\). The \(\ell\) embeddings \(\mathbb{Q}(\alpha) \hookrightarrow \mathbb{C}\) send \(\alpha\) to \(\alpha_1, \ldots, \alpha_\ell\) respectively, and each such embedding extends in exactly \(m\) ways to an embedding \(K \hookrightarrow \mathbb{C}\). Therefore the multiset \(\{\sigma(\alpha) : \sigma \in \operatorname{Hom}_{\mathbb{Q}}(K, \mathbb{C})\}\) consists of each \(\alpha_i\) appearing exactly \(m\) times. The product \(\prod_\sigma (x - \sigma(\alpha))\) thus equals \(\prod_{i=1}^{\ell} (x - \alpha_i)^m = p(x)^m\).

To verify this equals the characteristic polynomial of \(M_\alpha\), choose a basis \(\{u_1, \ldots, u_m\}\) for \(K\) over \(\mathbb{Q}(\alpha)\) and use the basis \(\{u_j \alpha^{k-1} : 1 \le j \le m, \, 0 \le k \le \ell-1\}\) for \(K\) over \(\mathbb{Q}\). Relative to this basis, \(M_\alpha\) decomposes into \(m\) blocks, each being the companion matrix of \(p(x)\), giving \(f_\alpha(x) = p(x)^m\). ∎

Proof. Each embedding \(\rho \in \operatorname{Hom}_{\mathbb{Q}}(L, \mathbb{C})\) restricts to some \(\sigma \in \operatorname{Hom}_{\mathbb{Q}}(K, \mathbb{C})\), and for each \(\sigma\), there are exactly \([L:K]\) embeddings \(\tau \in \operatorname{Hom}_K(L, \mathbb{C})\) that restrict to \(\sigma\) on \(K\) (after composing with an extension of \(\sigma\)). Therefore \[\operatorname{Tr}_{L/\mathbb{Q}}(\alpha) = \sum_{\sigma \in \operatorname{Hom}_{\mathbb{Q}}(K, \mathbb{C})} \sum_{\tau \in \operatorname{Hom}_K(L, \mathbb{C})} \sigma\bigl(\tau(\alpha)\bigr) = \sum_{\sigma} \sigma\Bigl(\sum_\tau \tau(\alpha)\Bigr) = \sum_{\sigma} \sigma\bigl(\operatorname{Tr}_{L/K}(\alpha)\bigr) = \operatorname{Tr}_{K/\mathbb{Q}}\bigl(\operatorname{Tr}_{L/K}(\alpha)\bigr).\] The argument for the norm is identical, with products replacing sums. ∎

Proof. If \(\alpha \in \mathcal{O}_K\), then each conjugate \(\sigma_i(\alpha)\) is also an algebraic integer (since \(\sigma_i(\alpha)\) satisfies the same minimal polynomial as \(\alpha\)). The trace \(\operatorname{Tr}(\alpha) = \sum \sigma_i(\alpha)\) and the norm \(N(\alpha) = \prod \sigma_i(\alpha)\) are therefore algebraic integers, by the ring property. But they are also rational numbers (as coefficients of the characteristic polynomial, which lies in \(\mathbb{Q}[x]\)). An element of \(\mathbb{Q}\) that is an algebraic integer must lie in \(\mathbb{Z}\). ∎

Proof. If \(\alpha \in \mathcal{O}_K^\times\), then \(\alpha\beta = 1\) for some \(\beta \in \mathcal{O}_K\). Taking norms, \(N(\alpha)N(\beta) = N(1) = 1\). Since both \(N(\alpha)\) and \(N(\beta)\) are integers, we must have \(N(\alpha) = \pm 1\).

Conversely, suppose \(N_{K/\mathbb{Q}}(\alpha) = \pm 1\). Then \(\alpha \prod_{i=2}^{n} \sigma_i(\alpha) = \pm 1\), so \(\alpha^{-1} = \pm \prod_{i=2}^{n} \sigma_i(\alpha)\). Each \(\sigma_i(\alpha)\) is an algebraic integer, so their product is an algebraic integer. Since \(\alpha^{-1} \in K\) and is an algebraic integer, \(\alpha^{-1} \in \mathcal{O}_K\). ∎

Proof. For all indices \(j, k\), \[(B^T B)_{jk} = \sum_{i=1}^{n} B_{ij} B_{ik} = \sum_{i=1}^{n} \sigma_i(\alpha_j)\sigma_i(\alpha_k) = \sum_{i=1}^{n} \sigma_i(\alpha_j \alpha_k) = \operatorname{Tr}_{K/\mathbb{Q}}(\alpha_j \alpha_k) = A_{jk}. \qedhere\] ∎

Proof. Choose \(\theta \in K\) with \(K = \mathbb{Q}(\theta)\), and let \(\theta_1, \ldots, \theta_n\) be its conjugates. The discriminant \(\operatorname{disc}(1, \theta, \ldots, \theta^{n-1})\) is the square of the Vandermonde determinant \(\prod_{i < j}(\theta_i - \theta_j)\), which is nonzero since the conjugates are distinct. If \(C\) is the change-of-basis matrix expressing the \(\alpha_k\) in terms of \(\{1, \theta, \ldots, \theta^{n-1}\}\), then by the change-of-basis formula (Theorem 4.11 below), \(\operatorname{disc}(\alpha_1, \ldots, \alpha_n) = (\det C)^2 \operatorname{disc}(1, \theta, \ldots, \theta^{n-1})\), which is nonzero if and only if \(\det C \ne 0\), if and only if the \(\alpha_k\) are linearly independent. ∎

Proof. Let \(B^U\) and \(B^V\) be the matrices with entries \(B^U_{jk} = \sigma_j(u_k)\) and \(B^V_{jk} = \sigma_j(v_k)\). Since \(v_k = \sum_i c_{ik} u_i\), we have \(\sigma_j(v_k) = \sum_i c_{ik} \sigma_j(u_i)\), so \(B^V = B^U C\). Therefore \[\operatorname{disc}(v_1, \ldots, v_n) = (\det B^V)^2 = (\det B^U)^2 (\det C)^2 = (\det C)^2 \cdot \operatorname{disc}(u_1, \ldots, u_n). \qedhere\] ∎

Proof. Choose \(\theta \in \mathcal{O}_K\) with \(K = \mathbb{Q}(\theta)\). Consider the collection of all \(\mathbb{Q}\)-bases for \(K\) that consist of algebraic integers. This collection is nonempty since it contains \(\{1, \theta, \ldots, \theta^{n-1}\}\). The discriminant of any such basis is a nonzero integer (nonzero by Corollary 4.9, integer by Theorem 4.5). \[|\operatorname{disc}(\omega_1', \omega_2, \ldots, \omega_n)| = r^2 |\operatorname{disc}(\omega_1, \ldots, \omega_n)| < |\operatorname{disc}(\omega_1, \ldots, \omega_n)|,\]

contradicting minimality. ∎

Proof. Since both are \(\mathbb{Z}\)-bases for \(\mathcal{O}_K\), the change of basis matrix \(C\) has integer entries, and so does \(C^{-1}\). Therefore \(\det(C) \in \mathbb{Z}\) and \(\det(C^{-1}) \in \mathbb{Z}\), which forces \(\det(C) = \pm 1\). By the change of basis formula, \(\operatorname{disc}(\omega_1', \ldots, \omega_n') = (\det C)^2 \operatorname{disc}(\omega_1, \ldots, \omega_n) = \operatorname{disc}(\omega_1, \ldots, \omega_n)\). ∎

Proof. The first equality follows from the Vandermonde determinant. For the second, since \(p(x) = \prod_{i=1}^{n}(x - \theta_i)\), we have \(p'(x) = \sum_{k=1}^{n} \prod_{i \ne k}(x - \theta_i)\), so \[p'(\theta_k) = \prod_{i \ne k}(\theta_k - \theta_i).\] Taking the product over all \(k\): \[N_{K/\mathbb{Q}}(p'(\theta)) = \prod_{k=1}^{n} p'(\theta_k) = \prod_{k=1}^{n} \prod_{i \ne k}(\theta_k - \theta_i).\] Now \(\prod_{k} \prod_{i \ne k}(\theta_k - \theta_i) = \prod_{i < j}(\theta_i - \theta_j)(\theta_j - \theta_i) = (-1)^{n(n-1)/2}\prod_{i < j}(\theta_i - \theta_j)^2\). ∎

Proof. Case 1: \(d \not\equiv 1 \pmod{4}\). An integral basis is \(\{1, \sqrt{d}\}\), and \[\operatorname{disc}(1, \sqrt{d}) = \det\begin{pmatrix} 1 & \sqrt{d} \\ 1 & -\sqrt{d}\end{pmatrix}^2 = (-2\sqrt{d})^2 = 4d.\] \[\operatorname{disc}\!\left(1, \tfrac{1+\sqrt{d}}{2}\right) = \det\begin{pmatrix} 1 & \frac{1+\sqrt{d}}{2} \\[4pt] 1 & \frac{1-\sqrt{d}}{2}\end{pmatrix}^2 = (-\sqrt{d})^2 = d. \qedhere\]

∎

Proof. Write \(\alpha = a_1\alpha_1 + \cdots + a_n\alpha_n\) with \(a_i \in \mathbb{Q}\). Applying each embedding \(\sigma_j\) gives a system of linear equations. By Cramer's rule, \(a_i = \gamma_i / \delta\) where \(\delta = \det(\sigma_j(\alpha_k))\) and \(\gamma_i\) is obtained by replacing the \(i\)-th column with \((\sigma_1(\alpha), \ldots, \sigma_n(\alpha))^T\). Both \(\gamma_i\) and \(\delta\) are algebraic integers, and \(\delta^2 = d\). Setting \(m_i = da_i = \delta \gamma_i\), we have \(m_i \in \mathbb{Q} \cap \mathcal{O}_{\overline{\mathbb{Q}}} = \mathbb{Z}\), and \(m_i^2/d = \gamma_i^2 \in \mathbb{Z}\). ∎

Proof. Let \(\{\omega_1, \ldots, \omega_n\}\) be an integral basis, and let \(\delta = \det(\sigma_j(\omega_k))\), so that \(\operatorname{disc}(K) = \delta^2\). Consider the sum \[S = \sum_{\pi \in S_n} \operatorname{sgn}(\pi) \prod_{i=1}^{n} \sigma_i(\omega_{\pi(i)}),\] which equals \(\delta\). Each summand is an algebraic integer. Now consider the partition of \(S_n\) into even and odd permutations: \(\delta = A - B\) where \(A\) is the sum over even permutations and \(B\) is the sum over odd permutations. Then \(A + B = \sum_{\pi} |\operatorname{sgn}(\pi)| \prod \sigma_i(\omega_{\pi(i)})\) and \[\delta^2 = (A - B)^2 = (A + B)^2 - 4AB.\] Both \(A + B\) and \(AB\) are symmetric functions of the \(\sigma_i(\omega_k)\), hence lie in \(\mathbb{Q}\). Since they are also algebraic integers, they lie in \(\mathbb{Z}\). Therefore \(\operatorname{disc}(K) = (A+B)^2 - 4AB \equiv (A+B)^2 \pmod{4}\), and a perfect square modulo 4 is either 0 or 1. ∎

Proof. Let \(\{\omega_1, \ldots, \omega_n\}\) be an integral basis and let \(\delta = \det(\sigma_j(\omega_k))\), so \(\operatorname{disc}(K) = \delta^2\). Complex conjugation fixes the rows corresponding to real embeddings and swaps the rows corresponding to pairs of conjugate complex embeddings. Therefore \(\overline{\delta}\) is obtained from \(\delta\) by performing \(r_2\) row transpositions, giving \(\overline{\delta} = (-1)^{r_2} \delta\).

