Extra Facts

Statements and proofs of some important extra facts.

Cyclic Groups

It is easy to prove that if a finite group is cyclic then it has at most one subgroup of each order (dividing its order, by Lagrange, in which case this subgrup exists). The converse is also true, and useful for studying fields.

This is an alternative, somewhat simpler, to my taste, proof of Corollary 8.10. The book’s proof by way of Lemma 8.11 is still quite interesting, though – one can use 8.11(b) as a starting point for proving the fundamental theorem of finite abelian groups. Compare also Theorem 9.57.

Note that field theory is what suggests an induction using an element of minimal order here, rather than maximal order, as in the book’s proof.

Theorem 1 Let $G$ be a finite group of order $n$. Suppose that $G$ has at most $1$ subgroup of each order $d\leq n$. Then $G$ is cyclic.

Proof. We proceed by induction on the order $n$; if $n$ is prime then we are done. Note that the hypothesis on $G$ is inherited by subgroups. Therefore, we may assume that all proper subgroups of $G$ are cyclic. It is also useful to observe that the assumption of the theorem implies every subgroup of $G$ is normal: the conjugate of a subgroup has the same order, and hence coincides with the original.

Let $g$ be a non-identity element of minimal order, so its order is a prime $p$. By induction, $G/\langle g \rangle$ is cyclic and therefore generated by the image of some $h$ in $G$, from which it follows that $G$ is generated by $g$ and $h$. Let $d$ be the order of $h$.

If $p$ divides the order of $h$ then $h^{d/p}$ has order $p$, and so $\langle g\rangle$ and $\langle h^{d/p}\rangle$ are subgroups of $G$ of the same order, which implies $g$ is in $\langle h \rangle$ and therefore \[G = \langle g,h \rangle = \langle h \rangle\] is cyclic.

Otherwise, $p$ does not divide $d$. By Lagrange, then, the intersection of $\langle h\rangle$ and $\langle g \rangle$ is trivial. Since the two subgroups are normal, this implies $g$ and $h$ commute and moreover that \[G = \langle g,h\rangle \cong \langle g \rangle \times \langle h \rangle.\] But the product of cyclic groups of coprime order is cyclic, so again $G$ is cyclic!

Corollary 1 The multiplicative group $\mathbb F_q^*$ of a finite field is cyclic. In particular, it has an element of order $d$ if and only if $d$ divides $q-1$.

Exercise: adapt the argument to show that any finite multipicative subgroup of a field is cyclic.

Proof. Let $H$ be a subgroup of $\mathbb F_q^*$ of order $d$. By Lagrange’s theorem, every element of $H$ is a root of $x^d - 1$. That polynomial has at most $d$ roots, and so its roots are precisely the subgroup $H$ – so $H$ is determined entirely by the integer $d$, and hence $\mathbb F_q^*$ has at most one subgroup of each order $d$, according to whether or not $x^d - 1$ splits completely.

Therefore, Theorem 1 implies the group $\mathbb F_q^*$ is cyclic.

Corollary 2 The Galois group of $\mathbb F_{q^s}$ over $\mathbb F_q$ is cyclic of order $s$.

Proof. We have established that there is at most one finite field of each order, hence at most one of each degree, contained in $\mathbb F_{q^s}$, hence at most one extension of $\mathbb F_q$ contained in $\mathbb F_{q^s}$. Therefore, the Galois correspondence tells us that there is at most one subgroup of this Galois group of each order and so Theorem 1 tells us that the Galois group is cyclic!

Affine Groups

Lots of interesting groups come from linear algebra. These two might be familiar:

Definition 1 The $n$-dimensional general linear group over $R$, denoted $\GL_n(R)$ or sometimes $\GL(R,n)$ is the group of invertible linear maps from $R^n$ to $R^n$ under composition. Usually, $R$ is a field, and so this is the group of isomorphisms from an $n$-dimensional vector space to itself.

The ($n$-dimensional) special linear group, denoted $\SL_n(R)$ is the subgroup of $\GL_n(R)$ of linear maps whose determinant is $1$.

The ($n$-dimensional) projective special linear group, denoted $\PSL_n(R)$ is the quotient of $\SL_n(R)$ by the subgroup $\pm 1$. When $R$ is a field, scalar multiplication is a linear map, and the scaling maps form a normal subgroup, and if it is also algebraically closed (or closed under $n$th roots) then one can obtain $\PSL_n(R)$ as the quotient of $\GL_n(R)$ by the subgroup of scaling maps, hence the name “projective”.

These groups are built out of linear automorphisms. It’s natural to wonder about the affine automorphisms. Recall that a map $A:R^n\to R^n$ is called affine if it is of the form \[A(x) = T(x) + y\] where $T$ is a linear map and $y$ is a fixed element of $R^n$ depending only on $A$.

Definition 2 The $n$-dimensional affine linear group over $R$, denoted $\AGL_n(R)$ or $\AGL(R,n)$ is the group of invertible affine maps from $R^n$ to $R^n$ under composition.

Note: sometimes I prefer to compose from right-to-left, so that \[(A\circ B)(x) = B(A(x)).\] This better matches my right-action convention for field automorphisms.

Here are some useful facts about $\AGL$ that you should verify - The “pure translations”, maps of the form $A(x) = x+y$ form a normal subgroup. - The “pure transformations”, maps of the form $A(x) = T(x)$ with $T$ linear form a subgroup which is not usually normal. - The translation and transformation subgroups intersect trivially, and generate $\AGL$. - The quotient of $\AGL$ by the subgroup of translations is isomorphic to $\GL$, and this map is an isomorphism when restricted to the transformation subgroup.

