Galois Theory stands at the intersection of algebra and number theory, offering a profound framework for understanding the symmetries hidden within polynomial equations and field extensions. Rather than asking whether an equation can be solved, Galois Theory reveals how solutions relate to one another through the language of groups and field automorphisms. This perspective transforms seemingly intractable problems — like why quintic equations resist algebraic solution formulas — into natural consequences of group structure. The classical motivation originates from a concrete question: which polynomial equations can be solved by radicals, using only arithmetic operations and root extractions? The answer depends not on the equation itself, but on the symmetry group of its roots. When this group is "solvable" in a precise technical sense, radicals suffice; when it is not, they fundamentally cannot. This insight unified centuries of fragmented knowledge and opened new mathematical frontiers. This course develops the complete machinery needed to apply Galois Theory. We begin with concrete examples of solving equations, move through the abstract theory of field extensions and automorphism groups, and culminate in explicit computational techniques that reveal Galois groups in practice. # Introduction [motivation] Mathematics has long been captivated by the question of solving polynomial equations. The quadratic formula has been known for millennia. By the sixteenth century, Italian algebraists had found analogous formulas for cubics and quartics — intricate expressions involving nested radicals, but formulas nonetheless. The natural next step seemed clear: find a formula for the quintic. For three centuries, the best mathematicians in the world tried and failed. Galois theory explains why they failed, and in doing so, opens a door into one of the deepest and most beautiful structures in all of mathematics. [/motivation] ## What Galois Theory Is About It is tempting to introduce Galois theory as "the theory of polynomial equations," but this would undersell it considerably. The most famous result associated with the subject — that there is no general formula for solving degree-five polynomial equations in terms of radicals — was actually proved before Galois theory existed, and goes by the name of the Abel–Ruffini theorem. What Galois theory genuinely provides is something more powerful: a systematic way to decide, for any specific polynomial, whether or not its roots can be expressed using radicals. It also provides the conceptual framework that makes the Abel–Ruffini theorem feel inevitable rather than surprising. But even that framing is too narrow. The central theorem of the subject, the Fundamental Theorem of Galois Theory, has nothing directly to do with polynomial equations. It is a theorem about the correspondence between two kinds of mathematical objects: subgroups of a certain group on one side, and intermediate fields of a certain field extension on the other. This correspondence is so clean and so rich that it has become a template for analogous results throughout modern algebra and geometry. In modern terms, Galois theory is the study of field extensions. We start with a field $K$ — think of the rational numbers $\mathbb{Q}$, or a finite field $\mathbb{F}_p$ — and we enlarge it by adjoining new elements to obtain a bigger field $L$. When solving polynomial equations, the elements we adjoin are the roots of those polynomials. The resulting extension $K \subseteq L$ encodes, in its structure, everything about how those roots relate to one another and to the base field. ## The Galois Group and the Fundamental Correspondence To a particularly well-behaved class of field extensions — the so-called Galois extensions — we can attach a finite group, the Galois group $\mathrm{Gal}(L/K)$. Concretely, this group consists of all the field automorphisms of $L$ that fix $K$ pointwise: the symmetries of $L$ that leave the base field alone. The size of this group equals the degree $[L:K]$, and the group encodes, in algebraic form, the symmetries among the roots of the defining polynomial. Any group $G$ has subgroups, and any field extension $K \subseteq L$ may have intermediate fields $F$ with $K \subseteq F \subseteq L$. The Fundamental Theorem of Galois Theory says, informally, that these two collections are in perfect correspondence: subgroups of $\mathrm{Gal}(L/K)$ correspond bijectively to intermediate fields between $K$ and $L$, with the correspondence reversing containment. A larger subgroup corresponds to a smaller intermediate field, and vice versa. This is a profound economy of thought. Instead of trying to classify all intermediate fields of an extension — which could be analytically intricate — we can instead look at the subgroup lattice of a finite group, which is a purely combinatorial object. Properties of field extensions translate into properties of subgroups: normal subgroups correspond to normal (or Galois) sub-extensions, and this dictionary runs deep. ## How Solvability Enters The connection back to polynomial equations runs through the notion of a solvable group. An extension $K \subseteq L$ is called solvable — roughly — if $L$ can be built from $K$ by successively adjoining radicals: square roots, cube roots, and so on. On the group side, a group is solvable if it can be broken down by a chain of abelian quotients. The dictionary of Galois theory converts one notion into the other exactly: a polynomial is solvable by radicals if and only if its Galois group is a solvable group. The symmetric group $S_5$ is not solvable. For a "generic" degree-five polynomial, the Galois group is all of $S_5$. Therefore no general radical formula for the quintic can exist. Abel and Ruffini established this conclusion by other means; Galois theory illuminates precisely why it must be true. ## Structure of This Course The course builds the theory from the ground up, starting with the algebra of field extensions and polynomials. The opening chapters establish the language: what it means for an element to be algebraic over a field, how to measure the size of an extension via its degree $[L:K]$, and how degrees multiply in towers via the Tower Law. We introduce irreducible polynomials as the minimal polynomials of algebraic elements, and we study splitting fields — the smallest extensions in which a given polynomial completely factors into linear factors. With that foundation in place, the course turns to the finer structure of extensions. Separability and normality are the two conditions that, together, make an extension Galois. Separability asks that a polynomial have no repeated roots; normality asks that the extension be closed under the action of all relevant automorphisms. We will see that every finite separable extension is generated by a single element — this is the Primitive Element Theorem — and we will learn to compute the trace and norm of elements