If \(r_2\) is even, then \(\overline{\delta} = \delta\), so \(\delta \in \mathbb{R}\) and \(\delta^2 > 0\). If \(r_2\) is odd, then \(\overline{\delta} = -\delta\), so \(\delta\) is purely imaginary and \(\delta^2 < 0\). In both cases, the sign of \(\operatorname{disc}(K) = \delta^2\) is \((-1)^{r_2}\). ∎

Proof. (i) The roots of \(x^n - 1\) are the elements of the cyclic group \(C_n = \{\zeta_n^k : k \in \mathbb{Z}_n\}\). Each element of \(C_n\) is a primitive \(d\)-th root of unity for exactly one divisor \(d\) of \(n\), and the primitive \(d\)-th roots of unity are precisely the roots of \(\Phi_d(x)\). Therefore \(x^n - 1 = \prod_{d \mid n} \Phi_d(x)\).

(ii) By induction on \(n\). We have \(\Phi_1(x) = x - 1 \in \mathbb{Z}[x]\). For \(n > 1\), write \(x^n - 1 = \Phi_n(x) g(x)\) where \(g(x) = \prod_{d \mid n, d \ne n} \Phi_d(x) \in \mathbb{Z}[x]\) by the induction hypothesis. Since \(g\) is monic, long division of \(x^n - 1\) by \(g(x)\) in \(\mathbb{Z}[x]\) yields a quotient \(\Phi_n(x) \in \mathbb{Z}[x]\).

(iii) By induction. \(\Phi_1(0) = -1\). For \(n \ge 2\), evaluating \(x^n - 1 = \Phi_n(x) \Phi_1(x) h(x)\) at \(x = 0\) gives \(-1 = \Phi_n(0)(-1)(1) = -\Phi_n(0)\), so \(\Phi_n(0) = 1\). (Here \(h(x) = \prod_{d \mid n, d \ne 1, d \ne n} \Phi_d(x)\), which satisfies \(h(0) = 1\) by induction.)

(iv) From part (i), \(x^p - 1 = \Phi_p(x) \Phi_1(x) = \Phi_p(x)(x-1)\), so \(\Phi_p(x) = \frac{x^p - 1}{x - 1} = x^{p-1} + \cdots + x + 1\). Similarly, \(x^{p^k} - 1 = \Phi_{p^k}(x) \cdot (x^{p^{k-1}} - 1)\), giving \(\Phi_{p^k}(x) = \frac{x^{p^k} - 1}{x^{p^{k-1}} - 1} = \Phi_p(x^{p^{k-1}})\). Evaluating at \(x = 1\): \(\Phi_{p^k}(1) = \Phi_p(1) = p\). ∎

Proof. Write \(g(x) = \sum_{i=0}^{m} c_i x^i\). By Fermat's Little Theorem, \(c_i^p = c_i\) for each coefficient. By the Binomial Theorem in characteristic \(p\), all middle binomial coefficients \(\binom{p}{k}\) for \(0 < k < p\) vanish, so \((a + b)^p = a^p + b^p\). Applying this repeatedly, \(g(x)^p = \bigl(\sum c_i x^i\bigr)^p = \sum c_i^p x^{ip} = \sum c_i x^{ip} = g(x^p)\). ∎

Proof of Theorem 5.3. Let \(\zeta\) be a primitive \(n\)-th root of unity and let \(f(x) \in \mathbb{Q}[x]\) be its minimal polynomial over \(\mathbb{Q}\). Since \(\zeta\) is a root of the monic polynomial \(\Phi_n(x) \in \mathbb{Z}[x]\), Theorem 3.2 gives \(f(x) \in \mathbb{Z}[x]\), and \(f \mid \Phi_n\) in \(\mathbb{Z}[x]\). Write \(x^n - 1 = f(x)g(x)\) with \(g(x) \in \mathbb{Z}[x]\) (this is valid since \(f \mid \Phi_n \mid x^n - 1\) and all polynomials are monic, so long division stays in \(\mathbb{Z}[x]\)).

We will show that if \(\theta\) is any root of \(f\) and \(p\) is any prime with \(\gcd(p, n) = 1\), then \(\theta^p\) is also a root of \(f\). Since every \(k\) with \(\gcd(k, n) = 1\) can be written as a product of primes coprime to \(n\), iterating this step shows that \(\zeta^k\) is a root of \(f\) for every such \(k\), giving \(\Phi_n \mid f\) and hence \(f = \Phi_n\).

Suppose, for contradiction, that \(f(\theta^p) \ne 0\) for some root \(\theta\) of \(f\) and some prime \(p\) with \(p \nmid n\). Then \(\theta^p\) is a root of \(x^n - 1\) but not of \(f\), so \(g(\theta^p) = 0\). Thus \(\theta\) is a root of \(h(x) = g(x^p) \in \mathbb{Z}[x]\). Since \(f\) is the minimal polynomial of \(\theta\), we have \(f \mid h\) in \(\mathbb{Q}[x]\), and since both are in \(\mathbb{Z}[x]\) with \(f\) monic, \(h = fk\) for some \(k \in \mathbb{Z}[x]\).

Reduce modulo \(p\): \(\overline{h}(x) = \overline{g}(x^p) = \overline{g}(x)^p\) by Lemma 5.4. So \(\overline{f}\,\overline{k} = \overline{g}^{\,p}\). Let \(s(x)\) be an irreducible factor of \(\overline{f}\) in \(\mathbb{F}_p[x]\). Then \(s \mid \overline{g}^{\,p}\), hence \(s \mid \overline{g}\). Since \(x^n - 1 = f(x)g(x)\), reducing modulo \(p\) gives \(x^n - 1 = \overline{f}\,\overline{g}\). Since \(s \mid \overline{f}\) and \(s \mid \overline{g}\), we have \(s^2 \mid x^n - 1\) in \(\mathbb{F}_p[x]\).

But the derivative of \(x^n - 1\) is \(nx^{n-1}\), and since \(p \nmid n\), the constant \(n\) is invertible in \(\mathbb{F}_p\). Therefore \(\gcd(x^n - 1, nx^{n-1}) = 1\) in \(\mathbb{F}_p[x]\), which means \(x^n - 1\) has no repeated factors—a contradiction. ∎

Proof. The splitting field of \(\Phi_n(x)\) over \(\mathbb{Q}\) is \(\mathbb{Q}(\zeta_n)\) (indeed, it is the splitting field of \(x^n - 1\)), so the extension is Galois. Since \(\Phi_n\) is irreducible, \([\mathbb{Q}(\zeta_n) : \mathbb{Q}] = \deg \Phi_n = \varphi(n)\). \[\sigma_k \circ \sigma_\ell(\zeta_n) = \sigma_k(\zeta_n^\ell) = (\zeta_n^\ell)^k = \zeta_n^{k\ell} = \sigma_{k\ell}(\zeta_n),\]

so \(\psi(\sigma_k \circ \sigma_\ell) = k\ell = \psi(\sigma_k)\psi(\sigma_\ell)\). Since an automorphism of \(\mathbb{Q}(\zeta_n)\) is determined by its action on \(\zeta_n\), the map \(\psi\) is injective. Both groups have order \(\varphi(n)\), so \(\psi\) is an isomorphism. ∎

Proof. Set \(\zeta = \zeta_{p^r}\) and \(s = \varphi(p^r) = p^{r-1}(p-1)\). Since \(1 - x\) divides \(1 - x^k\) in \(\mathbb{Z}[x]\) for any positive integer \(k\), the element \(1 - \zeta^j\) is divisible by \(1 - \zeta\) in \(\mathcal{O}_K\) for each \(j\). From \[p = \Phi_{p^r}(1) = \prod_{\substack{1 \le j \le p^r \\ \gcd(j,p) = 1}} (1 - \zeta^j),\] and the fact that each factor \(1 - \zeta^j\) is an associate of \(1 - \zeta\) (since \(\frac{1 - \zeta^j}{1 - \zeta}\) is a unit for \(\gcd(j,p) = 1\)), we obtain \(p = (1 - \zeta)^s \lambda\) for some unit \(\lambda \in \mathcal{O}_K^\times\).

Now the set \(\{1, (1-\zeta), (1-\zeta)^2, \ldots, (1-\zeta)^{s-1}\}\) is a \(\mathbb{Q}\)-basis for \(K\), and \(\operatorname{disc}(1 - \zeta) = \operatorname{disc}(\zeta)\), which is a power of \(p\) by Theorem 5.9 below.

\[\alpha = \frac{\ell_1 + \ell_2(1-\zeta) + \cdots + \ell_s(1-\zeta)^{s-1}}{d}\]

where \(d = \operatorname{disc}(\zeta)\) is a power of \(p\) and \(\ell_1, \ldots, \ell_s \in \mathbb{Z}\).

\[\gamma = \frac{\ell_i(1-\zeta)^{i-1} + \cdots + \ell_s(1-\zeta)^{s-1}}{p} \in \mathcal{O}_K.\]

Since \(p = (1-\zeta)^s \lambda\), multiplying by \((1-\zeta)^{s-i}\lambda\) and simplifying shows that \(\theta = \frac{\ell_i}{1-\zeta} \in \mathcal{O}_K\). Taking norms: \(N(1-\zeta) \cdot N(\theta) = N(\ell_i)\), giving \(p \cdot N(\theta) = \ell_i^s\). Since \(N(\theta) \in \mathbb{Z}\), this forces \(p \mid \ell_i^s\), hence \(p \mid \ell_i\), contradicting our choice. ∎

Proof. We proceed by induction on the number of distinct prime factors of \(n\). If \(n = p^r\) is a prime power, the result is Theorem 5.6.

For the inductive step, write \(n = p_1^{a_1} \cdots p_k^{a_k}\) and set \(m = p_1^{a_1} \cdots p_{k-1}^{a_{k-1}}\) and \(q = p_k^{a_k}\). By induction, \(\mathcal{O}_{\mathbb{Q}(\zeta_m)} = \mathbb{Z}[\zeta_m]\) and \(\mathcal{O}_{\mathbb{Q}(\zeta_q)} = \mathbb{Z}[\zeta_q]\).

The compositum of \(\mathbb{Q}(\zeta_m)\) and \(\mathbb{Q}(\zeta_q)\) is \(\mathbb{Q}(\zeta_n)\), since by the Euclidean algorithm there exist integers \(g, h\) with \(\zeta_n = \zeta_m^g \zeta_q^h\). Moreover, \([\mathbb{Q}(\zeta_n) : \mathbb{Q}] = \varphi(n) = \varphi(m)\varphi(q)\), so the extensions have maximal compositum degree. Since \(\operatorname{disc}(\mathbb{Q}(\zeta_m))\) is supported only on primes dividing \(m\) and \(\operatorname{disc}(\mathbb{Q}(\zeta_q))\) is a power of \(p_k\), we have \(\gcd(\operatorname{disc}(\mathbb{Q}(\zeta_m)), \operatorname{disc}(\mathbb{Q}(\zeta_q))) = 1\).

\[\mathcal{O}_{\mathbb{Q}(\zeta_n)} = \mathcal{O}_{\mathbb{Q}(\zeta_m)} \cdot \mathcal{O}_{\mathbb{Q}(\zeta_q)} = \mathbb{Z}[\zeta_m] \cdot \mathbb{Z}[\zeta_q] = \mathbb{Z}[\zeta_m, \zeta_q] = \mathbb{Z}[\zeta_n]. \qedhere\]

∎

Proof. A point in the plane is constructible from the origin and a unit length if and only if its coordinates lie in a field obtained from \(\mathbb{Q}\) by a tower of quadratic extensions. Thus constructibility of the regular \(n\)-gon is equivalent to \(\zeta_n\) being constructible, which requires \([\mathbb{Q}(\zeta_n) : \mathbb{Q}] = \varphi(n)\) to be a power of 2.