The most important case for us is when $R=\mathbb Z/n\mathbb Z$ and the dimension is $1$. In this case, you can verify that \[|\AGL_1(\mathbb Z/n\mathbb Z)| = n \phi(n).\] Often, we’ll just write $\AGL(\mathbb Z/n\mathbb Z)$ or even $\AGL(n)$ for this group.

When $n=p$ is prime, the linear maps are scalar multiplication by $(\mathbb Z/p\mathbb Z)^*$, which is a cyclic group. If $a$ is any generator of the multiplicative group, then we can also describe $\AGL(p)$ by generators and relations: \[\AGL \cong \langle \sigma,\tau : \sigma^p = \tau^{p-1} = \id, \tau\inv \sigma \tau = \sigma^a\rangle.\] This identifies $\sigma$ with $x+1$ and $\tau$ with $ax$ (composed correctly).

Linear Algebra

We’ll use the following handy lemma a few times.

Lemma 1 Let $V$ be a vector space over an infinite field $K$. Then $V$ is not the union of a finite number of proper subspaces.

Proof. Suppose, for contradiction, that $V$ can be written as such a union, and let $W_1,..., W_n$ be a minimal collection of proper subspaces of $V$ whose union is $V$. Enlarging $W_1$ if necessary, we may further assume that $W_1$ has codimension $1$.

By minimality, we can take some $w\in W_1$ which is not in $W_j$ for any $j\neq i$. By properness of $W_1$, we can also find some $v$ not in $W_1$. Consider sums \[v + aw\] for $a\in K$. Since $K$ is infinite, there are infinitely many such sums, and because $v$ is not in $W_1$, none of them are in $W_1$, so some $W_j$ contains $v+aw$ and $v+bw$ for some $a\neq b$… but then $(a-b)w$ is in $W_j$, hence $w$ is in $W_j$, a contradiction!

Corollary 3 If an extension $K/k$ has only finitely many sub-extensions, then $K/k$ is a primitive extension.

Conversely, if $K/k$ is primitive, then it has finitely many subfields.

Proof. There is nothing to prove if $k$ is finite, so assume it is infinite.

A proper subextension field is also a proper subspace of $K$ as a vector space over $k$. If there are only finitely many proper subfields, then their union cannot cover $K$. By Lemma 1, there is some $\alpha$ in $K$ not contained in any of those proper subextensions, and so $k(\alpha)$ must be all of $K$.

In the other direction, suppose $K = k(\alpha)$ with minimal polynomial $f(x)$. Let $L$ be an intermediate extension and let $g(x)$ be the minimal polynomial of $\alpha$ over $L$. Since $K/k$ must be finite, so too is $K/L$. Observe that the extension $L'$ obtained by adjoining the coefficients of $g$ to $k$ is a subfield of $L$, but the degree of $\alpha$ over $L'$ is at most that of $\alpha$ over the larger field $L$, so $L=L'$. But there are only finitely many such $L'$ because $f(x)$ has finitely many divisors.

Gauss’s Lemma

This proof is a small variation on the one in the book. It works over any UFD, but I’ll just prove it for the integers – the main fact one needs to generalize it to a UFD is that irreducible elements generate prime ideals in UFDs. The rest is identical.

Lemma 2 Let $f(x) \in \mathbb Z[x]$ and suppose that it factors in $\mathbb Q[x]$ \[f(x) = g(x) h(x).\]

Then, in fact, there is a factorization \[f(x) = \hat g(x) \hat h(x)\] where $\hat g$ and $\hat h$ are in $\mathbb Z[x]$ and have the same degrees as $g$ and $h$, respectively.

The basic idea is that denominators in $g$ have to be canceled by extra factors in $h$ for the product to end up in $f$. The difficulty is that things like \[\frac 1 2 = \frac 5 {10}\] makes it hard to pick out “strictly necessary denominators”.

Instead, we just clear all denominators arbitrarily, then “realize” that the denominators didn’t really have to be cleared, and it’s just that it gave us an excuse to move factors around.

Proof. Let $c$ be an integer such that multiplying by $c$ clears the denominators. In other words, we can write $c=ab$ in such a way that $\hat g = ag$ and $\hat h = bh$ have integer coefficients, so that \[c f = \hat g \hat h\] is a factorization in $\mathbb Z[x]$. Note that $\deg \hat g = \deg g$ and $\deg \hat h = \deg h$.

We now describe an inductive process for removing $c$ from such a factorization. If $c = \pm 1$ there is nothing to do. Otherwise, let $p$ be a prime divisor of $c$.

Since the equation above is in $\mathbb Z[x]$, we can reduce it mod $p$ to obtain an equation in $\mathbb F_p[x]$. The entire left hand side is zero: \[0 = \hat g \hat h \mod p.\] Since $\mathbb F_p[x]$ is an integral domain, this implies either $\hat g$ or $\hat h$ is zero mod $p$, which is to say that $p$ divides all of its coefficients. In either case, we can cancel the factor of $p$ from $c$ and the factor of $p$ from the appropriate polynomial on the right hand side. This leaves us with \[\frac c p f = \left(\frac {\hat g} p\right) \hat h \] or \[\frac c p f = \hat g \left(\frac{\hat h } p\right),\] where all the polynomials are still in $\mathbb Z[x]$ and have the same degrees as the original. Now, however, $c$ has one fewer factor. Repeating the process on the (finitely many) remaining factors of $c$ yields the claim.