as tools for understanding the structure of extensions. Once the notion of a Galois extension is secured, the Fundamental Theorem can be stated precisely and proved. The proof is not merely a verification; it reveals why the correspondence works, tying together the counting arguments from degree theory with the automorphism-group machinery developed along the way. The second half of the course applies the theory. Finite fields are classified completely using Galois theory: for each prime power $q = p^n$, there is exactly one field of order $q$ up to isomorphism, and its Galois group over $\mathbb{F}_p$ is cyclic. Cyclotomic fields — obtained by adjoining roots of unity — provide a rich class of examples where the Galois group is explicitly computable and closely related to number theory. Kummer theory gives a precise description of abelian extensions in terms of radicals, leading naturally to the criterion for solvability by radicals and the proof of the Abel–Ruffini theorem. The course closes with symmetric functions and the explicit Galois theory of cubics and quartics, as well as Artin's theorem and polynomial invariants. ## Why This Matters Beyond equation solving, Galois theory has become a foundational language for much of modern mathematics. In number theory, the absolute Galois group $\mathrm{Gal}(\bar{\mathbb{Q}}/\mathbb{Q})$ is one of the most studied and mysterious objects in all of mathematics; understanding its representations is the central concern of the Langlands programme. In algebraic geometry, étale cohomology is a direct generalization of Galois theory to geometric settings. In cryptography, the arithmetic of finite fields — whose structure is entirely determined by Galois theory — underpins elliptic curve cryptography and many other protocols. [remark: Prerequisites] This course assumes familiarity with groups, rings, and modules at the level of a standard first course in algebra. In particular, we will use without comment the isomorphism theorems for groups, the notion of a quotient group, and basic properties of polynomial rings. The group-theoretic language of normal subgroups and quotient groups will be especially important when we reach the correspondence theorem and the study of solvable groups. [/remark] The journey ahead is demanding but deeply rewarding. The arguments in Galois theory are some of the most elegant in all of algebra: they are precise enough to resolve a question that defeated mathematicians for three centuries, yet the key ideas are surprisingly clean once the right language is in place. The goal of these notes is to make that language fully transparent, so that both the theorems and their proofs feel natural rather than miraculous. Having surveyed the landscape of equation-solving and seen radical formulas succeed through degree four, we now ask: what algebraic structure underlies these formulas? The answer leads us to field extensions — the central objects of modern Galois theory. # 1. Solving Equations Galois theory has its roots — both historically and conceptually — in a deceptively simple question: given a polynomial equation, can we write down its solutions using the arithmetic operations we know? Addition, subtraction, multiplication, division, and the extraction of roots. This question drove mathematicians for centuries, and the answers they found along the way shaped modern algebra. We begin with what the ancients knew and what the Renaissance algebraists discovered: explicit formulas for polynomial equations of low degree. The journey from linear equations to quartics is already rich with pattern and surprise. And once we have those formulas in hand, we can ask the deeper question — why do they exist for degree up to four but not degree five? That question will occupy the rest of the course. ## Notation and Setup Before introducing the solutions, it is worth establishing some notation that will stay with us throughout. If $R$ is a ring, then $R[t]$ denotes the polynomial ring over $R$ in the indeterminate $t$. For our purposes, $R$ will almost always be $\mathbb{Q}$, so we will be working with polynomials $f(t) \in \mathbb{Q}[t]$ and asking for their roots. [definition: Root Set] Let $f(t) \in \mathbb{Q}[t]$ and let $X$ be a field extension of $\mathbb{Q}$ (or more generally, any set in which $f$ can be evaluated). The **root set** of $f$ in $X$ is \begin{align*} \mathrm{Root}_f(X) = \{ \alpha \in X : f(\alpha) = 0 \}. \end{align*} [/definition] The set $\mathrm{Root}_f(X)$ captures where we are looking for roots. We might have $\mathrm{Root}_f(\mathbb{Q}) = \emptyset$ but $\mathrm{Root}_f(\mathbb{R}) \neq \emptyset$, or roots only in $\mathbb{C}$. The field $X$ is part of the data, and much of Galois theory is about understanding how $\mathrm{Root}_f(X)$ changes as $X$ grows. ## Linear and Quadratic Equations The linear case sets the stage. If $f(t) = t + a$ for some $a \in \mathbb{Q}$, then \begin{align*} \mathrm{Root}_f(\mathbb{Q}) = \{-a\}. \end{align*} There is exactly one root, it lives in $\mathbb{Q}$ already, and we find it by pure arithmetic. No new numbers are needed. The quadratic case is the first place where something genuinely new happens. Given $f(t) = t^2 + at + b$, we cannot always stay in $\mathbb{Q}$ — we may need to adjoin a square root. The formula that produces the roots is the oldest nontrivial piece of algebra most of us learn. [quotetheorem:1301] [citeproof:1301] [example: A Quadratic over the Rationals] Take $f(t) = t^2 - 2t - 1$. Here $a = -2$ and $b = -1$, so the discriminant is $a^2 - 4b = 4 + 4 = 8$. The formula gives \begin{align*} t = \frac{2 \pm \sqrt{8}}{2} = \frac{2 \pm 2\sqrt{2}}{2} = 1 \pm \sqrt{2}. \end{align*} So $\mathrm{Root}_f(\mathbb{Q}) = \emptyset$ but $\mathrm{Root}_f(\mathbb{Q}(\sqrt{2})) = \{1 + \sqrt{2},\, 1 - \sqrt{2}\}$. The roots live in a quadratic extension of $\mathbb{Q}$, and we needed to adjoin precisely $\sqrt{2}$ to reach them. [/example] The structure of the quadratic formula already hints at the pattern that will dominate the cubic and quartic cases. There is a substitution that kills one term, reducing the problem to a simpler one. Then we extract a root (here a square root), and that root lives in an extension field. The two roots come in a symmetric pair, related by swapping the sign on $\sqrt{a^2 - 4b}$. ## Cubic Equations The cubic was the great challenge of the sixteenth century. After Tartaglia and Cardano cracked it, the solution was already surprising: to solve a cubic — a polynomial with only real coefficients and real roots — one sometimes passes through the complex numbers along the way and then returns. This hinted that the complex numbers were not optional, even when the answer was real. The first observation is that we can always reduce to a cubic with no quadratic term. [definition: Depressed Cubic] A polynomial of the form $t^3 + pt + q$ (with no $t^2$ term) is called a **depressed cubic**. [/definition] [remark: The