Now \(\varphi(n)\) is a power of 2 if and only if \(n = 2^k p_1 \cdots p_\ell\) where each \(p_i\) is a distinct Fermat prime. Indeed, for an odd prime \(p\), \(\varphi(p^r) = p^{r-1}(p-1)\) is a power of 2 only if \(r = 1\) and \(p - 1\) is a power of 2, i.e., \(p\) is a Fermat prime. ∎

Proof. Since \(x^n - 1 = \Phi_n(x) g(x)\) with \(g \in \mathbb{Z}[x]\), differentiating and evaluating at \(\zeta_n\) gives \[n\zeta_n^{n-1} = \Phi_n'(\zeta_n) g(\zeta_n).\] Taking norms over \(\mathbb{Q}(\zeta_n)/\mathbb{Q}\): \[n^{\varphi(n)} \cdot N(\zeta_n^{n-1}) = N(\Phi_n'(\zeta_n)) \cdot N(g(\zeta_n)).\] Since \(\zeta_n\) is a unit in \(\mathcal{O}_{\mathbb{Q}(\zeta_n)}\), \(N(\zeta_n^{n-1}) = \pm 1\). By Theorem 4.16, \(N(\Phi_n'(\zeta_n)) = (-1)^{\varphi(n)(\varphi(n)-1)/2} \operatorname{disc}(\zeta_n) = \pm \operatorname{disc}(\mathbb{Q}(\zeta_n))\). Since \(g(\zeta_n) \in \mathcal{O}_{\mathbb{Q}(\zeta_n)}\), \(N(g(\zeta_n)) \in \mathbb{Z}\). Therefore \(\operatorname{disc}(\mathbb{Q}(\zeta_n))\) divides \(n^{\varphi(n)}\). \[p\zeta_p^{p-1} = \Phi_p'(\zeta_p)(\zeta_p - 1).\]\[p^{p-1} = (-1)^{(p-1)(p-2)/2} \operatorname{disc}(\zeta_p) \cdot p,\]

giving \(\operatorname{disc}(\mathbb{Q}(\zeta_p)) = (-1)^{(p-1)/2} p^{p-2}\). (Here we use that \((-1)^{(p-1)(p-2)/2} = (-1)^{(p-1)/2}\) since \(p\) is odd.) ∎

Proof. (i) \(\Rightarrow\) (ii): If \(\alpha\) is a common root, write \(f(x) = (x - \alpha)k(x)\) and \(g(x) = (x - \alpha)h(x)\). Then \(h(x)f(x) = (x-\alpha)h(x)k(x) = k(x)g(x)\), with \(\deg h \le m-1\) and \(\deg k \le n-1\).

(ii) \(\Rightarrow\) (i): If \(h(x)f(x) = k(x)g(x)\) with \(\deg h \le m-1\) and \(\deg k \le n-1\), then comparing degrees, the roots of \(k\) cannot account for all roots of \(f\), so some root of \(f\) must also be a root of \(g\).

(ii) \(\Leftrightarrow\) (iii): Write \(h(x) = c_{m-1}x^{m-1} + \cdots + c_0\) and \(k(x) = d_{n-1}x^{n-1} + \cdots + d_0\). Comparing coefficients of \(x^{n+m-1}, x^{n+m-2}, \ldots, x^0\) in the equation \(hf = kg\) gives a system of \(n+m\) linear equations in the \(n+m\) unknowns \(c_0, \ldots, c_{m-1}, -d_0, \ldots, -d_{n-1}\). This system has a nontrivial solution if and only if the coefficient matrix has zero determinant, and this determinant is precisely the transpose of the Sylvester matrix. Since \(\det(A) = \det(A^T)\), condition (ii) holds if and only if \(R(f,g) = 0\). ∎

Proof. Define \[ S = a_n^m \, b_m^n \prod_{i,j}(x_i - y_j). \] We regard the \(x_i\) and \(y_j\) as indeterminates and work in the polynomial ring \(\mathbb{C}[x_1, \ldots, x_n, y_1, \ldots, y_m]\). By Proposition 6.2, whenever \(x_i = y_j\) we have \(R(f,g) = 0\), so \((x_i - y_j)\) divides \(R(f,g)\). Since these are distinct irreducible elements in a UFD, the full product \(\prod_{i,j}(x_i - y_j)\) divides \(R(f,g)\).

Now \(S\) is homogeneous of degree \(m\) in the \(a_i\) (via the symmetric functions of the \(x_i\)) and of degree \(n\) in the \(b_j\) (via the symmetric functions of the \(y_j\)), matching the degrees of \(R(f,g)\). Since \(S\) divides \(R\) and both have the same degree, we have \(R = cS\) for some constant \(c \in \mathbb{C}\).

Comparing leading terms: the coefficient of \(a_n^m b_m^n\) in \(R(f,g)\) is \(1\) (from the Sylvester determinant), and the same coefficient in \(S\) is \(1\). Therefore \(c = 1\), and \(R(f,g) = S\).

The alternative forms follow because \(g(x) = b_m \prod_{j=1}^m (x - y_j)\), so \(a_n^m \prod_{i=1}^n g(x_i) = S\), and similarly for \(f(y_j)\). ∎

Proof. Since \(f\) is monic of degree \(n\) and \(f'\) has degree \(n-1\) with leading coefficient \(n\), the product formula gives \[ R(f, f') = \prod_{i=1}^{n} f'(\alpha_i). \] Now \(f(x) = \prod_{k=1}^n (x - \alpha_k)\), so \[ f'(\alpha_i) = \prod_{\substack{j=1 \\ j \ne i}}^{n} (\alpha_i - \alpha_j). \] Therefore \[ R(f, f') = \prod_{i=1}^{n} \prod_{\substack{j=1 \\ j \ne i}}^{n} (\alpha_i - \alpha_j) = (-1)^{n(n-1)/2} \prod_{1 \le i < j \le n} (\alpha_i - \alpha_j)^2 = (-1)^{n(n-1)/2}\, \operatorname{disc}(\alpha). \] The sign arises because the ordered product over all \(i \ne j\) pairs differs from the product over \(i < j\) by a factor of \((-1)^{n(n-1)/2}\). ∎

Proof. (i) We have \([KL : \mathbb{Q}] = [KL : K] \cdot [K : \mathbb{Q}] \le [L : \mathbb{Q}] \cdot [K : \mathbb{Q}] = mn\), since \(KL\) is generated over \(K\) by the elements of \(L\), and \([KL : K] \le [L : \mathbb{Q}]\).

(ii) If \([KL : \mathbb{Q}] = mn\), then \(KL\) has exactly \(mn\) embeddings into \(\mathbb{C}\). Each embedding \(\varepsilon : KL \hookrightarrow \mathbb{C}\) is determined by \(\varepsilon|_K\) and \(\varepsilon|_L\) (since products of elements of \(K\) and \(L\) generate \(KL\)). There are \(m\) choices for \(\varepsilon|_K\) and \(n\) choices for \(\varepsilon|_L\), giving \(mn\) pairs, and since there are exactly \(mn\) embeddings, each pair \((\sigma, \tau)\) corresponds to a unique embedding. The converse is similar. ∎

Proof. Let \(\{\alpha_1, \ldots, \alpha_m\}\) be an integral basis for \(K\) and \(\{\beta_1, \ldots, \beta_n\}\) an integral basis for \(L\). Since \([KL : \mathbb{Q}] = mn\), the products \(\alpha_i \beta_j\) form a \(\mathbb{Q}\)-basis of \(KL\). Every \(\gamma \in KL\) can thus be written as \[ \gamma = \sum_{i,j} \frac{a_{ij}}{r}\, \alpha_i \beta_j \] where \(a_{ij}, r \in \mathbb{Z}\) with \(\gcd(a_{11}, \ldots, a_{mn}, r) = 1\). If \(\gamma \in \mathcal{O}_{KL}\), we must show that \(r \mid d\). \[ \sigma_i'(\gamma) = \sum_{k=1}^m \sigma_i(\alpha_k) \, x_k. \]\[ \frac{\operatorname{disc}(K) \cdot a_{ij}}{r} \in \mathbb{Z} \]

for all \(i, j\). Since \(\gcd(a_{11}, \ldots, a_{mn}, r) = 1\), it follows that \(r \mid \operatorname{disc}(K)\). By the same argument applied to \(L\), we get \(r \mid \operatorname{disc}(L)\), so \(r \mid d\). ∎

Proof. We proceed by induction on the number of distinct prime power factors of \(n\). The base case \(n = p^r\) (a prime power) is proved by a direct argument using the factorization \(p = (1 - \zeta_{p^r})^{\varphi(p^r)} \cdot \lambda\) for a unit \(\lambda \in \mathcal{O}_{\mathbb{Q}(\zeta_{p^r})}\), and showing that no non-integral rational combination of the basis \(\{1, 1-\zeta_{p^r}, \ldots, (1-\zeta_{p^r})^{s-1}\}\) (where \(s = \varphi(p^r)\)) can be an algebraic integer.

For the inductive step, write \(n = p_1^{e_1} \cdots p_k^{e_k}\), and set \(m = p_1^{e_1} \cdots p_{k-1}^{e_{k-1}}\). Let \(K = \mathbb{Q}(\zeta_m)\) and \(L = \mathbb{Q}(\zeta_{p_k^{e_k}})\). By induction, \(\mathcal{O}_K = \mathbb{Z}[\zeta_m]\) and \(\mathcal{O}_L = \mathbb{Z}[\zeta_{p_k^{e_k}}]\).

\[ \varphi(n) = \varphi(m)\,\varphi(p_k^{e_k}) = [K : \mathbb{Q}] \cdot [L : \mathbb{Q}] \ge [KL : \mathbb{Q}] \ge [\mathbb{Q}(\zeta_n) : \mathbb{Q}] = \varphi(n), \]\[ \mathbb{Z}[\zeta_n] \subseteq \mathcal{O}_{\mathbb{Q}(\zeta_n)} \subseteq \mathcal{O}_K \mathcal{O}_L = \mathbb{Z}[\zeta_m] \cdot \mathbb{Z}[\zeta_{p_k^{e_k}}] = \mathbb{Z}[\zeta_n], \]

so \(\mathcal{O}_{\mathbb{Q}(\zeta_n)} = \mathbb{Z}[\zeta_n]\). ∎

Proof. From Example 6.4 (via the resultant), \(\operatorname{disc}(\theta) = -4 \cdot 503\). One checks that \(\omega = (\theta^2 + \theta)/2 \in \mathcal{O}_K\) (by verifying that its minimal polynomial has integer coefficients, using the relations among the conjugates). A change-of-basis calculation then gives \(\operatorname{disc}(1, \theta, \omega) = -503\). Since \(503\) is prime, \(\{1, \theta, \omega\}\) is an integral basis and \(\operatorname{disc}(K) = -503\). \[ A_1 = a^2 - 2c^2 - 8bc, \quad A_2 = -2c^2 + 2ab + 2bc - b^2, \quad A_3 = 2b^2 + 2ac + c^2. \]\[ \operatorname{disc}(\lambda) = -503 \cdot (bA_3 - cA_2)^2 = -503 \cdot (2b^3 - bc^2 + b^2c + 2c^3)^2. \]

But \(2b^3 - bc^2 + b^2c + 2c^3 \equiv bc(b - c) \pmod{2}\), which is always even. Therefore \(4 \mid \operatorname{disc}(\lambda)\), so \(\operatorname{disc}(\lambda) \ne -503 = \operatorname{disc}(K)\), and \(\{1, \lambda, \lambda^2\}\) can never be an integral basis. ∎

Proof. (iii) \(\Rightarrow\) (i): Given an ascending chain \(I_1 \subseteq I_2 \subseteq \cdots\), the union \(I = \bigcup_{k=1}^{\infty} I_k\) is an ideal. Since \(R\) is Noetherian, \(I = (a_1, \ldots, a_r)\). Each \(a_i\) lies in some \(I_{k_i}\); setting \(N = \max(k_1, \ldots, k_r)\) gives \(I \subseteq I_N\), so the chain stabilizes at \(N\).