(you will note that the book’s proof also, implicitly, uses - or proves, really - that $\mathbb F_p[x]$ is a domain)

Lifting Lemma

This is a handy improvement of the lifting lemma from the book. It doesn’t have a name, but I call it the “normal lifting lemma”, or often just “[the] lifting lemma”. The adjective “normal” just means “splitting field”. Sometimes I’ll abbreviate it as the (H)LL.

Lemma 3 Let $K/k$ be a finite extension, generated by $\alpha_1,...,\alpha_n$ with minimal polynomials $g_1,...,g_n$. Let $\sigma: k \to k'$ some field isomorphism and $g_i' = g_i^\sigma$ the polynomial obtained by applying $\sigma$ to the coefficients of $g_i$. Let $L'/k'$ be any extension of $K'$ containing a splitting field of the $g_i'$.

Then there is an extension $\tilde \sigma$ of $\sigma$ to $K$ whose image is in $L'$.

Proof. We’ll induct on the number of generators, using the book’s lifting lemma. The point is that $L'$ has “every possible copy” of the roots of the $g_i$, so the lift at each step can be induced from an evaluation map landing in $L$.

To wit, we can carry out one step of the lift, from $k$ to $k(\alpha_1)$ with the standard lifting lemma, obtaining a map $\sigma_1$ extending $\sigma$ and taking $\alpha_1$ to some $\alpha_1' \in L'$ a root of $g_1^\sigma$. This bring us to a finite extension $K/k(\alpha)$ with an isomorphism $\sigma_1$ from $k(\alpha_1)$ to $k'(\alpha_1')$. Note that the minimal polynomials of each $\alpha_i'$ over $k'(\alpha_1')$ need not be the original $g_i'$, but they do still divide the $g_i'$, and hence $L'$ still contains the splitting field. By induction, finish the extension to $K = k(\alpha_1)(\alpha_2,...,\alpha_n)$. At each step, we produce a $\sigma_i$ extending $\sigma_{i-1}$, hence extending $\sigma$, so the final map $\sigma_n$ extends $\sigma$ and takes $K$ to $L$.

It’s worth noting that this lemma extends to $K/k$ algebraic, not just finite, as long as $L'/k'$ also has “enough roots”: the minimal polynomial over $k$ of any $\alpha \in K$ splits completely in $L$. Keep this in mind as we go to the next section, and define normal extensions!

Also, although we haven’t rigorously constructed the algebraic closure, it’s worth noting because the algebraic closure contains every splitting field, the lemma says that any finite (or algebraic) extension of $k$ has an embedding into the algebraic closure. In other words, every extension of $k$ can be “placed” into the algebraic closure and compared within it, rather than leaving them floating around independently.

Normality

We introduce the following definition(s).

Definition 3 Let $K/k$ be a finite extension. We say it is normal if it satisfies any of the following conditions (which we will soon prove equivalent):

(N1) $K$ is the splitting field of some polynomial in $k[x]$.
(N2) if $\sigma,\tau$ are embeddings of $K$ into some field $L$ over $k$, then $\sigma(K) = \tau(K)$, or equivalently, if $L$ is any field containing $K$, then every embedding of $K$ into $L$ over $k$ takes $K$ to itself.
(N2’) if $L$ is an algebraic closure of $\bar k$ containing $L$, then every embedding of $K$ into $L$ over $k$ takes $K$ to itself.
(N3) given any $\alpha \in K$ the minimal polynomial $g$ of $\alpha$ over $k$ factors completely into a product of linear polynomials in $K[x]$ (i.e. $K$ contains all the roots of $g$).

The two versions of (N2) are related by replacing $K$ with $\sigma(K)$ and comparing $\sigma\inv\tau$ with the identity.

Note that one usually proves that (N1) implies (N2) implies (N2’) implies (N3) implies (N1) which you’re likely to see in other texts, but since we haven’t rigorously constructed the algebraic closure, we will skip (N2’) and point out how it can be included. It’s easy to see (N2) implies (N2’) by letting $L$ be an algebraic closure, and in the argument that (N2) implies (N3), all one needs is an overfield with a lot of roots, and the algebraic closure is certainly up to this task.

Lemma 4 The conditions (N1), (N2), and (N3) are equivalent.

Proof. Assume (N1), so $K$ is the splitting field of some polynomial $f(x) \in k[x]$. If $L$ is a field containing $K$, then it contains all the roots $\alpha_1,...,\alpha_n$ of $f$, and the splitting field is $K = k(\alpha_1,...,\alpha_n)$. The image of any other embedding of $K$ is still a splitting field for $f$, and hence coincides with $K$. The point is that a splitting field is determined entirely by information in $k$ (the polynomial $f$) which is fixed by an embedding.

Next, assume (N2). Let $\alpha \in K$ over $k$, with $g$ its minimal polynomial over $k$. Let $\alpha_i$ be generators of $K$ over $k$, with minimal polynomial $g_i$ over $k$. Let $E$ be the splitting field of the product of $g$ and all the $g_i$. Take $\alpha'$ some root of $g$ in $E$.