Tschirnhaus Substitution for Cubics] Given a general cubic $t^3 + at^2 + bt + c$, the substitution $t \mapsto t - a/3$ eliminates the $t^2$ term. This works because $(t - a/3)^3 + a(t-a/3)^2 + \cdots$ produces a $t^2$ coefficient of $-a + a = 0$. From here on we assume the cubic is already depressed: $f(t) = t^3 + pt + q$. [/remark] The move to a depressed cubic is not just a convenience — it genuinely simplifies the problem. With the quadratic, completing the square eliminated the linear term. Here, we eliminate the quadratic term, which is the analogous step one degree up. Now comes the deeper part: the Lagrange resolvent method. The idea is to introduce new auxiliary quantities, defined symmetrically in the roots, that satisfy simpler equations. [motivation] Why introduce the Lagrange resolvers at all? Here is the underlying logic. Suppose $\alpha_1, \alpha_2, \alpha_3$ are the three roots of our depressed cubic. By Vieta's formulas, $\alpha_1 + \alpha_2 + \alpha_3 = 0$ (there is no quadratic term), $\alpha_1\alpha_2 + \alpha_1\alpha_3 + \alpha_2\alpha_3 = p$, and $\alpha_1\alpha_2\alpha_3 = -q$. The difficulty is that we cannot directly separate the individual $\alpha_i$ from these symmetric expressions. The Lagrange resolvent idea is to break the symmetry in a controlled way using a primitive cube root of unity $\mu$. Because $\mu$ satisfies $\mu^3 = 1$ and $1 + \mu + \mu^2 = 0$, multiplying by $\mu$ permutes a certain structured sum in a predictable way. We define $\beta$ and $\gamma$ so that $\beta^3$ and $\gamma^3$ are symmetric in the $\alpha_i$ — meaning they can be expressed in terms of $p$ and $q$ — and then $\beta$ and $\gamma$ themselves can be recovered by taking cube roots. Once we know $\beta$ and $\gamma$, we can recover each individual root. [/motivation] Let $\mu = \frac{-1 + \sqrt{-3}}{2}$, a primitive cube root of unity. Note $\mu^3 = 1$, $\mu \neq 1$, and $1 + \mu + \mu^2 = 0$. [definition: Lagrange Resolvers] For roots $\alpha_1, \alpha_2, \alpha_3$ of the depressed cubic $t^3 + pt + q$, define the **Lagrange resolvers** \begin{align*} \beta &= \alpha_1 + \mu\alpha_2 + \mu^2\alpha_3, \\ \gamma &= \alpha_1 + \mu^2\alpha_2 + \mu\alpha_3. \end{align*} [/definition] These are not symmetric in the roots, but their cubes are. [quotetheorem:1305] [citeproof:1305] The upshot is this: we have reduced solving a cubic to solving a quadratic. The quadratic $w^2 + 27qw - 27p^3 = 0$ gives us $\beta^3$ and $\gamma^3$, and we know their product is $-27p^3$. Taking cube roots (choosing them consistently so that $\beta\gamma = -3p$) gives us $\beta$ and $\gamma$. Now we can recover the original roots. [quotetheorem:1306] [citeproof:1306] [example: Solving a Depressed Cubic] Take $f(t) = t^3 - 3t - 2$. Here $p = -3$ and $q = -2$. The resolvent quadratic is \begin{align*} w^2 + 27(-2)w - 27(-3)^3 = w^2 - 54w + 729 = (w - 27)^2 = 0. \end{align*} So $\beta^3 = \gamma^3 = 27$, giving $\beta = \gamma = 3$ (choosing the real cube root). The three roots are then $\alpha_1 = (3+3)/3 = 2$ and $\alpha_2, \alpha_3 = (\mu^2 \cdot 3 + \mu \cdot 3)/3 = \mu^2 + \mu = -1$. Indeed $f(t) = (t-2)(t+1)^2$. [/example] Notice the structure: to solve a cubic, we solve one quadratic. Each step requires extracting one more root. This staircase — reduce to a problem of lower degree, extract a root, solve — will appear again in the quartic. ## Quartic Equations The quartic was solved shortly after the cubic, by Cardano's student Ferrari. The method is essentially: reduce the quartic to a cubic. If we can solve a cubic (and we now can), then we can solve a quartic. Again, the first step is a substitution to remove the cubic term. [remark: Removing the Cubic Term] Given $t^4 + at^3 + bt^2 + ct + d$, the substitution $t \mapsto t - a/4$ eliminates the $t^3$ term. We will therefore assume from now on that our quartic has the form $f(t) = t^4 + bt^2 + ct + d$. [/remark] Now suppose the four roots are $\alpha_1, \alpha_2, \alpha_3, \alpha_4$. By Vieta, their sum is zero. The key idea is to introduce three auxiliary quantities built from pairs of roots. [definition: Quartic Resolvent Quantities] With roots $\alpha_1, \alpha_2, \alpha_3, \alpha_4$ of the reduced quartic $t^4 + bt^2 + ct + d$, define \begin{align*} \beta &= \alpha_1 + \alpha_2, \\ \gamma &= \alpha_1 + \alpha_3, \\ \lambda &= \alpha_1 + \alpha_4. \end{align*} Since $\alpha_1 + \alpha_2 + \alpha_3 + \alpha_4 = 0$, we have $\alpha_3 + \alpha_4 = -\beta$, $\alpha_2 + \alpha_4 = -\gamma$, and $\alpha_2 + \alpha_3 = -\lambda$. [/definition] Why these combinations? The sum of all four roots is zero, so knowing any one of $\beta, \gamma, \lambda$ determines the complementary pair sum. These quantities carry just enough information to reconstruct all four roots once we know them. The deeper reason: $\beta^2, \gamma^2, \lambda^2$ turn out to be symmetric enough in the $\alpha_i$ that they satisfy a cubic equation with coefficients in $\mathbb{Q}$. [quotetheorem:1307] [citeproof:1307] This is the crucial reduction. The resolvent cubic $g(t)$ is a cubic we can solve by the method of the previous section. Once we have $\beta^2, \gamma^2, \lambda^2$, we take square roots to get $\beta, \gamma, \lambda$. Then the four roots of $f$ are: \begin{align*} \alpha_1 &= \frac{\beta + \gamma + \lambda}{2}, \quad \alpha_2 = \frac{\beta - \gamma - \lambda}{2}, \\ \alpha_3 &= \frac{-\beta + \gamma - \lambda}{2}, \quad \alpha_4 = \frac{-\beta - \gamma + \lambda}{2}. \end{align*} These follow from the definitions: $\beta = \alpha_1 + \alpha_2$, $\gamma = \alpha_1 + \alpha_3$, $\lambda = \alpha_1 + \alpha_4$, and $\alpha_1 + \alpha_2 + \alpha_3 + \alpha_4 = 0$, so $\alpha_1 - \alpha_2 = \beta - (\alpha_1 + \alpha_2 + \alpha_3 + \alpha_4 - \beta - \gamma - \lambda + \cdots)$. The linear algebra is straightforward once we know $\beta, \gamma, \lambda$. [example: The Resolvent Cubic in Action] Consider $f(t) = t^4 - 5t^2 + 4$. Here $b = -5$, $c = 0$, $d = 4$. The resolvent cubic is \begin{align*} g(t) = t^3 + 2(-5)t^2 + ((-5)^2 - 4\cdot 4)t - 0^2 = t^3 - 10t^2 + 9t. \end{align*} Factor: $g(t) = t(t^2 - 10t + 9) = t(t-1)(t-9)$. So $\beta^2 = 0, \gamma^2 = 1, \lambda^2 = 9$, giving $\beta = 0, \gamma = 1, \lambda = 3$. Then $\alpha_1 = (0+1+3)/2 = 2$, $\alpha_2 = (0-1-3)/2 = -2$, $\alpha_3 = (0+1-3)/2 = -1$, $\alpha_4 = (0-1+3)/2 = 1$. Check: $f(t) = (t-2)(t+2)(t-1)(t+1)= (t^2-4)(t^2-1) = t^4 - 5t^2 + 4$. Correct. [/example] The pattern is now fully visible. For the quartic, we solve one cubic (which in turn requires solving one quadratic and then taking cube roots and square roots). The solution requires only radicals at each step. And each reduction corresponds to a specific way of introducing auxiliary quantities whose elementary symmetric functions are expressible in the coefficients. ## The Quintic and Beyond The natural question is: can this pattern continue? Should there be a method for degree-five polynomials that reduces to a quartic, which