(i) \(\Rightarrow\) (ii): If a nonempty collection \(\mathcal{S}\) had no maximal element, we could build a strictly ascending chain \(I_1 \subsetneq I_2 \subsetneq \cdots\) in \(\mathcal{S}\), contradicting (i).

(ii) \(\Rightarrow\) (iii): Let \(I\) be an ideal. Consider the collection \(\mathcal{S}\) of finitely generated ideals contained in \(I\). By (ii), \(\mathcal{S}\) has a maximal element \(M = (a_1, \ldots, a_r)\). If \(M \ne I\), choose \(b \in I \setminus M\); then \((a_1, \ldots, a_r, b) \in \mathcal{S}\) strictly contains \(M\), contradicting maximality. So \(M = I\) is finitely generated. ∎

Proof. We verify the three conditions.

(1) \(\mathcal{O}_K\) is Noetherian. Every nonzero ideal \(I \subseteq \mathcal{O}_K\) has an integral basis \(\{\alpha_1, \ldots, \alpha_n\}\) (Theorem 8.4 of the previous chapter), so \(I = (\alpha_1, \ldots, \alpha_n)\) is finitely generated.

(2) Every nonzero prime ideal is maximal. Let \(P \subseteq \mathcal{O}_K\) be a nonzero prime ideal. It suffices to show \(\mathcal{O}_K / P\) is a field. Since \(P\) is nonzero, it contains a nonzero integer \(a \in P \cap \mathbb{Z}_{>0}\) (take the norm of any nonzero element). If \(\{\omega_1, \ldots, \omega_n\}\) is an integral basis for \(\mathcal{O}_K\), then every element of \(\mathcal{O}_K/P\) is represented by an integer linear combination of \(\omega_1, \ldots, \omega_n\) with coefficients in \(\{0, 1, \ldots, a-1\}\). Hence \(|\mathcal{O}_K/P| \le a^n < \infty\). Since every finite integral domain is a field, \(P\) is maximal.

(3) \(\mathcal{O}_K\) is integrally closed. Suppose \(\gamma \in K\) satisfies \(\gamma^m + c_{m-1}\gamma^{m-1} + \cdots + c_0 = 0\) with \(c_i \in \mathcal{O}_K\). Then \(\gamma\) lies in the ring \(A = \mathbb{Z}[c_0, \ldots, c_{m-1}, \gamma]\). Since each \(c_i\) is an algebraic integer of degree at most \([K : \mathbb{Q}]\), and \(\gamma^m\) can be expressed in terms of lower powers using the relation, the ring \(A\) is finitely generated as an abelian group. Hence \(\gamma\) is an algebraic integer, so \(\gamma \in \mathcal{O}_K\). ∎

Proof. Let \(\mathcal{S}\) be the set of nonzero ideals that do not contain any product of prime ideals. Suppose for contradiction that \(\mathcal{S} \ne \emptyset\). Since \(R\) is Noetherian, \(\mathcal{S}\) has a maximal element \(M\). \[ P_1 \cdots P_\ell \, Q_1 \cdots Q_k \subseteq M_1 M_2 \subseteq M, \]

contradicting \(M \in \mathcal{S}\). ∎

Proof. Let \(0 \ne a \in I\). By Lemma 7.5, \((a) \supseteq P_1 \cdots P_r\) for some prime ideals \(P_i\); choose \(r\) minimal. Let \(M\) be a maximal ideal containing \(I\). Since \(M\) is prime and \(M \supseteq (a) \supseteq P_1 \cdots P_r\), we have \(M \supseteq P_i\) for some \(i\); since primes are maximal, \(M = P_i\), say \(M = P_1\).

If \(r = 1\), then \(P_1 \subseteq (a) \subseteq I\), so \(P_1 = (a) = I\) (since \(P_1\) is maximal). Take \(\gamma = 1/a \in K \setminus R\); then \(\gamma I = R\).

If \(r > 1\), by minimality of \(r\), \(P_2 \cdots P_r \not\subseteq (a)\). Choose \(b \in P_2 \cdots P_r \setminus (a)\) and set \(\gamma = b/a\). Then \(\gamma \notin R\) (since \(b \notin (a)\)), but \(\gamma I \subseteq \gamma P_1 \subseteq \frac{b}{a} P_1 = \frac{1}{a} P_1 P_2 \cdots P_r \subseteq \frac{1}{a}(a) = R\). ∎

Proof. Set \(J = \{\beta \in R : \beta I \subseteq (\alpha)\}\). By definition, \(IJ \subseteq (\alpha)\). We show \((\alpha) \subseteq IJ\).

Let \(B = \frac{1}{\alpha} IJ\), an ideal of \(R\). We want \(B = R\). Suppose not: by Lemma 7.8, there exists \(\gamma \in K \setminus R\) with \(\gamma B \subseteq R\). Since \(\alpha \in I\), we have \(J \subseteq B\), so \(\gamma J \subseteq \gamma B \subseteq R\). Then \(\frac{\gamma}{\alpha} IJ = \gamma B \subseteq R\), meaning \((\gamma J) I \subseteq (\alpha)\), so \(\gamma J \subseteq J\) by definition of \(J\).

But \(J\) has an integral basis (being a nonzero ideal of a ring of integers), hence is a finitely generated abelian group. The inclusion \(\gamma J \subseteq J\) with \(J\) finitely generated implies \(\gamma\) is integral over \(R\). Since \(R\) is integrally closed, \(\gamma \in R\), contradicting \(\gamma \notin R\). ∎

Proof. By Proposition 7.9, there exists \(J\) with \(CJ = (\alpha)\) for some nonzero \(\alpha\). Then \((\alpha)A = ACJ = BCJ = (\alpha)B\), so \(\alpha A = \alpha B\), and hence \(A = B\). ∎

Proof. If \(B = AC\), then \(B \subseteq A\). Conversely, if \(A \supseteq B\) and \(A \ne (0)\), choose \(0 \ne \alpha \in A\) and let \(J\) satisfy \(JA = (\alpha)\). Then \((\alpha) = JA \supseteq JB\), so \(R \supseteq \frac{1}{\alpha}JB\). Setting \(C = \frac{1}{\alpha}JB\), we get \(AC = \frac{1}{\alpha}AJB = B\). ∎

Proof. Existence: Let \(\mathcal{S}\) be the set of proper nonzero ideals that cannot be written as a product of prime ideals. Suppose \(\mathcal{S} \ne \emptyset\); by the Noetherian property, \(\mathcal{S}\) has a maximal element \(M\). Since \(M\) is not prime (otherwise it is a product of one prime), \(M\) is contained in some maximal ideal \(P \supsetneq M\). By Corollary 7.11, \(P \mid M\), so \(M = PC\) for some ideal \(C\).

Since \(M \subsetneq P\) and \(M = PC\), we have \(C \ne R\). If \(C\) were a product of primes, then \(M = PC\) would be too, contradicting \(M \in \mathcal{S}\). So \(C \in \mathcal{S}\). But \(C \supseteq M\) (since \(M = PC \subseteq C\)) and \(C \ne M\) (otherwise \(M = PM\) and cancellation gives \(P = R\), a contradiction). This contradicts the maximality of \(M\) in \(\mathcal{S}\). Hence \(\mathcal{S} = \emptyset\).

Uniqueness: Suppose \(P_1 \cdots P_r = Q_1 \cdots Q_s\) with all \(P_i, Q_j\) prime. Then \(P_1 \supseteq Q_1 \cdots Q_s\). Since \(P_1\) is prime, \(P_1 \supseteq Q_j\) for some \(j\). Since nonzero primes are maximal, \(P_1 = Q_j\). Cancelling (by Corollary 7.10) gives \(P_2 \cdots P_r = Q_1 \cdots \hat{Q}_j \cdots Q_s\). By induction, the factorizations agree up to reordering.

(No proper nonempty product of prime ideals can equal \(R\), since each \(P_i \subsetneq R\), so the base case of the induction is immediate.) ∎

Proof. Every PID is a UFD (standard algebra). Conversely, suppose \(R\) is a UFD and Dedekind. It suffices to show every nonzero prime ideal \(P\) is principal. Choose \(0 \ne \alpha \in P\); since \(\alpha\) is not a unit (as \(P\) is proper), write \(\alpha = p_1^{a_1} \cdots p_k^{a_k}\) with each \(p_i\) irreducible. Since \(P\) is prime, some \(p_i \in P\), say \(p_1 \in P\). Then \((p_1) \subseteq P\). But \((p_1)\) is prime (in a UFD, irreducible elements generate prime ideals) and hence maximal (since \(R\) is Dedekind). So \(P = (p_1)\). ∎

Proof. We compute: \[ \mathbb{Z}[\alpha]/(p) \cong \mathbb{Z}[x]/(f(x), p) \cong \mathbb{F}_p[x]/(\overline{f}(x)) \cong \mathbb{F}_p[x]/(\overline{g}_1^{e_1}) \times \cdots \times \mathbb{F}_p[x]/(\overline{g}_r^{e_r}). \] The prime ideals of \(\mathbb{Z}[\alpha]\) containing \(p\) correspond to the prime ideals of this product, which are exactly the ideals \((p, g_i(\alpha))\) corresponding to the irreducible factors \(\overline{g}_i\). Tracing the isomorphisms gives the stated factorization. Since \(p \nmid [\mathcal{O}_K : \mathbb{Z}[\alpha]]\), the factorization in \(\mathbb{Z}[\alpha]\) lifts to the same factorization in \(\mathcal{O}_K\). ∎

Proof. (\(\Rightarrow\)): Suppose \(p\) is ramified, so \((p) = \mathfrak{p}^2 Q\) for some prime \(\mathfrak{p}\) and ideal \(Q\). Choose \(\alpha \in \mathfrak{p}Q \setminus \mathfrak{p}^2 Q\). Then \(\alpha \notin (p)\) but \(\alpha^2 \in \mathfrak{p}^2 Q^2 \subseteq (p)\), so \(\alpha^2/p \in \mathcal{O}_K\). For any \(\beta \in \mathcal{O}_K\), \((\alpha\beta)^2/p \in \mathcal{O}_K\), and using the multinomial theorem modulo \(p\): \[ \operatorname{Tr}((\alpha\beta)^p) = p \cdot \operatorname{Tr}\!\left(\frac{(\alpha\beta)^p}{p}\right), \] so \(p \mid \operatorname{Tr}((\alpha\beta)^p)\). Moreover, \[ (\operatorname{Tr}(\alpha\beta))^p = \sum_i \sigma_i(\alpha\beta)^p + p\gamma = \operatorname{Tr}((\alpha\beta)^p) + p\gamma \] for some algebraic integer \(\gamma\), so \(p \mid (\operatorname{Tr}(\alpha\beta))^p\) and hence \(p \mid \operatorname{Tr}(\alpha\beta)\).

Write \(\alpha = a_1\omega_1 + \cdots + a_n\omega_n\) with \(a_i \in \mathbb{Z}\) and \(\{\omega_1, \ldots, \omega_n\}\) an integral basis. Since \(\alpha \notin (p)\), some \(a_i\) (say \(a_1\)) is not divisible by \(p\). Since \(p \mid \operatorname{Tr}(\alpha\omega_i)\) for all \(i\), the first row of the matrix \(\bigl(\operatorname{Tr}(\omega_i \omega_j)\bigr)\) — after replacing row 1 by \(\sum a_k \operatorname{Tr}(\omega_k \omega_j)\) — shows that \(p \mid a_1 D\). Since \(p \nmid a_1\), we conclude \(p \mid D\).