We will construct an embedding of $K$ into $E$ which sends $\alpha$ to $\alpha'$, so the image of that embedding will contain $\alpha'$. Meanwhile, (N2) tells us that the image is still $K$, so that $\alpha'$ must have been in $K$. Since $\alpha'$ was arbitrary, all roots of $g$ are in $K$, and hence it factors completely.

Since $g$ is irreducible and $\alpha,\alpha'$ roots of it, there is an isomorphism $\sigma: k(\alpha) \to k(\alpha')$ over $k$ which takes $\alpha$ to $\alpha'$. Sine $K$ is still generated by the $\alpha_i$ over the larger field $k(\alpha_i)$ and $E$ contains all the roots of their minimal polynomials, we can apply the normal lifting lemma to $K/k(\alpha)$ and $\sigma$ to produce an embedding of $K$ into $E$.

Now assume (N3). Let $\alpha_1,...,\alpha_n$ be generators for $K$ over $k$, meaning $K=K(\alpha_1,...,\alpha_n)$. By (N3), the minimal polynomial $g_i$ of $\alpha_i$ over $k$ splits completely in $K$. It follows that $K$ contains a splitting field of the product of the $g_i$; the reverse containment is immediate because each $\alpha_i$ is among the roots of $g$.

Note that in (N2) and (N2’), any map which takes $K$ to itself must be an isomorphism. Field homomorphisms are injective, and a field homomorphism over $k$ is also a homomorphism of $k$-vector spaces. Every injective map between $k$-vector spaces of the same finite dimension is an isomorphism.

Separability

As before, we define a few conditions that we will prove are equivalent:

Definition 4 Let $\alpha$ be algebraic over $k$. We say that $\alpha$ is separable if its minimal polynomial over $k$ has no repeated roots.

Let $K/k$ be a finite extension. We say that it is separable if it satisfies any of the following:

(S1) $K=k(\alpha)$ and the minimal polynomial of $\alpha$ has no repeated roots.
(S2) $K$ has $[K:k]$ distinct embeddings into any normal extension containing it.
(S2’) $K$ has $[K:k]$ distinct embeddings into any algebraic closure of $K$.
(S3) every element of $K$ is separable over $k$

We will split up the proof of the equivalence because (S3) implies (S1) is a major result on its own, known as the primitive element theorem (an extension of the form $k(\alpha)/k$, with a single generator is sometimes called primitive).

To ease exposition, we make the following definition:

Definition 5 Let $K/k$ be a finite extension and $L/k$ some normal extension containing $K$. The separability degree of $K/k$ is the number of embeddings of $K$ into $L$. It is denoted $[K:k]_s$. Exercise: prove that it is independent of $L$; take two normal extensions $L$ and $M$, which can be embedded them both into a larger normal extension $N$ using the HLL, then verify that the number of embeddings of $K$ into $N$ is the same as the number into $L$ and $M$.

We recall a remark from the book:

If $k(\alpha)/k$ is a primitive extension, with minimal polynomial $g$, and $L/k$ any extension containing a splitting field for $g$, then the number of embeddings of $k(\alpha)/k$ into $L$ is precisely the number of distinct roots of $g$. In other words, $[k(\alpha):k]_s$ is the number of distinct roots of $g$.

In fact, the book remarked more, which we will now prove:

Lemma 5 Consider a tower $L/K/k$ of finite extensions. Then $[L:k]_s = [L:K]_s[K:k]_s$. In other words, separable degree multiplies in towers.

Moreover, $[L:k]_s \leq [L:k]$.

Proof. We induct on the (usual) degree. There’s nothing to do if any of the degrees are $1$, so we assume otherwise. Since $L/K$ is finite, it can be written as $K(\alpha_1,...,\alpha_n)$. Let $n$ be minimal. Then $E = K(\alpha_1,...,\alpha_{n-1}) \neq L$. This gives us a tower $L=E(\alpha_n)/E/K/k$

By induction, we have both \[[E:k]_s = [E:K]_s[K:k]_s.\] and \[[L:K]_s = [E(\alpha_n):E]_s[E:K]_s.\]

From the lifting lemma/remark, we know that each embedding of $E$ into a sufficiently large normal extension has $[E(\alpha_n):E]_s$ extensions to $E(\alpha_n) = L$, hence \[[L:k]_s = [E(\alpha_n):E]_s[E:k]_s.\]

Simplifying with the the two inductive expressions eliminates $E$ and $E(\alpha_n)$, leaving the desired equality.

As for the final claim, we know it is true for primitive extensions by the remark. The finite extension $L$ can be obtained as a sequence of primitive extensions $k(\alpha_1)/k$, $k(\alpha_1,\alpha_2)/k(\alpha_1)$, …, so multiplicativity extends the inequality to the whole tower.

Note that multiplicativity implies that in a tower $L/K/k$, the whole extension $L/k$ is separable if and only if both $L/K$ and $K/k$ are separable.

Lemma 6 (S1) implies (S2) and (S2) implies (S3).

Proof. (S1) implies (S2) is part of the remark from the book.

Rather than (S2) implies (S3), we verify the contrapositive. Suppose (S3) does not hold, so some $\alpha \in K$ is not separable over $k$, meaning $[k(\alpha):k]_s < [k(\alpha):k]$. Applying our degree formula to the tower $K/k(\alpha)/k$, this would lead to \[[K:k]_s = [K:k(\alpha)]_s [k(\alpha):k]_s \leq [K:k(\alpha)] [k(\alpha):k]_s < [K:k(\alpha)] [k(\alpha):k] = [K:k].\]

Thus the number of embeddings is smaller than the degree, so (S2) does not hold.