reduces to a cubic, and so on? The answer, which is one of the central theorems of Galois theory, is no. There is no general formula for roots of a degree-five polynomial in terms of its coefficients using only the arithmetic operations and the extraction of $n$-th roots — not for degree five, and not for any degree above four. [remark: What "No Formula" Means] The impossibility is not that no one has found such a formula. It is that no such formula can exist. There are specific polynomials of degree five — such as $t^5 - 4t + 2$ — whose roots genuinely cannot be expressed using arithmetic and radicals starting from the coefficients. The proof of this fact uses the theory of Galois groups and the notion of solvable groups, which we will develop in subsequent chapters. [/remark] The key pattern in the cubic and quartic solutions is this: at each stage, we introduced an auxiliary quantity whose cube (or square) was already determined by a simpler equation. Extracting that root corresponded to adjoining a single element to the coefficient field. The tower of field extensions we built — one root at a time — corresponded to a group-theoretic tower with abelian steps. The obstacle at degree five is that the Galois group of a general quintic is the symmetric group $S_5$. This group is not solvable in the sense we will make precise: it cannot be built up from abelian groups in the way that $S_4$ can. The resolvent method fails not because of an algebraic accident but because the underlying group-theoretic structure that makes the method work simply does not exist for degree five. This is why the first two chapters form a pair. The explicit formulas here — quadratic, cubic, quartic — are not just computational tools. They are examples of what it means for an equation to be solvable by radicals. When we say, later in the course, that a polynomial is solvable by radicals if and only if its Galois group is solvable, the formulas in this chapter are the concrete instantiation of that theorem for the cases where it holds. With field extensions, splitting fields, separability, normality, and the Fundamental Theorem now in hand, we turn to the question that motivated the entire theory: which polynomial equations can be solved by radicals? # 2. Field Extensions After all the motivation and concrete examples, we now start Galois theory in earnest. The modern approach describes the theory entirely in terms of field extensions — a precise algebraic framework for studying what happens when we enlarge a field by adjoining new elements. This chapter builds the complete toolkit: from the basic language of extensions and degrees, through splitting fields and algebraic closures, to the twin conditions of separability and normality that define Galois extensions, and finally to the Fundamental Theorem itself. ## 2.1 Field Extensions Chapter 1 left us with a striking asymmetry: we can solve every polynomial of degree 2, 3, or 4 by radicals, but something goes fundamentally wrong at degree 5. To understand what that "something" is, we need a precise language for talking about numbers like $\sqrt{2}$, $\sqrt[3]{2}$, or $e^{2\pi i/5}$ — numbers that arise when we try to solve equations. The right language is the language of field extensions. Rather than treating these numbers as isolated curiosities, field extensions let us study the entire algebraic environment they inhabit: what other numbers do they generate, how does arithmetic in that environment relate to arithmetic in the base field, and ultimately, what symmetries does that environment possess? This section builds the foundational vocabulary we will use throughout the course. [motivation] Here is the central tension motivating everything that follows. We want to solve the polynomial $t^2 - 2 = 0$, but the rational numbers $\mathbb{Q}$ do not contain a solution. We could just adjoin one — invent a new number $\alpha$ satisfying $\alpha^2 = 2$ and extend our arithmetic to include it. The question is: can we do this rigorously? What does the resulting number system look like, and how does it relate to $\mathbb{Q}$? Field extensions are precisely the answer to this question, replacing the informal "adjoin a root" with a clean algebraic framework. [/motivation] Before we define anything, it helps to have an intuition. A field extension is simply one field sitting inside a larger one. We already know several examples from experience: the real numbers contain the rationals, the complex numbers contain the reals, and the set $\{a + b\sqrt{2} : a, b \in \mathbb{Q}\}$ contains $\mathbb{Q}$ and is itself a field. What makes these interesting is not just the containment, but the interplay between the small field and the large one. [definition: Field Extension] A **field extension** is an inclusion $K \subseteq L$, where $K$ and $L$ are both fields and $K$ inherits its algebraic operations from $L$. We write this as $L/K$ (read "$L$ over $K$") and say $L$ is an **extension** of $K$, or equivalently that $K$ is a **subfield** of $L$. Equivalently, a field extension can be described by an injective ring homomorphism $K \to L$, since any injective ring map between fields embeds one inside the other. [/definition] It is worth pausing on the notation $L/K$ — this slash does not denote a quotient. It is simply a conventional way to indicate that we are thinking of the pair $(L, K)$ together, with attention to how $K$ sits inside $L$. The three running examples throughout this section are $\mathbb{R}/\mathbb{Q}$, $\mathbb{C}/\mathbb{Q}$, and $\mathbb{Q}(\sqrt{2})/\mathbb{Q}$. [example: Basic Field Extensions] The inclusion $\mathbb{Q} \subseteq \mathbb{R}$ is a field extension. So is $\mathbb{R} \subseteq \mathbb{C}$, and combining them, $\mathbb{Q} \subseteq \mathbb{C}$ is a field extension as well. More interestingly, the set $\mathbb{Q}(\sqrt{2}) = \{a + b\sqrt{2} : a, b \in \mathbb{Q}\}$ is a subfield of $\mathbb{R}$: it is closed under addition, subtraction, and multiplication (since $(a + b\sqrt{2})(c + d\sqrt{2}) = (ac + 2bd) + (ad + bc)\sqrt{2}$), and it admits inverses because $\frac{1}{a + b\sqrt{2}} = \frac{a - b\sqrt{2}}{a^2 - 2b^2}$, where the denominator is nonzero when $a + b\sqrt{2} \neq 0$ (since $\sqrt{2}$ is irrational). So $\mathbb{Q}(\sqrt{2})/\mathbb{Q}$ is a field extension. [/example] Having named the objects, we immediately want to measure them. Given an extension $L/K$, how much bigger is $L$ than $K$? One field can contain another in a very thin way — $\mathbb{Q}$ sits inside $\mathbb{Q}(\sqrt{2})$ with just one extra "dimension" — or in an enormously complex way, as $\mathbb{Q}$ sits inside $\mathbb{R}$. The right tool for making this precise is linear algebra. Since $K$ is a field and $L$ is an abelian group under addition in which elements of $K$ can multiply elements of $L$, the extension $L/K$ makes $L$ into a vector space over $K$. [definition: Degree of an Extension] Let $L/K$ be a field extension. The **degree** of $L$ over $K$, written $[L:K]$, is the dimension of $L$ as a vector space over $K$: \begin{align*} [L:K] = \dim_K L. \end{align*} We say the extension is **finite** if $[L:K]$ is finite, and **infinite** otherwise. [/definition] [example: Computing Degrees] For $\mathbb{C}/\mathbb{R}$, a basis is $\{1, i\}$, since every complex number is uniquely $a \cdot 1 + b \cdot i$ with $a, b \in \mathbb{R}$. Hence $[\mathbb{C}:\mathbb{R}] = 2$. Similarly, for $\mathbb{Q}(\sqrt{2})/\mathbb{Q}$, the set $\{1, \sqrt{2}\}$ is a basis: every element $a + b\sqrt{2}$ is a $\mathbb{Q}$-linear combination, and these two elements are linearly independent over $\mathbb{Q}$ precisely because $\sqrt{2}$ is irrational. So $[\mathbb{Q}(\sqrt{2}):\mathbb{Q}] = 2$. By contrast, $[\mathbb{R}:\mathbb{Q}]$ is infinite — in fact, uncountable — because $\mathbb{R}$ has an uncountable Hamel basis over $\mathbb{Q}$. [/example] Now here is a question that the degree is perfectly suited to answer. Suppose we have three fields $K \subseteq L \subseteq F$, like the chain $\mathbb{Q} \subseteq \mathbb{Q}(\sqrt{2}) \subseteq \mathbb{Q}(\sqrt{2}, \sqrt[3]{2})$. We have degrees $[L:K]$ and $[F:L]$ measuring two stages of the extension. How do these combine to give $[F:K]$? The answer is beautifully multiplicative. [quotetheorem:1248] [citeproof:1248] The Tower Law is more than a convenient formula — it is a structural constraint that governs which extensions are possible. Notice that it says $[L:K]$ must divide $[F:K]$ whenever $K \subseteq L \subseteq F$. This divisibility is often used as a tool for proving that one field does not sit inside another: if $[L:K] = 3$ and $[F:K] = 4$, then $L$ cannot be an intermediate field between $K$ and $F$. We will use exactly this kind of argument repeatedly. The theorem also says nothing about the converse direction: it does not claim that every factorization of $[F:K]$ corresponds to an intermediate field. Finding which intermediate fields exist is the deeper problem that Galois theory is designed to solve. With a way to measure extensions, we now turn to the central construction: given a field $K$ and a field $L$ extending it, how do individual elements $\alpha \in L$ behave relative to $K$? The key distinction is whether $\alpha$ satisfies a polynomial equation over $K$. An element $\alpha \in L$ is called **algebraic over $K$** if there exists a nonzero polynomial $f \in K[t]$ with $f(\alpha) = 0$. If no such polynomial exists, $\alpha$ is called **transcendental over $K$**. For example, $\sqrt{2} \in \mathbb{R}$ is algebraic over $\mathbb{Q}$ since it satisfies $t^2 - 2 = 0$, while $\pi$ and $e$ are transcendental over $\mathbb{Q}$ (though proving this is much harder). When $\alpha$ is algebraic over $K$, we want to find the "simplest" or "most economical" polynomial it satisfies. There might be many polynomials vanishing at $\alpha$ — for instance, $\sqrt{2}$ satisfies $t^2 - 2 = 0$ but also $(t^2 - 2)(t - 1) = 0$. The set of all such polynomials forms an ideal in $K[t]$. [definition: Minimal Polynomial] Let $L/K$ be a field extension and $\alpha \in L$ algebraic over $K$. Define the **evaluation ideal** \begin{align*} I_\alpha = \{ f \in K[t] : f(\alpha) = 0 \}. \end{align*} Since $K[t]$ is a principal ideal domain, $I_\alpha$ is generated by a unique monic polynomial $P_\alpha \in K[t]$, called the **minimal polynomial** of $\alpha$ over $K$. [/definition] The minimal polynomial $P_\alpha$ is irreducible over $K$. To see why, suppose $P_\alpha = gh$ with $\deg g, \deg h < \deg P_\alpha$. Then $g(\alpha)h(\alpha) = P_\alpha(\alpha) = 0$, and since $L$ is a field (hence an integral domain), either $g(\alpha) = 0$ or $h(\alpha) = 0$. But then $g$ or $h$ would be a nonzero element of $I_\alpha$ of smaller degree than $P_\alpha$, contradicting the minimality of $P_\alpha$. This irreducibility is not a technicality — it is the reason everything works. An irreducible polynomial generates a maximal ideal in $K[t]$, and quotients by maximal ideals are fields. This is the key insight behind the following theorem. [quotetheorem:1308] [citeproof:1308] This theorem tells us that $K(\alpha)$ is, up to isomorphism, entirely determined by the minimal polynomial $P_\alpha$. Two algebraic elements with the same minimal polynomial generate isomorphic extensions of $K$ — a fact that will become essential when we study Galois groups in Section 2.3. The theorem also tells us exactly what arithmetic in $K(\alpha)$ looks like: every element is uniquely a polynomial in $\alpha$ of degree less than $n$, and we reduce higher powers of $\alpha$ using the relation $P_\alpha(\alpha) = 0$. For $K = \mathbb{Q}$ and $\alpha = \sqrt{2}$, this says every element of $\mathbb{Q}(\sqrt{2})$ is $a + b\alpha$ for $a, b \in \mathbb{Q}$, which matches what we computed directly. What the theorem does not say is also worth noting. It does not tell us that every irreducible polynomial $p \in K[t]$ has a root in some extension of $K$ — it only describes $K(\alpha)$ once we already know $\alpha$ exists in some ambient field $L$. The construction of splitting fields, which provides roots of arbitrary polynomials, comes later. An important consequence falls out immediately from combining this result with the Tower Law. [quotetheorem:1303] [citeproof:1303] The converse of this theorem fails, and this failure is important enough to call out explicitly. An extension can have every element algebraic over $K$ while still being infinite. The standard example is $\overline{\mathbb{Q}}/\mathbb{Q}$, the algebraic closure: every element of $\overline{\mathbb{Q}}$ is algebraic over $\mathbb{Q}$, but the extension is infinite because there are algebraic numbers of arbitrarily large degree (e.g., $\sqrt[n]{2}$ has degree $n$ over $\mathbb{Q}$ for every $n$). So "algebraic" and "finite" are not synonymous — finite implies algebraic, but not the other way around. The theorem does give us a useful corollary: $[K(\alpha):K] = \deg P_\alpha < \infty$ exactly when $\alpha$ is algebraic over $K$. Combining with the Tower Law, we can now handle extensions generated by several algebraic elements. [definition: Finitely Generated Extensions] For a field extension $L/K$ and elements $\alpha_1, \ldots, \alpha_m \in L$, we write $K(\alpha_1, \ldots, \alpha_m)$ for the **smallest subfield of $L$** containing $K$ and all of $\alpha_1, \ldots, \alpha_m$. This can be built iteratively: $K(\alpha_1, \ldots, \alpha_m) = K(\alpha_1, \ldots, \alpha_{m-1})(\alpha_m)$. [/definition] When all the generators are algebraic, the Tower Law makes the degree easy to compute. [quotetheorem:1309] [citeproof:1309] Before closing the section with a worked example, we record a classical tool for proving irreducibility that we will use freely throughout the course. [quotetheorem:859] This criterion is quoted from the Galois-Ring-Module course and is used here as a tool. Its proof uses the fact that $\mathbb{Z}[t]$ is a UFD and reduces modulo $p$. Now let us put all of this together in an example that foreshadows the degree-computation methods we will use throughout the course. [example: Q(sqrt 2, cbrt 2) Over Q] Consider the tower $\mathbb{Q} \subseteq \mathbb{Q}(\sqrt{2}) \subseteq \mathbb{Q}(\sqrt{2}, \sqrt[3]{2})$. We compute $[\mathbb{Q}(\sqrt{2}, \sqrt[3]{2}) : \mathbb{Q}]$ using the Tower Law: \begin{align*} [\mathbb{Q}(\sqrt{2}, \sqrt[3]{2}) : \mathbb{Q}] = [\mathbb{Q}(\sqrt{2}, \sqrt[3]{2}) : \mathbb{Q}(\sqrt{2})] \cdot [\mathbb{Q}(\sqrt{2}) : \mathbb{Q}]. \end{align*} We already know $[\mathbb{Q}(\sqrt{2}):\mathbb{Q}] = 2$. For the upper degree, $\sqrt[3]{2}$ has minimal polynomial $t^3 - 2$ over $\mathbb{Q}$ — this is irreducible by Eisenstein with $p = 2$ — so $[\mathbb{Q}(\sqrt[3]{2}):\mathbb{Q}] = 3$. Now we need $[\mathbb{Q}(\sqrt{2}, \sqrt[3]{2}) : \mathbb{Q}(\sqrt{2})]$. The minimal polynomial of $\sqrt[3]{2}$ over $\mathbb{Q}(\sqrt{2})$ divides $t^3 - 2$, so it has degree 1 or 3. It has degree 1 only if $\sqrt[3]{2} \in \mathbb{Q}(\sqrt{2})$. But $\mathbb{Q}(\sqrt{2})$ has degree 2 over $\mathbb{Q}$, and $\mathbb{Q}(\sqrt[3]{2})$ has degree 3. If $\sqrt[3]{2} \in \mathbb{Q}(\sqrt{2})$, then by the Tower Law $[\mathbb{Q}(\sqrt[3]{2}):\mathbb{Q}]$ would divide $[\mathbb{Q}(\sqrt{2}):\mathbb{Q}] = 2$, forcing $3 \mid 2$, a contradiction. Therefore $\sqrt[3]{2} \notin \mathbb{Q}(\sqrt{2})$, the minimal polynomial of $\sqrt[3]{2}$ over $\mathbb{Q}(\sqrt{2})$ is still $t^3 - 2$, and $[\mathbb{Q}(\sqrt{2}, \sqrt[3]{2}) : \mathbb{Q}(\sqrt{2})] = 3$. The Tower Law then gives: \begin{align*} [\mathbb{Q}(\sqrt{2}, \sqrt[3]{2}) : \mathbb{Q}] = 3 \cdot 2 = 6. \end{align*} A basis is $\{1, \sqrt{2}, \sqrt[3]{2}, \sqrt[3]{4}, \sqrt[3]{2}\cdot\sqrt{2}, \sqrt[3]{4}\cdot\sqrt{2}\}$. [/example] This example is not just a computation — it illustrates the key technique of degree arithmetic. The Tower Law turns a question about a complicated extension into a sequence of simpler questions about individual simple extensions, each answered by identifying the minimal polynomial of one element. The argument that $3 \nmid 2$ is what does the real work: it shows that the two extensions $\mathbb{Q}(\sqrt{2})$ and $\mathbb{Q}(\sqrt[3]{2})$ are genuinely independent over $\mathbb{Q}$ in a quantitative sense. With the degree, minimal polynomials, and the Tower Law established, we now have the foundational toolkit for studying field extensions rigorously. In the next section, we apply these ideas to ruler-and-compass constructions, where the key question becomes: which lengths can be constructed? We will see that the answer is exactly determined by which degrees are achievable — specifically, whether they are powers of 2. The degree is not merely a bookkeeping device; it is the invariant that decides what is constructible and what is not. ## 2.2 Ruler and Compass Constructions The ancient Greeks posed a deceptively simple question: given only an unmarked straightedge and a compass, which geometric quantities can you construct? You can bisect any angle, erect perpendiculars, and construct regular pentagons — but can you double a cube, or trisect an arbitrary angle? These problems resisted every attempt for over two thousand years. Field extensions give us the tools to explain why: every construction corresponds to a sequence of quadratic extensions, so the degree of any constructible quantity over $\mathbb{Q}$ must be a power of two. Anything with an odd prime in its degree is forever out of reach. [motivation] The classical impossibility results are the first real payoff of the theory developed in Section 2.1. The idea is to encode geometric operations — drawing lines, drawing circles, finding intersections — as algebraic operations on coordinates. Each such step either leaves the current field unchanged or forces a degree-2 extension. The cumulative effect of $n$ steps therefore lives inside an extension of degree at most $2^n$. Any algebraic number that cannot live in such an extension cannot be constructed. [/motivation] We begin by making the notion of construction precise. Start with a set $S$ of points in the plane, which we identify with elements of $\mathbb{R}^2$. From $S$ we may draw any line through two points of $S$ and any circle centred at a point of $S$ passing through another point of $S$. [definition: Constructible Point] A point $P \in \mathbb{R}^2$ is **1-step constructible from $S$** if $P$ is the intersection of two objects (lines or circles) each determined by points already in $S$. A point $P$ is **constructible from $S$** if there exists a finite chain $S = S_0 \subset S_1 \subset \cdots \subset S_n$ such that each point added at stage $k+1$ is 1-step constructible from $S_k$, and $P \in S_n$. A real number $\alpha$ is called **constructible** if the point $(\alpha, 0)$ is constructible from $S_0 = \{(0,0),(1,0)\}$. [/definition] The initial set $S_0$ encodes our unit of measurement. Notice that we are not restricting which two objects we intersect at each step — every possible intersection of every available line and circle is allowed. The set of constructible real numbers is therefore the largest collection of lengths reachable by any legal sequence of steps. To analyse this algebraically, we track the field generated by the coordinates of our point set at each stage. If the coordinates of all points in $S$ lie in a subfield $K \subset \mathbb{R}$, then: 1. Any line through two such points has equation $ax + by = c$ with $a, b, c \in K$. 2. Any circle has equation $(x - h)^2 + (y - k)^2 = r^2$ with $h, k, r \in K$ (since $r$ is a distance between points with $K$-coordinates). 3. Intersecting two lines gives a new point with coordinates in $K$ — no extension needed. 4. Intersecting a line and a circle, or two circles, requires solving a degree-2 equation over $K$. The new coordinates lie in some extension $K(\alpha)$ where $\alpha^2 \in K$, so $[K(\alpha) : K] \leq 2$. This observation is the heart of the theory. Each 1-step construction either stays in $K$ or produces a degree-2 extension of $K$. After $n$ such steps, the coordinates of any constructed point live in a field $F$ with $[F : \mathbb{Q}] \leq 2^n$. By the Tower Law (Section 2.1), any subextension $\mathbb{Q} \subset \mathbb{Q}(\alpha) \subset F$ satisfies $[\mathbb{Q}(\alpha) : \mathbb{Q}] \mid [F : \mathbb{Q}]$, so it too divides $2^n$. [quotetheorem:1310] [citeproof:1310] The theorem gives a necessary condition, not a sufficient one. An algebraic number of degree $2^k$ is not automatically constructible — one also needs it to be reachable by a chain of square-root extensions specifically. But for the classical impossibility results, the necessary condition is enough: whenever the minimal polynomial has degree divisible by an odd prime, no construction can produce the number. [example: Doubling the Cube] The problem of doubling the cube asks: given a cube of side length $1$, construct a cube of side length $\alpha$ with