(\(\Leftarrow\)): If \(p \mid D\), the trace form on \(\mathcal{O}_K/(p)\) is degenerate: there exists \(x \in \mathcal{O}_K/(p)\), \(x \ne 0\), with \(\operatorname{Tr}(xy) = 0\) for all \(y \in \mathcal{O}_K/(p)\). A nondegenerate trace form characterizes products of separable field extensions, hence \(\mathcal{O}_K/(p)\) is not a product of fields, meaning the factorization of \((p)\) has a repeated factor. ∎

Proof. The result is independent of the choice of integral basis for \(I\), since any two integral bases are related by a matrix in \(\operatorname{GL}_n(\mathbb{Z})\). Fix an integral basis \(\{\omega_1, \ldots, \omega_n\}\) for \(\mathcal{O}_K\), and write \(\alpha_i = \sum_j a_{ij} \omega_j\) where \(A = (a_{ij})\) is the lower-triangular matrix from the basis algorithm (with positive diagonal entries \(a_{11}, \ldots, a_{nn}\)). Then \[ \operatorname{disc}(\alpha_1, \ldots, \alpha_n) = (\det A)^2 \operatorname{disc}(K) = (a_{11} \cdots a_{nn})^2 \operatorname{disc}(K). \] It therefore suffices to show \(N(I) = a_{11} \cdots a_{nn}\).

Every element of \(\mathcal{O}_K\) is congruent modulo \(I\) to a unique element of the form \(r_1\omega_1 + \cdots + r_n\omega_n\) with \(0 \le r_i < a_{ii}\). The existence follows by successively reducing: given \(\gamma = b_1\omega_1 + \cdots + b_n\omega_n\), divide \(b_n\) by \(a_{nn}\), subtract the appropriate multiple of \(\alpha_n\), and repeat. The uniqueness follows because if two such representatives were congruent mod \(I\), their difference would be an element of \(I\) with each coordinate strictly less than \(a_{ii}\) in absolute value, which forces all coordinates to be zero (by the minimality conditions defining the \(a_{ii}\)). Hence \(N(I) = \prod_{i=1}^n a_{ii}\). ∎

Proof. If \(\{\omega_1, \ldots, \omega_n\}\) is an integral basis for \(\mathcal{O}_K\), then \(\{\alpha\omega_1, \ldots, \alpha\omega_n\}\) is an integral basis for \(I = (\alpha)\). Let \(\sigma_1, \ldots, \sigma_n\) be the embeddings of \(K\) into \(\mathbb{C}\). Then \[ \bigl(\sigma_i(\alpha\omega_j)\bigr) = \operatorname{diag}(\sigma_1(\alpha), \ldots, \sigma_n(\alpha)) \cdot \bigl(\sigma_i(\omega_j)\bigr), \] so \[ \operatorname{disc}(\alpha\omega_1, \ldots, \alpha\omega_n) = N_{K/\mathbb{Q}}(\alpha)^2 \cdot \operatorname{disc}(\omega_1, \ldots, \omega_n). \] By Theorem 8.2, \(N(I) = |N_{K/\mathbb{Q}}(\alpha)|\). ∎

Proof. Since \(\mathfrak{p}\) is a prime (hence maximal) ideal, \(\mathcal{O}_K/\mathfrak{p}\) is a field with \(N(\mathfrak{p})\) elements. Its multiplicative group has order \(N(\mathfrak{p}) - 1\). Since \(\mathfrak{p} \nmid (\alpha)\), the image of \(\alpha\) in \(\mathcal{O}_K/\mathfrak{p}\) is a nonzero element, and the result follows from Lagrange's theorem. ∎

Proof. Since \(|\mathcal{O}_K/I| = N(I)\), by Lagrange's theorem applied to the additive group \(\mathcal{O}_K/I\), we have \(N(I) \cdot 1 \equiv 0 \pmod{I}\), so \(N(I) \in I\). ∎

Proof. If \(N(I) = a\), then \(a \in I\), so \((a) \subseteq I\), hence \(I \mid (a)\). By unique factorization, \((a)\) has only finitely many ideal divisors. ∎

Proof. If \(C = \mathcal{O}_K\), any \(\alpha \in B\) works. Otherwise, write \(C = P_1^{e_1} \cdots P_r^{e_r}\). For each \(m\), choose \(\alpha_m \in B \cdot \prod_{i \ne m} P_i\) but \(\alpha_m \notin B P_m\) (which is possible since \(BP_m \subsetneq B \cdot \prod_{i \ne m} P_i\) by unique factorization). Set \(\alpha = \alpha_1 + \cdots + \alpha_r\).

For any fixed \(m\), all \(\alpha_i\) with \(i \ne m\) lie in \(BP_m\), so if \(\alpha \in BP_m\) then \(\alpha_m \in BP_m\), contradicting the choice of \(\alpha_m\). Hence \(\alpha \notin BP_m\) for any \(m\), which means \(P_m \nmid \frac{(\alpha)}{B}\) for any \(m\), giving \(\gcd\!\left(\frac{(\alpha)}{B}, C\right) = \mathcal{O}_K\). ∎

Proof. By Lemma 8.7, choose \(\alpha \in B\) with \(\gcd\!\left(\frac{(\alpha)}{B}, C\right) = \mathcal{O}_K\). Let \(\beta_1, \ldots, \beta_{N(B)}\) represent the distinct cosets of \(\mathcal{O}_K / B\), and let \(\gamma_1, \ldots, \gamma_{N(C)}\) represent the distinct cosets of \(\mathcal{O}_K / C\).

Claim: The elements \(\beta_i + \alpha\gamma_j\), for \(1 \le i \le N(B)\) and \(1 \le j \le N(C)\), represent the distinct cosets of \(\mathcal{O}_K / BC\).

Distinctness: Suppose \(\beta_i + \alpha\gamma_j \equiv \beta_k + \alpha\gamma_\ell \pmod{BC}\). Since \(BC \subseteq B\), reducing mod \(B\) gives \(\beta_i \equiv \beta_k \pmod{B}\), so \(i = k\). Then \(\alpha(\gamma_\ell - \gamma_j) \equiv 0 \pmod{BC}\), meaning \(BC \mid (\alpha)(\gamma_\ell - \gamma_j)\). Since \(\gcd\!\left(\frac{(\alpha)}{B}, C\right) = \mathcal{O}_K\), we conclude \(C \mid (\gamma_\ell - \gamma_j)\), so \(j = \ell\).

Completeness: Given \(\omega \in \mathcal{O}_K\), choose \(i\) with \(\omega \equiv \beta_i \pmod{B}\). Then \(\omega - \beta_i \in B\), and since \(B = \gcd((\alpha), BC)\) (because \(\gcd\!\left(\frac{(\alpha)}{B}, C\right) = \mathcal{O}_K\) implies \((\alpha) + BC = B\)), write \(\omega - \beta_i = \alpha a + b\) with \(a \in \mathcal{O}_K\) and \(b \in BC\). Choose \(j\) with \(a \equiv \gamma_j \pmod{C}\). Then \(\omega = \beta_i + \alpha\gamma_j + \alpha(a - \gamma_j) + b\), and \(\alpha(a - \gamma_j) + b \in BC\), so \(\omega \equiv \beta_i + \alpha\gamma_j \pmod{BC}\).

Therefore \(N(BC) = N(B) \cdot N(C)\). ∎

Proof. Taking norms of both sides: \(N((p)) = p^n\) (since \(N((p)) = |N_{K/\mathbb{Q}}(p)| = p^n\)). By multiplicativity, \[ p^n = N(\mathfrak{p}_1)^{e_1} \cdots N(\mathfrak{p}_r)^{e_r} = p^{e_1 f_1} \cdots p^{e_r f_r} = p^{\sum e_i f_i}. \] ∎

Proof. The proof has two steps.

Step 1: Every ideal class has a small representative. Let \([I]\) be an ideal class, and choose an integral representative. Consider the inverse \(I^{-1}\). We seek \(\alpha \in I^{-1}\) (nonzero) such that \(J = \alpha I\) is an integral ideal of norm at most \(M_K\). Since \(N(\alpha I) = |N_{K/\mathbb{Q}}(\alpha)| \cdot N(I)\) (by multiplicativity), we need \(|N_{K/\mathbb{Q}}(\alpha)| \le M_K / N(I) = M_K \cdot N(I^{-1})\).

Embed \(I^{-1}\) as a lattice in Minkowski space \(V_K \cong \mathbb{R}^n\), and apply Minkowski’s Lattice Theorem: if \(S \subseteq \mathbb{R}^n\) is a convex, symmetric set with \(\operatorname{vol}(S) > 2^n \cdot |\det(I^{-1})|\), then \(S\) contains a nonzero lattice point.

Take \(S = \{(v_1, \ldots, v_n) \in V_K : \sum |v_i| \le t\}\). This set is convex and symmetric, with volume \(\operatorname{vol}(S) = 2^r \pi^s t^n / n!\). The lattice determinant is \(|\det(I^{-1})| = N(I^{-1})\sqrt{|\operatorname{disc}(K)|}\).

By the AM–GM inequality, any vector in \(S\) satisfies \(\prod |v_i| \le (t/n)^n\). So we need \((t/n)^n \le M_K N(I^{-1})\) (to ensure \(S \subseteq \Lambda\), the locus of vectors of sufficiently small norm) and \(\operatorname{vol}(S) > 2^n |\det(I^{-1})|\) (to apply Minkowski).

Combining these two conditions and optimizing \(t\) shows that for every \(B > M_K N(I^{-1})\), there exists a nonzero \(\alpha \in I^{-1}\) with \(|N(\alpha)| < B\). Since the norm of an ideal is a positive integer, this gives an ideal \(J = \alpha I\) with \(N(J) \le M_K\) in the class \([I]^{-1}\) — hence also a representative of norm at most \(M_K\) in the class \([I]\).

Step 2: Finitely many ideals of bounded norm. If \(N(I) \le M_K\), then \(N(I) \in I\) (Proposition 8.5), so \((N(I)) \subseteq I\), hence \(I \mid (N(I))\). The ideal \((N(I))\) has only finitely many divisors (by unique factorization), and \(N(I)\) ranges over finitely many integers at most \(M_K\). Thus there are only finitely many ideal classes. ∎

Proof. Let \(\alpha_1, \ldots, \alpha_n\) be a basis for \(\Lambda\), and let \[ \mathcal{P} = \{\theta_1 \alpha_1 + \cdots + \theta_n \alpha_n \mid 0 \le \theta_i < 1\} \] be the fundamental parallelepiped. Every point \(x \in \mathbb{R}^n\) has a unique representation \(x = \lambda + \gamma\) with \(\lambda \in \Lambda\) and \(\gamma \in \mathcal{P}\), and \(\mu(\mathcal{P}) = d(\Lambda)\). \[ R(\lambda) = \{\nu \in \mathcal{P} \mid \lambda + \nu \in S\}. \]\[ \sum_{\lambda \in \Lambda} \mu(R(\lambda)) = \mu(S). \]

Case 1: Suppose \(\mu(S) > m \cdot d(\Lambda) = m \cdot \mu(\mathcal{P})\). Since the sum of the measures \(\mu(R(\lambda))\) exceeds \(m \cdot \mu(\mathcal{P})\), there must exist a point \(\nu_0 \in \mathcal{P}\) that belongs to at least \(m+1\) of the sets \(R(\lambda)\). (If every point belonged to at most \(m\) sets, the sum of measures could not exceed \(m \cdot \mu(\mathcal{P})\).) Thus there exist distinct \(\lambda_1, \ldots, \lambda_{m+1} \in \Lambda\) such that \(\nu_0 + \lambda_i \in S\) for each \(i\). Setting \(x_i = \lambda_i + \nu_0\), we have \(x_i - x_j = \lambda_i - \lambda_j \in \Lambda\).