As in the case of normality, one can incorporate (S2’), the algebraic closure, by observing that any algebaic closure contains a sufficiently large finite normal extension to carry out the necessary arguments.

Finally, we prove (S3) implies (S1), which is typically known as the primitive element theorem.

Theorem 2 Suppose $K/k$ is a finite extension satisfying (S3), meaning every element is separable over $k$. Then $K$ is primitive over $k$, meaning there is some $\gamma \in K$ such that $K = k(\gamma)$.

Proof. If $k$ is finite, so is $K$, and we can let $\gamma$ be a generator of the multiplicative subgroup. So we may assume $k$ is infinite.

By a straightforward induction, since finite extensions are finitely generated, we can reduce to the case $K=k(\alpha,\beta)$. We will show that an element of the form \[\gamma = \alpha + c\beta\] will generate $K$ for all but finitely many $c$ in $k$. The reason we excluded the case of $k$ finite is to ensure that there will always be at least one usable $c$.

We observed above that $[k(\gamma):k] \geq [k(\gamma):k]_s$, and by assumption $[K:k] = [K:k]_s$. Since $k(\gamma)$ is a subfield of $K$, therefore, it suffices to show $[k(\gamma):k]_s \geq [K:k]_s$.

Let $\sigma\neq \tau$ be two embeddings of $K$ into some large normal extension. Our aim is to show that, if $c$ is chosen well, then $\sigma(\gamma)\neq \tau(\gamma)$.

Reorganizing, we see that we want \[0 \neq \gamma^\sigma - \gamma^\tau = (\alpha^\sigma - \alpha^\tau)+ c (\beta^\sigma - \beta^\tau)\]

If the coefficient of $c$ were zero, then $\beta^\sigma = \beta^\tau$ and hence $\alpha^\sigma \neq \alpha^\tau$, else $\sigma = \tau$, so the above non-equality would hold regardless of $c$. So assume otherwise, and rearrange further: \[c \neq \frac{\alpha^\tau - \alpha^\sigma}{\beta^\sigma - \beta^\tau}.\]

The right hand side describes only finitely many elements, because there are only finitely many choices for each $\alpha^\tau,\alpha^\sigma$ resp. $\beta^\sigma,\beta^\tau$, as they’re all roots of the minimal polynomial of $\alpha$ resp. $\beta$ over $k$.

Galois Theory

One can summarize pieces of our results on finite normal and separable extensions in two slogans:

$K/k$ is normal when every embedding is an automorphism.

$K/k$ is separable when it has as many embeddings as it should (its degre).

A finite extension is called Galois if it is both normal and separable:

$K/k$ is Galois when it has as many automorphisms as it should (its degree).

Indeed, our characterizations of normality and separability furnish

Theorem 3 Let $K/k$ be a finite extension. It is Galois if and only if it has $[K:k]$ automorphisms over $k$.

If $K/k$ is Galois and $K/E/k$ is an intermediate extension, then $K/E$ is also Galois.

It may be worth noting that one can give a very pared-down development of normality and separability to define Galois extensions quite quickly: a version of the PET can be proven without reference to embeddings, and will just tell you that the splitting field of a separable polynomial is of the form $k(\gamma)/k$, avoiding separable degree and so on. The facts we proved about normal extensions are much simpler for primitive extensions, which after all formed the base case for our inductions. But inseparable normal extensions are really interesting, so it’s better to develop a theory which includes them!

However, the proofs are worth the detour, and having a variety of equivalent definitions is helpful. As I’ve organized them, (N1) and (S1) are each to check in concrete cases, while (N2) and (S2) are often useful for proving general facts or checking extensions not concretely associated to polynomials, and (N3) and (S3) tell you about properties of field elements based on the extension plus lend themselves to inductive arguments. When we prove the funmental theorem(s) of Galois theory, all of them will find uses!

Given a group $H$ acting on a set $K$, we denote by $K_H$ the subset of elements in $K$ which are fixed by $H$, i.e. \[K_H = \{k\in K\ |\ k^h = k\ \textrm{ for all }\ h\in H\}.\] You will often see this written as $K^H$ instead, but that conflicts with my notation for group actions.

Theorem 4 (Fundamental Theorem of Galois Theory, Part I)

Let $K/k$ be a finite Galois extension with Galois group $G$. Consider the following two maps:

From subextensions to subgroups: $L\mapsto \Gal(K/L)$
From subgroups to subextensions: $H\mapsto K_H$

These maps are inverses to each other. Equivalently, \[\Gal(K/K_H) = H,\] and \[L = K_{\Gal(K/L)}.\]

Therefore, there is a bijection between subfields of $K/k$ and subgroups of $\Gal(K/k)$. Moreover, it is order-reversing; if $L, L'$ correspond to subgroups $H, H'$, then $L\subseteq L'$ is and only if $H\supseteq H'$.

Proof. It’s easy to see the maps are order-reversing: if $L\subseteq L'$ then every automorphism fixing $L'$ fixes $L$, conversely if $H\supseteq H'$ then everything in $K$ fixed by all of $H$ is also fixed by all of $H'$.

We will verify the equivalent equalities. Note that in each case there is an “easy” containment. Namely, \[H\subseteq \Gal(K/K_H),\] because every $h\in H$ is an automorphism of $K$ fixing $K_H$ hence in $\Gal(K/K_H)$ by definition, and \[L\subseteq K_{\Gal(K/L)},\] because every element of $L$ is, by definition, fixed by every automorphism in $\Gal(K/L)$.

Let’s improve the first containment to an equality. Notice that containment implies $|H| \leq |\Gal(K/K_H)|$, and that the two will be equal if we prove $|H| \geq |\Gal(K/K_H)|$, so this will be our aim. Since $K/k$ is finite separable, so is $K/K_H$, so we may write $K = K_H(\gamma)$ by (S1). Consider the polynomial \[g(x) = \prod_{\sigma \in H} x - \gamma^\sigma.\]

Notice that for $\tau \in H$, we have \[g^\tau(x) = \prod_{\sigma \in H} x - \gamma^{\sigma\tau},\] which is the same product as defines $g$, just in a different order. So $g^\tau(x) = g(x)$. In particular, the coefficients of $g$ are all in $K_H$.

Therefore, $K = K_H(\gamma)$ and $\gamma$ is a root of a polynomial of degree $|H|$. Therefore, \[|\Gal(K/K_H)| = [K:K_H] = [K_H(\gamma):K_H] \leq \deg g = |H|.\]

Now we turn to the second containment. Note that, because $K/L$ is Galois, we have \[|\Gal(K/L)| = [K:L].\]

Then take the fact we already proved, \[H = \Gal(K/K_H),\] with $H=\Gal(K/L)$, and apply the same observation connecting degree and the order of the Galois group to obtain \[[K:K_H] = |\Gal(K/L)|.\]

Therefore, we have $[K:K_H] = [K:L]$, while the “easy” containment we started from was $L\subseteq K_H$. The only way for these degrees to agree and have this containment is for $[K_H:L] = 1$, meaning $L=K_H$.

Note that the “trick” polynomial construction is actually familiar to us: we used exactly this same idea to relate $\QQ(\zeta + \zeta\inv)$ to $\QQ(\zeta)$ before we’d ever talked about Galois extensions.

The second half of the fundamental theorem describes how the Galois action moves subfields.

Theorem 5 (Fundamental Theorem of Galois Theory, Part II)

Suppose $K/k$ is finite Galois, with Galois group $G$. Let $H$ be a subgroup of $G$ and $L=K_H$ the associated subfield. For any $\sigma$ in $G$ we have

\[\begin{align*} K_{H^\sigma} &= (K_H)^\sigma\\ \Gal(K/L)^\sigma &= \Gal(K/L^\sigma) \end{align*}\]

Proof. A series of equivalences:

\[\begin{align*} \alpha \in K_{H^\sigma} &\Leftrightarrow \alpha = \alpha^{\sigma \inv h \sigma}&\ \textrm{ for all }\ h\in H\\ &\Leftrightarrow \alpha^{\sigma \inv} = \alpha^{\sigma \inv h}&\ \textrm{ for all }\ h\in H\\ &\Leftrightarrow \alpha^{\sigma \inv} \in K_H\\ &\Leftrightarrow \alpha \in (K_H)^\sigma \end{align*}\]

For the second, let $H = \Gal(K/L)$ and apply the FTGT Part I to this equality, \[\Gal(K/L)^\sigma = H^\sigma = \Gal(K/K_{H^\sigma}) = \Gal(K/L^\sigma).\]

We can use this to characterize Galois extensions – they correspond to normal subgroups.

Theorem 6 (Fundamental Theorem of Galois Theory, Part III)

Let $K/k$ be a finite Galois extension and $K/L/k$ an intermediate extension. Then $L/k$ is Galois if and only if $\Gal(K/L)$ is normal in $\Gal(K/k)$. Moreover, $\Gal(L/k)$ is isomorphic to the quotient $\Gal(K/k)/\Gal(L/k)$ with the isomorphism induced by the restriction from $K$ to $L$.

Proof. Since $K/k$ is separable, the intermediate extension $L/k$ is also separable, so being Galois is equivalent to being normal. In this case, we rely in (N2) with overfield $K$: $L/k$ is normal if and only if every embedding of $L$ into $K$ over $k$ takes $L$ to $L$.

First suppose $\Gal(K/L)$ is normal and let $\sigma:L\to K$ be an embedding; by the NLL, $\sigma$ extends to some automorphism $\tilde \sigma$ of $K$. Then $L^\sigma = L$ if and only if $L^{\tilde \sigma} = L$, which is equivalent, by FTGT Part II, to $\Gal(K/L)^{\tilde \sigma} = \Gal(K/L)$. By assumption $\Gal(K/L)$ is normal, so the latter does indeed hold.

Conversely, suppose $L/k$ is normal and let $\sigma \in \Gal(K/k)$. Since $\sigma$ takes $K$ to $K$, it embeds $L$ into $K$, so by normality we must have $L^\sigma = L$. Using Part II again, we see \[\Gal(K/L)^\sigma = \Gal(K/L^\sigma) = \Gal(K/L),\] so $\Gal(K/L)$ is indeed normal.

Finally, normality tells us that restriction to $L$ takes $\Gal(K/k)$ to $\Gal(L/k)$, because every embedding is an automorphism. The kernel consists of precisely the automorphisms in $\Gal(K/k)$ which fix $L$ pointwise, which is just $\Gal(K/L)$, and the NLLs tell us that the restriction is surjective, because any $\sigma \in \Gal(L/k)$ lifts to $K$.