Case 2: Suppose \(\mu(S) = m \cdot d(\Lambda)\) and \(S\) is compact. For each \(r \ge 1\), let \(S_r = (1 + \epsilon_r) S\) where \(\epsilon_r \to 0^+\). Then \(\mu(S_r) = (1+\epsilon_r)^n \mu(S) > m \cdot d(\Lambda)\), so by Case 1, there exist distinct points \(x_{1,r}, \ldots, x_{m+1,r} \in S_r\) with differences in \(\Lambda\). Since \(S\) is compact (hence bounded), the sequences \(x_{j,r}\) have convergent subsequences with limits \(x_j^0 \in S\) (since \(S\) is closed). Because \(\Lambda\) is discrete, the differences \(x_{j,r} - x_{i,r} \in \Lambda\) must eventually stabilize, so \(x_j^0 - x_i^0 \in \Lambda\) as required. ∎

Proof. Consider the set \(\frac{1}{2}S = \{\frac{1}{2}x \mid x \in S\}\). Its measure is \(\mu(\frac{1}{2}S) = 2^{-n} \mu(S)\). Under our hypotheses, either \(\mu(\frac{1}{2}S) > m \cdot d(\Lambda)\), or \(\mu(\frac{1}{2}S) = m \cdot d(\Lambda)\) and \(\frac{1}{2}S\) is compact (since \(S\) is). By Blichfeldt's Theorem (Theorem 9.3), there exist \(m+1\) distinct points \(\frac{1}{2}x_1, \ldots, \frac{1}{2}x_{m+1}\) in \(\frac{1}{2}S\) such that \(\frac{1}{2}x_i - \frac{1}{2}x_j \in \Lambda\) for all \(i, j\). \[ \lambda_j = \frac{1}{2}x_j - \frac{1}{2}x_{m+1} \in \Lambda \setminus \{0\} \]

for \(j = 1, \ldots, m\). By the ordering, the \(m\) pairs \(\pm \lambda_1, \ldots, \pm \lambda_m\) are all distinct.

\[ \lambda_j = \frac{1}{2}x_j + \frac{1}{2}(-x_{m+1}) = \frac{1}{2} \cdot \frac{1}{2}x_j + \frac{1}{2} \cdot \frac{1}{2}(-x_{m+1}) \]\[ \lambda_j = \frac{1}{2}x_j - \frac{1}{2}x_{m+1} = \frac{1}{2} x_j + \frac{1}{2}(-x_{m+1}) \in S \]

because \(x_j, -x_{m+1} \in S\) and \(S\) is convex. Thus each \(\lambda_j\) is a nonzero lattice point in \(S\), and by symmetry \(-\lambda_j \in S\) as well. ∎

Proof. Let \(\{\omega_1, \ldots, \omega_n\}\) be an integral basis for \(\mathcal{O}_K\). We must show that \(\{\sigma(\omega_1), \ldots, \sigma(\omega_n)\}\) is a basis for \(\mathbb{R}^n\). It suffices to show that these vectors are linearly independent over \(\mathbb{C}\).

Form the \(n \times n\) matrix \(B\) whose \((i,j)\)-entry is \(\sigma_i(\omega_j)\) (using all \(n\) embeddings, including conjugate pairs). The columns of \(B\) are the vectors \(\sigma(\omega_j)\) (before identifying \(\mathbb{C}\) with \(\mathbb{R}^2\)). If there were a linear dependence among the columns, then there would exist complex numbers \(a_1, \ldots, a_n\) (not all zero) such that \(\sum_j a_j \sigma_i(\omega_j) = 0\) for all \(i\). By linearity of the \(\sigma_i\), this would give \(\sigma_i(\sum_j a_j \omega_j) = 0\) for each \(i\), making the embeddings \(\sigma_1, \ldots, \sigma_n\) linearly dependent as functions from \(K\) to \(\mathbb{C}\).

But by the theorem on linear independence of characters (distinct homomorphisms from a group to a field are linearly independent), the embeddings \(\sigma_1, \ldots, \sigma_n\) are linearly independent over \(\mathbb{C}\). This contradiction shows that the columns of \(B\) are linearly independent over \(\mathbb{C}\), hence over \(\mathbb{R}\). ∎

Proof. Let \(\alpha_1, \ldots, \alpha_n\) be an integral basis for the ideal \(A\). The coordinates of \(\sigma(\alpha_i)\) in the standard basis of \(\mathbb{R}^n\) (using real and imaginary parts for complex places) form a matrix whose determinant is \[ D_0 = \left(\frac{1}{-2i}\right)^{r_2} \det(\sigma_j(\alpha_i)) \] since \(\operatorname{Re}(z) = \frac{z + \bar{z}}{2}\) and \(\operatorname{Im}(z) = \frac{z - \bar{z}}{2i}\). By the discriminant formula, \(|\det(\sigma_j(\alpha_i))| = \sqrt{|\operatorname{disc}(K)|} \cdot N(A)\). Therefore \[ d(\Lambda) = |D_0| = \frac{1}{2^{r_2}} \sqrt{|\operatorname{disc}(K)|} \cdot N(A) \] and since \(D_0 \neq 0\), the image \(\sigma(A)\) is indeed a lattice. ∎

Proof. Let \(t \in \mathbb{R}^+\) and define the set \[ S_t = \{(x_1, \ldots, x_n) \in \mathbb{R}^n \mid |x_i| \le t \text{ for } i = 1, \ldots, r_1; \;\; x_{r_1+2j-1}^2 + x_{r_1+2j}^2 \le t^2 \text{ for } j = 1, \ldots, r_2\}. \] This set is convex and symmetric about the origin. Its measure is \[ \mu(S_t) = 2^{r_1} \pi^{r_2} t^n. \] We choose \(t\) so that \(\mu(S_t) = 2^n \cdot d(\Lambda)\), where \(\Lambda = \sigma(A)\) has \(d(\Lambda) = 2^{-r_2} \sqrt{|\operatorname{disc}(K)|} \cdot N(A)\). This gives \[ 2^{r_1} \pi^{r_2} t^n = 2^n \cdot 2^{-r_2} \sqrt{|\operatorname{disc}(K)|} \cdot N(A), \] so \[ t = \left(\frac{2}{\pi}\right)^{r_2/n} \bigl(\sqrt{|\operatorname{disc}(K)|} \cdot N(A)\bigr)^{1/n}. \] Since \(S_t\) is compact, Minkowski's theorem (Theorem 9.4 with \(m = 1\)) yields a nonzero lattice point \(\sigma(\alpha) \in S_t\) for some \(\alpha \in A\), \(\alpha \neq 0\). Then \[ |N_{K/\mathbb{Q}}(\alpha)| = \prod_{i=1}^{r_1} |\sigma_i(\alpha)| \cdot \prod_{j=1}^{r_2} |\sigma_{r_1+j}(\alpha)|^2 \le t^{r_1} \cdot (t^2)^{r_2} = t^n = \left(\frac{2}{\pi}\right)^{r_2} \sqrt{|\operatorname{disc}(K)|} \cdot N(A). \] For the second statement, let \([I]\) be any ideal class, and let \(A\) be an ideal with \(IA \sim (1)\). By the above, there exists \(\alpha \in A\), \(\alpha \neq 0\), with \(|N(\alpha)| \le C_K \cdot N(A)\). Since \(\alpha \in A\), there is an ideal \(B\) with \(AB = (\alpha)\), so \(B \sim I\). Since \(N(A) \cdot N(B) = N(\alpha) \le C_K \cdot N(A)\), we get \(N(B) \le C_K\). ∎

Proof. By Theorem 9.9, every ideal class contains an ideal of norm at most \(C_K\). Since there are only finitely many ideals of any given norm (the number of ideals of norm \(m\) divides a product of partition functions of \(m\)), the number of ideal classes is finite. ∎

Proof. The equivalence of (i) and (ii) follows from the theory of the Legendre symbol (Proposition 12.1 below). \[ 0 < m^2 + (m\ell + np)^2 \le r^2 < 2p. \]

Working modulo \(p\), we have \(m^2 + (m\ell + np)^2 \equiv m^2 + m^2\ell^2 = m^2(1 + \ell^2) \equiv 0 \pmod{p}\). Since the quantity is strictly between \(0\) and \(2p\) and divisible by \(p\), it must equal \(p\). Thus \(p = m^2 + (m\ell + np)^2\).

(iii) \(\Rightarrow\) (ii): Since the squares modulo 4 are \(\{0, 1\}\), and \(p\) is odd, we need \(x^2 + y^2 \equiv 1 \pmod{4}\) (as \(p\) is odd, not both \(x, y\) are even), which forces \(p \equiv 1 \pmod{4}\). ∎

Proof. This follows from the multiplicativity of the norm on the quaternions \(\mathbb{H}\): if \(q = a_1 + a_2 i + a_3 j + a_4 k\) and \(r = b_1 + b_2 i + b_3 j + b_4 k\), then \(|qr|^2 = |q|^2 |r|^2\). ∎

Proof. By Euler's identity (Proposition 9.12), it suffices to prove the result for primes \(p\).

Claim: For any prime \(p\), there exist \(a, b \in \mathbb{Z}\) such that \(a^2 + b^2 \equiv -1 \pmod{p}\).

If \(p \equiv 1 \pmod{4}\), then \(-1\) is a square mod \(p\) and we may take \(b = 0\). If \(p \equiv 3 \pmod{4}\), the set \(\{y^2 + 1 \mid y \in \mathbb{F}_p\}\) has \(\frac{p+1}{2}\) elements (counting \(0^2 + 1 = 1\) and the \(\frac{p-1}{2}\) distinct nonzero squares, each giving a distinct value after adding 1). Since there are only \(\frac{p-1}{2}\) nonzero squares in \(\mathbb{F}_p\), some value \(y_0^2 + 1\) must be a non-square. Then \(-(y_0^2+1)\) is a square, so there exists \(x_0\) with \(x_0^2 \equiv -(y_0^2+1) \pmod{p}\). (For \(p = 2\) the result is trivial: \(2 = 1^2 + 1^2 + 0^2 + 0^2\).)

\[ v_1 = (1, 0, a, b), \quad v_2 = (0, 1, b, -a), \quad v_3 = (0, 0, p, 0), \quad v_4 = (0, 0, 0, p). \]

Then \(d(\Lambda) = p^2\). Let \(S\) be a closed ball of radius \(r\) with \(\mu(S) = \frac{\pi^2 r^4}{2}\). Choose \(r^2 = \frac{4p}{\pi\sqrt{2}}\) so that \(\mu(S) = 2^4 p^2\); since the ball is compact, Minkowski’s theorem yields a nonzero lattice point \((x, y, z, w) \in S\).

\[ x^2 + y^2 + z^2 + w^2 \equiv \alpha^2 + \beta^2 + (a\alpha + b\beta)^2 + (b\alpha - a\beta)^2 \equiv (1 + a^2 + b^2)(\alpha^2 + \beta^2) \equiv 0 \pmod{p} \]

since \(a^2 + b^2 \equiv -1\). Also \(0 < x^2 + y^2 + z^2 + w^2 \le r^2 < 2p\). Since the sum is positive, divisible by \(p\), and less than \(2p\), it must equal \(p\). ∎

Proof. If \(\alpha = a + b\sqrt{d} \in \mathcal{O}_K^*\), then \(N(\alpha) = a^2 - db^2 = \pm 1\). Since \(d < 0\), we have \(a^2 + |d|b^2 = 1\), and the number of integer solutions is finite. For \(|d| \ge 4\), the only solutions are \(b = 0\), \(a = \pm 1\). For \(d = -1\), we get \(a^2 + b^2 = 1\), giving \(\{\pm 1, \pm i\}\). For \(d = -3\) (and ring of integers \(\mathbb{Z}[\frac{1+\sqrt{-3}}{2}]\)), the norm equation \(a^2 + ab + b^2 = 1\) has six solutions giving the sixth roots of unity. ∎

Proof. If \(\alpha\) is a unit, then \(\alpha \beta = 1\) for some \(\beta \in \mathcal{O}_K\), so \(N(\alpha) N(\beta) = N(1) = 1\). Since both norms are integers, \(N(\alpha) = \pm 1\).