Algebraic Closure

This is completely optional. An outline of the construction of the algebraic closure, with some of the details filled in.

We use the following facts

All rings have maximal ideals. In fact, if (A) is a ring and (I) is an ideal, there is a maximal ideal (m) containing (I). This uses Zorn’s lemma. Sketch: let () be the set of proper ideals of (A) containing (I). Every chain is bounded - take a union, check it’s an ideal, and observe that excluding (1) is the same as being proper, and (1) isn’t anywhere in that union.
Take a field (K) and assume it’s infinite. Pick any infinite set containing (K) with cardinality at least that of the power set of (K) (or maybe power set of power set to be safe). Call that set (S). Everything we do can be viewed as taking place within (S). More precisely, we’ll work with rings (A) containing (K) where (|A| < |S|) and take quotients of it, so we can “name” everything with elements from (S), and by carving out the isomorphic copy of (K) in these quotients and replacing it with (K), we get genuine set containments for our extensions. I’m not worrying about this and you shouldn’t either.

Here’s the process for constructing an algebraically closed field containing (K) when (K) is infinite.

List all the irreducible polynomials (f_) in (K[x]) index by (J). There are at most (P(K)) of these.
Let (A = K[x_ | J) be a polynomial ring in (|J|) variables, check it fits in (S).
Take the ideal (I) generated by the (f_(x_)). Check that this ideal is proper.
Use the first fact to obtain a maximal ideal (m) containing (I) and consider the quotient (A/m). This is a field in which every (f_) has a root.
Observe that the cardinality of (A/m) is actually the same as that of (K) because (|K[x]| |K|) (polynomials have finitely many coefficients, and the set of finite subsets of an infinite set has the same cardinality, and then play a similar game to show that (|K[x_] |K|). So put everything in (S), although leave some extra space for the next step…
Replace (K) by (K_1 = A/m) and repeat the steps above.

This produces an ascending list (KK_1 …) of fields in (S). Let (K) be the union. If (f K[x]) is a polynomial of degree (n), then it must split in (K_n) or sooner, because at least one root will appear in (K_1), then another in (K_2) from any irreducible factors, and so on.

It’s more or less clear that (K) is algebraic over (K), each (K_{i+1}/K_i) is algebraic, so by the HW problem(s) it is an algebraic closure of (K).

Fun remark: one can actually show, though it’s not easy at all, that (K_1) is already algebraically closed!

Glossary and Conventions

Here is a summary of the main terms, plus some notational conventions.

Rings are as usual, and we allow the zero ring, in which $0=1$. Almost all rings are commutative. Common letters are $R$ (for “ring”) and $A$ (for “anneau” in French).
Fields are commutative rings whose nonzero elements form a group under multiplication – so $0\neq 1$ in every field. Typical letters are $k$ and $K$ (from “korper” in German) as well as $E,L$.
An extension of fields is denoted $K/k$ and means that $k,K$ are fields and $K$ contains $k$. A subextension is a subfield $L$ of $K$ which also contains $k$. Many definitions involving extensions will include the words “over $k$”, and if something is missing those words and doesn’t make sense, it was probably an accidental omission.
If $K/k$ and $L/k$ are extensions, an embedding of $K$ into $L$ over $k$ is a field homomorphism from $K$ to $L$ which fixes $k$ pointwise. Every field homomorphism is injective (in particular, they preserve degrees and are isomorphisms onto their images).
Multiple extensions, like $K/E/k$ or $L/K/E/k$ are called towers. Degree multiplies in towers.
If $E$ and $K$ are subfields of some larger field, their compositum $EK$ is the smallest subfield containing both. In the latter case, if $E$ and $K$ are both extensions of $k$, then $EK/K/k$ and $EK/E/k$ are both towers and the situation can be drawn as a “diamond diagram”.
Many inductions proceed by splitting $L/k$ into a tower $L/K$ and $K/k$, this is called dévissage (sometimes).
Polynomial rings over a ring $R$ are written $R[x]$. Keep in mind that these are formal polynomials. It’s not the same as the ring of polynomial functions from $R$ to $R$.
Polynomial rings are the natural domain for evaluation homomorphisms. If $\phi:R\to S$ is a ring homomorphism, then it induces a map $R[x]\to S[x]$ sending $f(x)$ to $f^\phi(x)$ by applying $\phi$ to each coefficient. If you’re further given some $s\in S$, the evaluation homomorphism $\ev_{\phi,s}:R[x] \to S$ \[f(x) \mapsto f^\phi(s).\] In words, “$_{,s} is the evaluation homomorphism from $R[x]$ to $S$ at $s$ over $\phi$“. The prepositional phrases can go in any order. The first one may be dropped when clear from context. Also, it’s often the case that $R\subseteq S$ and $\phi$ is the identity, in which case we just say”the evaluation homomorphism at $s$“. The image is written $R[s]$ in that case, or $\phi(R)[s]$ more generally.
An extension $K/k$ allows us to view $K$ as a $k$-vector space. The degree, denoted $[K:k]$ is the dimension, and we say an extension is finite if the degree is finite.
We call an element $\alpha \in K$ from an extension $K/k$ algebraic if $\alpha$ is a root of a nonzero polynomial in $k[x]$ – equivalent to $k(\alpha)/k$ being finite, or $k(\alpha) = k[\alpha]$. A non-algebraic element is called transcendental (over $k$). The extension $K/k$ is called algebraic if every element in it is algebraic (over $k$).
We saw that $k[x]$ is a PID, so an irreducible polynomial $f(x)$ generates a maximal ideal, and $k[x]/(f(x))$ cn be viewed as a field extension of $k$ in which $f$ has a root.
If $\alpha \in K/k$ is algebraic, its minimal polynomial (over $k$), written $\irr_{k,\alpha}$ is the (unique) nonzero monic polynomial $f(x)$ in $k[x]$ of least degree such that $f(\alpha) = 0$. Minimal polynomials are irreducible, and every irreducible polynomial is a minimal polynomial (of any of its roots in some field extension). The minimal polynomial divides every $f(x)$ in $k[x]$ which has $\alpha$ as a root. The other roots of $\irr_{k,\alpha}$ are called conjugates of $\alpha$.
There are a few lifting lemmas based on the isomorphisms $k(\alpha) \cong k[x]/f(x) \cong k(\alpha')$ over $k$, where $\alpha$ and $\alpha'$ are conjugate. Know these.
A polynomial in $K[x]$ is said to split if it factors completely into linear factors. An extension $K/k$ is called a splitting field over $k$ if there is a family of polynomials $\{g_\alpha(x)\}$ in $k[x]$ which split in $K$ and not in any proper subextension. We almost always restrict to finite extensions and finite families – the infinite cases often require technical fiddling with Zorn’s lemma.
An extension $K/k$ is called normal if it satisfies any of conditions (N1), (N2), (N2’), (N3); we won’t construct algebraic closures, so technically we only define finite normal extensions and ignore (N2’). Condition (N1) is just being a (finite) splitting field, and condition (N2) is called the embedding property (for normal extensions) and says that every re-embedding of a normal extension comes from an automorphism. Normal extensions are unique up to isomorphism.
One can show that the intersection and compositum of normal extensions of $k$ is again normal. The normal hull (sometimes “normal closure”) of an extension $K/k$ is the smallest normal extension of $k$ containing $K$; fix a normal extension $L/k$ containing $K$, and the normal hull is the intersection of all normal $E/k$ which have $K/k$ as a subextension.
Given some algebraic $\alpha \in K/k$, we call it separable if its minimal polynomial $f(x)$ has no repeated roots. Equivalently, $f(x)$ and $f'(x)$ have no common roots, which can be tested by verifying $f'(x) \neq 0$. Otherwise, it is called inseparable.
Given an extension $K/k$ with at least one embedding into a normal extension $L/k$, the separable degree of $K/k$, denoted $[K:k]_s$ is the number of embeddings of $K$ into $L$ over $k$. This does not depend on $L$. The embeddings of $k(\alpha)$ in to any normal extension over $k$ are given by $\alpha \mapsto \alpha'$ as $\alpha'$ varies over the $k$-conjugates of $\alpha$. Therefore, $[k(\alpha):k]_s$ is the number of distinct roots of $\irr_{k,\alpha}$ and hence $[k(\alpha):k]_s = [k(\alpha):k]$ when $\alpha$ is separable; in general $[K:k]_s \leq [K:k]$. Separable degrees multiply in towers.
A finite extension $K/k$ is called separable if it satisfies any of conditions (S1), (S2), (S2’), (S3). As above, we avoid (S2’) because we haven’t constructed algebraic closures. Condition (S2) is called the embedding property (for separable extensions) and says that they have as many embeddings as possible. The implication (S3) implies (S1) is called the primitive element theorem.
For an extension $K/k$, a homomorphism $\sigma: K \to K$ is called an automorphism over $k$ if it fixes $k$ elementwise. The set of automorphisms of $K$ over $k$ is denoted $\Aut(K/k)$, and forms a group under composition. The action of $\Aut(K/k)$ on elements of $K$ with exponentiation, meaning a right action: \[\alpha^\sigma = \sigma(\alpha)\] for $\alpha \in K$ and $\sigma \in \Aut(K/k)$.
A finite extension $K/k$ is called Galois if it is both normal and separable. In this case, $\Aut(K/k)$ is called the Galois group of $K$ over $k$, and usually written as $\Gal(K/k)$ instead. Normality and separability tell us that $|\Gal(K/k)| = [K:k]$. The LL and NLL tell us that for any $\alpha$ in $K$, $\Gal(K/k)$ acts transitively on its conjugates.
The Fundamental Theorem of Galois Theory has two parts. Let $K/k$ be Galois with Galois group $G$. Part I of the FTGT says there is a one-to-one order-reversing correspondence between subextensions of $K/k$ and subgroups of $G$ as follows:
- $L \mapsto \Gal(K/L)$, the subgroup of elements in $G$ that fix $L$ pointwise,
- $H \mapsto K_H$, the subfield of $K$ fixed pointwise by every element in $H$.
Part II of the FTGT describes how automorphisms move subfields/subgroups. Using Part I, the following two statements of Part II are equivalent: \[\begin{align*} K_{H^\sigma} &= (K_H)^\sigma\\ \Gal(K/L)^\sigma &= \Gal(K/L^\sigma) \end{align*}\] where $H^\sigma$ means the conjugate subgroup $\sigma\inv H \sigma$ and $L^\sigma$ means the obtained by applying $\sigma$ to every element of $L$ (as usual, we use right actions). In particular, a normal subgroup of $G$ corresponds to a normal extension of $k$ contained in $K$, and moreover $\Gal(L/k) \cong \Gal(K/k)/\Gal(L/k)$ in this case.