Conversely, if \(N(\alpha) = \pm 1\), then \(\prod_{i=1}^n \sigma_i(\alpha) = \pm 1\). The element \(\alpha^{-1} = \pm \prod_{i \neq 1} \sigma_i(\alpha)\) is a product of algebraic integers (the conjugates of \(\alpha\)), hence an algebraic integer. Since \(\alpha^{-1} \in K\), we have \(\alpha^{-1} \in \mathcal{O}_K\), so \(\alpha\) is a unit. ∎

Proof. The kernel of \(L\) restricted to the image of \(\mathcal{O}_K^*\) consists of elements \(\alpha \in \mathcal{O}_K^*\) with \(|\sigma_i(\alpha)| = 1\) for all \(i\). Every root of unity clearly has this property.

Conversely, suppose \(\alpha \in \mathcal{O}_K\) with \(|\sigma_i(\alpha)| \le 1\) for all \(i\). The set of such elements is a bounded subset of the lattice \(\sigma(\mathcal{O}_K)\), hence finite. Now if \(\alpha \in \mathcal{O}_K^*\) lies in the kernel, then every power \(\alpha^k\) also satisfies \(|\sigma_i(\alpha^k)| = 1\) for all \(i\), so the powers \(\alpha^k\) lie in a finite set. Therefore \(\alpha^j = \alpha^k\) for some \(j \neq k\), giving \(\alpha^{j-k} = 1\), so \(\alpha\) is a root of unity. ∎

Proof. Let \(U = \sigma(\mathcal{O}_K^*) \subseteq V_K^*\). We write the proof in three claims.

Step 1: \(L(U)\) is a discrete subgroup of \(H\).

Let \(B = \{(y_1, \ldots, y_{r_1+r_2}) \in \mathbb{R}^{r_1+r_2} \mid |y_i| \le b\}\) be an arbitrary hypercube. If \(L(\sigma(\alpha)) \in B\), then \(|\sigma_i(\alpha)| \le e^b\) for real embeddings and \(|\sigma_j(\alpha)| \le e^{b/2}\) for complex embeddings. Then the minimal polynomial \(\prod_\sigma (t - \sigma(\alpha)) \in \mathbb{Z}[t]\) has coefficients bounded in terms of \(b\) alone. There are only finitely many such integer polynomials, hence only finitely many such \(\alpha\). Therefore \(L(U) \cap B\) is finite for every bounded \(B\), so \(L(U)\) is discrete.

Since \(L(U)\) is a discrete subgroup of the \((r_1+r_2-1)\)-dimensional space \(H\), it is a free abelian group of rank \(r \le r_1 + r_2 - 1\).

Step 2: \(G/U\) is compact, where \(G = \{v \in V_K^* \mid |N(v)| = 1\}\).

Consider \(G = \{v \in V_K^* \mid |N(v)| = 1\}\), which is a closed subgroup of \(V_K^*\). For any \(v \in G\), multiplication by \(v\) preserves the Lebesgue measure of regions in \(V_K\) (since \(|N(v)| = 1\) and \(v\) acts as a linear map with determinant \(\pm N(v)\)).

Let \(C \subseteq G\) be any compact, symmetric, convex region with \(\mu(C) \ge 2^n \cdot d(\sigma(\mathcal{O}_K))\). For any \(g \in G\), the translated region \(g^{-1}C\) has the same measure and is still symmetric, compact, and convex. By Minkowski’s theorem, there exists \(0 \neq \alpha \in \mathcal{O}_K\) with \(\sigma(\alpha) \in g^{-1}C\).

Since \(C\) is compact, \(|N(C)|\) is bounded, so there are only finitely many possible values of \(|N(\alpha)|\) arising this way. Let \(\alpha_1, \ldots, \alpha_m \in \mathcal{O}_K\) represent all possible absolute norms. For any \(g \in G\), we have \(\sigma(\alpha) \in g^{-1}C\) for some \(\alpha\) with \(|N(\alpha)| = |N(\alpha_i)|\), so \(\alpha = \alpha_i u\) for some unit \(u\), and hence \(gU \cap \sigma(\alpha_i^{-1})C \neq \emptyset\).

Therefore the coset space \(G/U\) is covered by the finite union \(\bigcup_{i=1}^m G \cap \sigma(\alpha_i^{-1})C\), which is compact. Since \(G/U\) is a closed subset of a compact set, it is compact.

Step 3: \(L(U)\) has rank \(r_1 + r_2 - 1\).

The map \(L : G \to H \cong \mathbb{R}^{r_1+r_2-1}\) is continuous and surjective. Since \(G/U\) is compact, its image \(L(G)/L(U) = H/L(U)\) is compact. Now \(L(U) \cong \mathbb{Z}^r\) for some \(r \le r_1+r_2-1\), and \(H/L(U) \cong (S^1)^r \times \mathbb{R}^{r_1+r_2-1-r}\). For this to be compact, we need \(r_1+r_2-1-r = 0\), i.e., \(r = r_1+r_2-1\).

\[ \mathcal{O}_K^*/\mu_K \cong L(U) \cong \mathbb{Z}^{r_1+r_2-1}. \]

Since \(\mu_K\) is finite, the sequence \(1 \to \mu_K \to \mathcal{O}_K^* \to \mathbb{Z}^{r_1+r_2-1} \to 0\) splits (as \(\mathbb{Z}^{r_1+r_2-1}\) is free), giving \(\mathcal{O}_K^* \cong \mu_K \times \mathbb{Z}^{r_1+r_2-1}\). ∎

Proof. Part (i) follows because the Legendre symbol is a group homomorphism. For (ii), since \(\mathbb{F}_p^*\) is cyclic of order \(p-1\), let \(\alpha\) be a generator. Then \(a = \alpha^k\) for some \(k\), and \(a\) is a square if and only if \(k\) is even, if and only if \(\alpha^{k(p-1)/2} = 1\). Since \(a^{(p-1)/2} = \alpha^{k(p-1)/2}\) equals \(1\) when \(k\) is even and \(-1\) when \(k\) is odd (being a root of \(x^2 - 1\) in a field), we get Euler's criterion. Part (iii) is the special case \(a = -1\). ∎

Proof. From the analysis above, we have \[ \left(\frac{q}{p}\right) = 1 \iff q \text{ splits in } K_p = \mathbb{Q}(\sqrt{p^*}). \] By the theory of splitting in quadratic fields, the prime \(q\) splits in \(\mathbb{Q}(\sqrt{p^*})\) if and only if \(p^*\) is a square modulo \(q\), i.e., \(\left(\frac{p^*}{q}\right) = 1\). Therefore \[ \left(\frac{q}{p}\right) = \left(\frac{p^*}{q}\right) = \left(\frac{(-1)^{(p-1)/2} p}{q}\right) = \left(\frac{-1}{q}\right)^{(p-1)/2} \left(\frac{p}{q}\right) = (-1)^{\frac{(p-1)(q-1)}{4}} \left(\frac{p}{q}\right). \] Rearranging gives the classical form of quadratic reciprocity. ∎

Proof. (i) For \(1 \le j \le p-1\), the ratio \(\frac{1 - \zeta^j}{1 - \zeta} = 1 + \zeta + \cdots + \zeta^{j-1}\) is an element of \(\mathbb{Z}[\zeta]\). Similarly, choose \(k\) with \(jk \equiv 1 \pmod{p}\); then \(\frac{1 - \zeta}{1 - \zeta^j} = \frac{1 - \zeta^{jk}}{1 - \zeta^j} \in \mathbb{Z}[\zeta]\). So the ratio and its inverse are both algebraic integers, making them associates.

(ii) We have \(1 + \zeta = \frac{1 - \zeta^2}{1 - \zeta}\), and by part (i), both \(1 - \zeta^2\) and \(1 - \zeta\) are associates, so their ratio is a unit.

\[ 1 + x + \cdots + x^{p-1} = \prod_{j=1}^{p-1} (x - \zeta^j). \]\[ p = \prod_{j=1}^{p-1} (1 - \zeta^j) = (1 - \zeta)^{p-1} \prod_{j=1}^{p-1} \frac{1 - \zeta^j}{1 - \zeta} = u(1-\zeta)^{p-1} \]

where \(u = \prod_{j=1}^{p-1} \frac{1-\zeta^j}{1-\zeta} \in \mathbb{Z}[\zeta]^*\) by part (i). ∎

Proof. For any \(\sigma \in \operatorname{Gal}(\mathbb{Q}(\zeta)/\mathbb{Q})\), we have \(\sigma(\zeta) = \zeta^a\) for some \(a\), so \(\overline{\sigma(\zeta)} = \zeta^{-a} = \sigma(\bar{\zeta})\). Thus \(\sigma(\bar{u}) = \overline{\sigma(u)}\), and consequently \[ \left|\sigma\!\left(\frac{u}{\bar{u}}\right)\right| = \frac{|\sigma(u)|}{|\overline{\sigma(u)}|} = 1 \] for every embedding \(\sigma\). An algebraic integer all of whose conjugates have absolute value 1 must be a root of unity. ∎

Proof. Suppose for contradiction that \(z^p = x^p + y^p\) with \(p \nmid xyz\). In \(\mathbb{Z}[\zeta]\), we factor \[ z^p = \prod_{j=0}^{p-1} (x + \zeta^j y). \]

Step 1: The ideals \((x + \zeta^j y)\) are pairwise coprime.

\[ (x + \zeta^j y) - (x + \zeta^{j'} y) = \zeta^{j'} y (\zeta^{j-j'} - 1). \]

By Lemma 12.2(i), \(\zeta^{j-j'} - 1\) is an associate of \(1 - \zeta\), so \(\mathfrak{p}\) divides \(y(1-\zeta)\). Since \((1-\zeta)\) is the unique prime above \(p\), either \(\mathfrak{p} = (1-\zeta)\) or \(\mathfrak{p}\) divides \((y)\).

If \(\mathfrak{p} = (1-\zeta)\), then \(\mathfrak{p}\) divides \(x + \zeta^j y \equiv x + y \pmod{(1-\zeta)}\), so \(p \mid (x+y)\). Similarly \(\mathfrak{p} \mid z^p\), so \(p \mid z\). But then \(x^p + y^p = z^p \equiv 0 \pmod{p}\), giving \(x + y \equiv 0 \pmod{p}\), so \(x^p + y^p = (x+y)(\cdots) \equiv 0 \pmod{p^2}\) (by the binomial theorem), forcing \(p^2 \mid z^p\), hence \(p \mid z\). But we assumed \(p \nmid z\), a contradiction. Similarly, \(\mathfrak{p}\) cannot divide \((y)\) without contradicting \(p \nmid y\).

Step 2: Each \((x + \zeta^j y)\) is a \(p\)-th power of an ideal.

Since the ideals \((x + \zeta^j y)\) are pairwise coprime and their product \((z^p) = (z)^p\) is a \(p\)-th power, unique factorization of ideals forces each \((x + \zeta^j y) = I_j^p\) for some ideal \(I_j\).

Step 3: Each \(I_j\) is principal (by regularity).

Since \(p\) is regular, \(p \nmid h_p\). The class \([I_j]\) satisfies \([I_j]^p = 1\) in the class group. Since \(\gcd(p, h_p) = 1\), the only element of order dividing \(p\) in the class group (which has order \(h_p\)) is the identity. So \([I_j] = 1\), meaning \(I_j\) is principal.

Step 4: Derive a contradiction.

Taking \(j = 1\), we have \((x + \zeta y) = (t)^p\) for some \(t \in \mathbb{Z}[\zeta]\), so \(x + \zeta y = ut^p\) for some unit \(u\).

\[ t^p \equiv (b_0 + b_1 + \cdots + b_{p-2})^p \pmod{p} \]

since \(\zeta^k \equiv 1 \pmod{(1-\zeta)}\). Similarly \(\bar{t}^p \equiv (b_0 + \cdots + b_{p-2})^p \pmod{p}\), so \(t^p \equiv \bar{t}^p \pmod{p}\).

\[ x + y\zeta = ut^p \equiv \zeta^j \bar{u} \bar{t}^p = \zeta^j \overline{ut^p} = \zeta^j(x + y\bar{\zeta}) = \zeta^j(x + y\zeta^{-1}) \pmod{p}. \]\[ x + y\zeta - y\zeta^{j-1} - x\zeta^j \equiv 0 \pmod{p}. \]

Since \(1, \zeta, \zeta^2, \ldots, \zeta^{p-2}\) form a basis for \(\mathbb{Z}[\zeta]\) over \(\mathbb{Z}\), and modulo \(p\) the ring \(\mathbb{Z}[\zeta]/(p) \cong \mathbb{F}_p[x]/(x-1)^{p-1}\), this linear combination being zero modulo \(p\) with the terms \(1, \zeta, \zeta^{j-1}, \zeta^j\) forces \(j \in \{0, 1, 2, p-1\}\) (otherwise we would have a nontrivial relation among fewer than \(p-1\) distinct basis elements). Each possibility leads to \(p \mid x\), \(p \mid y\), or \(p \mid z\), contradicting our assumption \(p \nmid xyz\). ∎

Proof. Let \(x = a/b\) with \(a \in \mathbb{Z}\), \(b \in \mathbb{Z}^+\). Apply the division algorithm repeatedly: \[ a = q_1 b + r_1, \quad b = q_2 r_1 + r_2, \quad r_1 = q_3 r_2 + r_3, \quad \ldots \] with \(0 = r_n < r_{n-1} < \cdots < r_1 < b\). Then \[ x = \frac{a}{b} = q_1 + \frac{r_1}{b} = q_1 + \cfrac{1}{b/r_1} = q_1 + \cfrac{1}{q_2 + \cfrac{r_2}{r_1}} = \cdots = [q_1, q_2, \ldots, q_n]. \] ∎

Proof. We proceed by induction. The base cases are immediate: \(c_0 = a_0 = p_0/q_0\) and \(c_1 = a_0 + 1/a_1 = (a_1 a_0 + 1)/a_1 = p_1/q_1\). \[ c_{k+1} = [a_0, a_1, \ldots, a_k, a_{k+1}] = \left[a_0, a_1, \ldots, a_{k-1}, a_k + \frac{1}{a_{k+1}}\right]. \]\[ c_{k+1} = \frac{a_k' p_{k-1} + p_{k-2}}{a_k' q_{k-1} + q_{k-2}} = \frac{(a_k + 1/a_{k+1}) p_{k-1} + p_{k-2}}{(a_k + 1/a_{k+1}) q_{k-1} + q_{k-2}}. \]\[ c_{k+1} = \frac{a_{k+1}(a_k p_{k-1} + p_{k-2}) + p_{k-1}}{a_{k+1}(a_k q_{k-1} + q_{k-2}) + q_{k-1}} = \frac{a_{k+1} p_k + p_{k-1}}{a_{k+1} q_k + q_{k-1}} = \frac{p_{k+1}}{q_{k+1}}. \]

∎

Proof. (i) We prove this by induction. For \(k = 0\): \(p_1 q_0 - q_1 p_0 = (a_1 a_0 + 1)(1) - a_1 \cdot a_0 = 1 = (-1)^0\). For \(k \ge 1\): \[ p_{k+1} q_k - q_{k+1} p_k = (a_{k+1} p_k + p_{k-1})q_k - (a_{k+1} q_k + q_{k-1})p_k = p_{k-1} q_k - q_{k-1} p_k = -(p_k q_{k-1} - q_k p_{k-1}). \] By induction, \(p_k q_{k-1} - q_k p_{k-1} = (-1)^{k-1}\), so \(p_{k+1} q_k - q_{k+1} p_k = (-1)^k\).

(ii) From (i), \(p_{k+1} q_k - q_{k+1} p_k = (-1)^k\), so \(\gcd(p_k, q_k) \mid (-1)^k\), giving \(\gcd(p_k, q_k) = 1\).

\[ c_{k+1} - c_k = \frac{p_{k+1}}{q_{k+1}} - \frac{p_k}{q_k} = \frac{p_{k+1} q_k - q_{k+1} p_k}{q_{k+1} q_k} = \frac{(-1)^k}{q_{k+1} q_k}. \]

(iv) and (v): From (iii) and the fact that \(q_k \ge 1\) is strictly increasing for \(k \ge 1\), the differences \(c_{k+1} - c_k\) alternate in sign and decrease in absolute value. By the alternating series test, the series \(c_0 + \sum_{k=0}^\infty (c_{k+1} - c_k)\) converges, and the even convergents \(c_0 < c_2 < c_4 < \cdots\) increase to the limit while the odd convergents \(c_1 > c_3 > c_5 > \cdots\) decrease to it. ∎

Proof. Irrationality of infinite continued fractions: Suppose \(x = [a_0, a_1, a_2, \ldots]\) with \(a_0 \in \mathbb{Z}\) and \(a_k \in \mathbb{Z}^+\). By Theorem A.5(v), \(x\) lies strictly between \(c_k\) and \(c_{k+1}\) for all \(k\), so \(x \neq c_k\) for any \(k\). If \(x = r/s\) were rational, then for all \(k\): \[ 0 < \frac{1}{sq_k} \le \left|\frac{r}{s} - \frac{p_k}{q_k}\right| = |x - c_k| < |c_{k+1} - c_k| = \frac{1}{q_{k+1} q_k} < \frac{1}{q_k^2}. \] This gives \(s > q_k\) for all \(k\), contradicting \(q_k \to \infty\).

Uniqueness of partial quotients: If \(x = [a_0, a_1, a_2, \ldots]\), then \(a_0 < x < a_0 + 1\) (by Theorem A.5(v) with the fact that \([a_1, a_2, \ldots] > a_1 \ge 1\)), so \(a_0 = \lfloor x \rfloor = \lfloor x_0 \rfloor\). Then \(x_1 = 1/(x - a_0) = [a_1, a_2, \ldots]\), and by induction \(a_n = \lfloor x_n \rfloor\) and \(x_n = [a_n, a_{n+1}, \ldots]\).

\[ |x - c_n| = \frac{1}{q_n(x_{n+1} q_n + q_{n-1})} < \frac{1}{q_n^2} \to 0, \]

giving \(x = \lim c_n = [a_0, a_1, a_2, \ldots]\). ∎

Proof. (i) Suppose \(|sx - r| < |q_k x - p_k|\) and, for contradiction, that \(s < q_{k+1}\). Express \((r, s) = u(p_k, q_k) + v(p_{k+1}, q_{k+1})\) using the fact that \(p_k q_{k+1} - q_k p_{k+1} = (-1)^{k+1}\) means the matrix \(\begin{pmatrix} p_k & p_{k+1} \\ q_k & q_{k+1}\end{pmatrix}\) has determinant \((-1)^{k+1}\), hence is invertible over \(\mathbb{Z}\).

One finds \(u, v \in \mathbb{Z}\) with \(u \neq 0\) (since \(v = 0\) would give \(s = uq_k\) and \(|sx - r| \ge |q_k x - p_k|\)) and \(v \neq 0\) (since \(u = 0\) would give \(s = vq_{k+1} \ge q_{k+1}\)). Moreover, \(u\) and \(v\) have opposite signs (since \(s = uq_k + vq_{k+1} > 0\) and \(s < q_{k+1}\)).

\[ |sx - r| = |u(q_k x - p_k) + v(q_{k+1}x - p_{k+1})| = |u||q_k x - p_k| + |v||q_{k+1}x - p_{k+1}| > |q_k x - p_k|, \]

contradicting our assumption.

(ii) If \(|x - r/s| < |x - p_k/q_k|\) and \(s \le q_k\), then \(|sx - r| = s|x - r/s| < s|x - p_k/q_k| \le q_k|x - p_k/q_k| = |q_k x - p_k|\), contradicting (i) (which gives \(s \ge q_{k+1} > q_k\)).

\[ \frac{1}{sq_k} \le \left|\frac{r}{s} - \frac{p_k}{q_k}\right| \le \left|\frac{r}{s} - x\right| + \left|x - \frac{p_k}{q_k}\right| < \frac{1}{2s^2} + \frac{1}{2sq_k}, \]

where the last inequality uses (i) applied to \(p_k/q_k\). Subtracting \(1/(2sq_k)\) gives \(1/(2sq_k) < 1/(2s^2)\), so \(s < q_k\), contradicting \(q_k \le s\). ∎

Proof. If \(x = (r + s\sqrt{d})/t\) with the stated conditions, then \(tx - r = s\sqrt{d}\), so \(t^2 x^2 - 2rtx + r^2 = s^2 d\), giving \(t^2 x^2 - 2rtx + (r^2 - s^2d) = 0\). This is a quadratic with integer coefficients (note \(t \mid (r^2 - s^2 d)\) ensures the constant term divided by \(t^2\) is rational, and in fact the equation \(tx^2 - 2rx + (r^2-s^2d)/t = 0\) has integer coefficients).

Conversely, if \(x\) is irrational and satisfies \(ax^2 + bx + c = 0\) with \(a, b, c \in \mathbb{Z}\), \(a \neq 0\), then \(x = \frac{-b \pm \sqrt{b^2 - 4ac}}{2a}\). Setting \(d = b^2 - 4ac\) (which must be positive and non-square since \(x\) is real and irrational), we get the desired form. ∎

Proof. Suppose \(|r^2 - ds^2| \le \sqrt{d}\). We consider two cases. \[ 0 < \frac{r}{s} - \sqrt{d} = \frac{r^2 - ds^2}{s(r + s\sqrt{d})} \le \frac{\sqrt{d}}{s(s\sqrt{d} + s\sqrt{d})} = \frac{1}{2s^2}. \]

By Theorem A.7(iii), \(r/s\) is a convergent of \(\sqrt{d}\).

\[ 0 < \frac{s}{r} - \frac{1}{\sqrt{d}} = \frac{s\sqrt{d} - r}{r\sqrt{d}} = \frac{ds^2 - r^2}{r\sqrt{d}(s\sqrt{d} + r)} < \frac{\sqrt{d}}{r\sqrt{d}(r + r)} = \frac{1}{2r^2}. \]

By Theorem A.7(iii), \(s/r\) is a convergent of \(1/\sqrt{d}\). Since the convergents of \(1/\sqrt{d}\) are the reciprocals of the convergents of \(\sqrt{d}\) (by the observation that if \(x > 1\) then \(1/x = [0, a_0, a_1, \ldots]\) and \(d_n = 1/c_{n-1}\)), it follows that \(r/s\) is a convergent of \(\sqrt{d}\). ∎