volume $2$. This requires $\alpha^3 = 2$, so $\alpha = \sqrt[3]{2}$. The minimal polynomial of $\sqrt[3]{2}$ over $\mathbb{Q}$ is $t^3 - 2$. To confirm this is irreducible, note that $\sqrt[3]{2}$ is not rational, and a degree-3 polynomial is irreducible over $\mathbb{Q}$ if and only if it has no rational roots; by the rational root theorem the only candidates are $\pm 1$ and $\pm 2$, and none satisfies $t^3 = 2$. Therefore $[\mathbb{Q}(\sqrt[3]{2}) : \mathbb{Q}] = 3$. Since $3$ is not a power of $2$, the Degree Constraint theorem tells us $\sqrt[3]{2}$ is not constructible. Doubling the cube is impossible. [/example] The argument for angle trisection is slightly more involved because we must first translate an angular problem into an algebraic one. [example: Trisecting a 60° Angle] We show it is impossible to trisect a $60°$ angle, which suffices to prove that angle trisection is not always achievable (a general impossibility follows from a single counterexample). The triple angle formula for cosine states that for any $\theta$, \begin{align*} \cos(3\theta) = 4\cos^3\theta - 3\cos\theta. \end{align*} Set $\theta = 20°$, so $3\theta = 60°$ and $\cos 60° = \tfrac{1}{2}$. Writing $t = \cos 20°$, the formula gives \begin{align*} \frac{1}{2} = 4t^3 - 3t, \end{align*} or equivalently $8t^3 - 6t - 1 = 0$. We claim this polynomial is irreducible over $\mathbb{Q}$. Applying the rational root theorem, the only rational candidates are $\pm 1$ and $\pm \tfrac{1}{8}, \pm \tfrac{1}{4}, \pm \tfrac{1}{2}$. A direct check shows none is a root, so $8t^3 - 6t - 1$ has no rational roots and — being degree 3 — must be irreducible over $\mathbb{Q}$. Therefore $[\mathbb{Q}(\cos 20°) : \mathbb{Q}] = 3$, which is not a power of $2$. The Degree Constraint theorem shows $\cos 20°$ is not constructible. Since trisecting a $60°$ angle would require constructing $\cos 20°$ from the constructible number $\cos 60°$, the trisection is impossible. [/example] [remark: What the Degree Condition Does Not Say] The impossibility of these two constructions does not mean that ruler and compass are weak tools — they can produce all numbers in $\mathbb{Q}(\sqrt{2}, \sqrt{3}, \sqrt{5}, \ldots)$ and every regular $n$-gon whose order is a product of a power of $2$ and distinct Fermat primes (Gauss's theorem, which requires the full machinery of Galois groups). The Degree Constraint merely draws the boundary: the constructible numbers form a subfield of $\mathbb{R}$ closed under square roots, and anything of odd prime degree over $\mathbb{Q}$ lies on the other side of that boundary. [/remark] The two examples above share a common structure: express the desired quantity as the root of a polynomial, show that polynomial is irreducible of degree divisible by an odd prime, and conclude via the Degree Constraint. In Section 2.3, when we develop the full machinery of $K$-homomorphisms and Galois groups, we will be able to characterise constructible numbers completely and extend these ideas to questions about which regular polygons can be constructed. ## 2.3 K-Homomorphisms and the Galois Group [motivation] Having built up the machinery of field extensions, degrees, and minimal polynomials, we now ask a more structural question: how do we measure the symmetry of a field extension $L/K$? The answer lies not in the fields themselves but in the maps between them — the structure-preserving bijections that fix the base field $K$ and permute the "new" elements of $L$. The collection of all such symmetries forms a group, and the size of this group turns out to encode deep arithmetic information about the extension. [/motivation] [definition: K-Homomorphism] Let $L$ and $M$ be field extensions of $K$. A **$K$-homomorphism** from $L$ to $M$ is a field homomorphism $\sigma : L \to M$ that fixes $K$ pointwise, meaning $\sigma(a) = a$ for all $a \in K$. [/definition] It is worth pausing to appreciate what this definition captures. Any field homomorphism is automatically injective — fields have no nontrivial ideals — so a $K$-homomorphism is in particular an embedding of $L$ into $M$ that keeps $K$ intact. The condition of fixing $K$ is the essential constraint: we want maps that preserve the base field structure and only move the elements genuinely "above" $K$. When $M = L$ and $\sigma$ is also surjective, we arrive at the central object of Galois theory. [definition: Galois Group] Let $L/K$ be a field extension. The **Galois group** of $L$ over $K$, written $\mathrm{Gal}(L/K)$, is the group of all $K$-automorphisms of $L$ — that is, all $K$-homomorphisms $\sigma : L \to L$ that are bijective — under composition. [/definition] That this forms a group is straightforward: the composite of two $K$-automorphisms is again a $K$-automorphism, composition is associative, the identity is the trivial automorphism $\mathrm{id}_L$, and every bijection has an inverse which one checks also fixes $K$. The Galois group is our primary tool for measuring symmetry: a large Galois group means the extension has many automorphisms, reflecting a rich internal structure. Before we can compute or bound $|\mathrm{Gal}(L/K)|$, we need to understand $K$-homomorphisms out of simple extensions $K(\alpha)$. The key insight is that such a homomorphism is entirely determined by where it sends $\alpha$, and not every value is permissible — the image of $\alpha$ must satisfy the same minimal polynomial. [quotetheorem:1311] [citeproof:1311] The hypothesis that $\alpha$ is algebraic is essential — the entire argument hinges on $K(\alpha) \cong K[t]/(P_\alpha)$, a description unavailable for transcendental elements. Notice also that the theorem counts roots in an algebraic closure $\bar{L}$: if $P_\alpha$ has repeated roots (which can happen in characteristic $p$), the number of $K$-homomorphisms drops accordingly. Over fields of characteristic zero or more generally over **perfect fields**, minimal polynomials are always separable — they have no repeated roots — but this need not hold in general. [remark: Consequence for Simple Extensions] For a simple algebraic extension $K(\alpha)/K$, the number of $K$-homomorphisms $K(\alpha) \to \bar{L}$ is at most $[K(\alpha):K] = \deg P_\alpha$, with equality if and only if $P_\alpha$ has distinct roots in $\bar{L}$. [/remark] This remark is our first glimpse of a general pattern. We now extend the counting argument to arbitrary finite extensions by climbing a tower. [quotetheorem:1304] The proof strategy is to factor $L/K$ into a tower of simple extensions and count the automorphism choices at each step. If $L = K(\alpha_1, \alpha_2, \ldots, \alpha_r)$, we build the tower \begin{align*} K \subset K(\alpha_1) \subset K(\alpha_1, \alpha_2) \subset \cdots \subset L. \end{align*} At each step $K(\alpha_1, \ldots, \alpha_i)/K(\alpha_1, \ldots, \alpha_{i-1})$, the bijection theorem tells us that any partial $K$-homomorphism can be extended to the next step in at most $[K(\alpha_1,\ldots,\alpha_i):K(\alpha_1,\ldots,\alpha_{i-1})]$ ways — one for each root of the minimal polynomial of $\alpha_i$ over the intermediate field. Multiplying these bounds across the tower and applying the tower law gives $|\mathrm{Gal}(L/K)| \leq [L:K]$. This bound is sharp in the best possible situation. Equality $|\mathrm{Gal}(L/K)| = [L:K]$ means that at every step in the tower, every root is actually available and distinct — the extension is, in a precise sense, maximally symmetric. This motivates the central definition of the subject, which the next section will begin to make precise. [remark: Preview of Galois Extensions] A finite extension $L/K$ is called **Galois** if $|\mathrm{Gal}(L/K)| = [L:K]$. Galois extensions are exactly those with the maximum possible symmetry: every root of every minimal polynomial of an element of $L$ is already present in $L$, and no root is repeated. The fundamental theorem of Galois theory — which we will reach after developing splitting fields and separability — establishes a perfect correspondence between subgroups of $\mathrm{Gal}(L/K)$ and intermediate fields of $L/K$, making the Galois group a complete invariant of the extension's internal structure. [/remark] The inequality $|\mathrm{Gal}(L/K)| \leq [L:K]$ is not merely a counting curiosity. It tells us that the group of symmetries can never outgrow the algebraic complexity of the extension, and when equality fails, something is geometrically or arithmetically constrained — either roots are missing from $L$, or the minimal polynomial has repeated roots indicating inseparability. Both phenomena will resurface when we classify which extensions are Galois. For now, the bijection theorem and the degree bound together form the quantitative core of the theory we are building. ## 2.4 Splitting Fields When a polynomial $f \in K[t]$ factors over some extension, different choices of which root to adjoin first can seem to produce genuinely different fields. To build Galois theory on firm ground, we need a canonical extension — one that contains all the roots of $f$ and is generated by nothing more. Splitting fields provide exactly this: they eliminate the ambiguity in how we adjoin roots, and the uniqueness theorem confirms that the result is independent of the choices made along the way. [motivation] A polynomial like $t^3 - 2$ over $\mathbb{Q}$ has three roots: $\sqrt[3]{2}$, $\omega\sqrt[3]{2}$, and $\omega^2\sqrt[3]{2}$, where $\omega = e^{2\pi i/3}$. Adjoining only one root gives $\mathbb{Q}(\sqrt[3]{2}) \subset \mathbb{R}$, which cannot contain the complex roots. To build an extension where $f$ factors into linear factors — and where the Galois group can permute those roots — we must adjoin all of them at once. [/motivation] [definition: Splitting Field] Let $K$ be a field and $f \in K[t]$ a nonconstant polynomial. A **splitting field** of $f$ over $K$ is a field extension $L/K$ satisfying: - $f$ splits completely in $L[t]$, that is, $f = c(t - \alpha_1)\cdots(t - \alpha_n)$ for some $c \in K$ and $\alpha_1, \ldots, \alpha_n \in L$, and - $L = K(\alpha_1, \ldots, \alpha_n)$, so $L$ is generated over $K$ by the roots of $f$ and nothing else. [/definition] The second condition is crucial: it rules out trivially large extensions. A splitting field is the smallest extension in which $f$ can be completely factored. [quotetheorem:1312] The proof runs by induction on $\deg f$. If $f$ already splits over $K$, then $K$ itself is the splitting field. Otherwise, pick an irreducible factor $p \in K[t]$ of $f$. The quotient ring $K_1 = K[t]/(p)$ is a field extension of $K$ in which $p$ — and hence $f$ — has a root $\alpha_1$, the class of $t$. Write $f = (t - \alpha_1)g$ in $K_1[t]$. Since $\deg g < \deg f$, the inductive hypothesis gives a splitting field $L$ of $g$ over $K_1$. In $L$, we have $f = (t - \alpha_1)(t - \alpha_2)\cdots(t - \alpha_n)$, and $L = K_1(\alpha_2, \ldots, \alpha_n) = K(\alpha_1, \alpha_2, \ldots, \alpha_n)$, making $L$ a splitting field of $f$ over $K$. The existence proof required choices at each step — which irreducible factor to adjoin, in which order. The next theorem shows those choices do not matter. [quotetheorem:1258] The proof again proceeds by induction on $[L:K]$. If $[L:K] = 1$ then $f$ already splits over $K$, so $\sigma(f)$ splits over $K'$ and $L' = K'$, giving $\tilde{\sigma} = \sigma$. For the inductive step, take an irreducible factor $p$ of $f$ in $K[t]$ with $\deg p > 1$. Let $\alpha \in L$ be a root of $p$ and $\alpha' \in L'$ be a root of $\sigma(p)$. The extensions $K(\alpha)$ and $K'(\alpha')$ are both simple algebraic extensions defined by $p$ and $\sigma(p)$ respectively, so there is an isomorphism $\sigma_1: K(\alpha) \xrightarrow{\sim} K'(\alpha')$ extending $\sigma$ with $\sigma_1(\alpha) = \alpha'$. Now $L$ is a splitting field of $f/(t - \alpha)$ over $K(\alpha)$, and $[L : K(\alpha)] < [L:K]$, so the inductive hypothesis provides $\tilde{\sigma}: L \xrightarrow{\sim} L'$ extending $\sigma_1$, and hence $\sigma$. In the special case $K = K'$ and $\sigma = \mathrm{id}$, uniqueness says that any two splitting fields of $f$ over $K$ are $K$-isomorphic. This justifies speaking of *the* splitting field of $f$ over $K$, unique up to isomorphism. [example: Splitting Field of $t^3 - 2$ over $\mathbb{Q}$] Let $f = t^3 - 2 \in \mathbb{Q}[t]$. The three roots of $f$ in $\mathbb{C}$ are \begin{align*} \alpha_1 = \sqrt[3]{2}, \qquad \alpha_2 = \omega\sqrt[3]{2}, \qquad \alpha_3 = \omega^2\sqrt[3]{2}, \end{align*} where $\omega = e^{2\pi i/3}$ is a primitive cube root of unity. The splitting field is $L = \mathbb{Q}(\sqrt[3]{2},\, \omega)$. To compute $[L:\mathbb{Q}]$: the minimal polynomial of $\sqrt[3]{2}$ over $\mathbb{Q}$ is $t^3 - 2$, which is irreducible by Eisenstein at $2$, so $[\mathbb{Q}(\sqrt[3]{2}):\mathbb{Q}] = 3$. The field $\mathbb{Q}(\sqrt[3]{2})$ is contained in $\mathbb{R}$, so $\omega \notin \mathbb{Q}(\sqrt[3]{2})$; its minimal polynomial over $\mathbb{Q}(\sqrt[3]{2})$ is $t^2 + t + 1$, giving \begin{align*} [L : \mathbb{Q}] = [L : \mathbb{Q}(\sqrt[3]{2})]\cdot[\mathbb{Q}(\sqrt[3]{2}):\mathbb{Q}] = 2 \cdot 3 = 6. \end{align*} Note that $\alpha_2 = \omega\sqrt[3]{2}$ and $\alpha_3 = \omega^2\sqrt[3]{2}$ both lie in $L$, so $L$ contains all three roots as required. [/example] [remark: Splitting Fields and the Galois Group] Since $|Gal(L/K)| \leq [L:K]$ by the bound established in the previous section, the splitting field $L = \mathbb{Q}(\sqrt[3]{2}, \omega)$ has $|Gal(L/\mathbb{Q})| \leq 6$. In fact, every $\mathbb{Q}$-automorphism of $L$ is determined by its action on $\sqrt[3]{2}$ and $\omega$, and one can exhibit six distinct automorphisms — the permutations of $\{\alpha_1, \alpha_2, \alpha_3\}$ that are compatible with field arithmetic — so $|Gal(L/\mathbb{Q})| = 6 \cong S_3$. This equality $|Gal(L/K)| = [L:K]$ is not automatic, and characterizing exactly when it holds is the central question that will drive the rest of the theory. [/remark] ## 2.5 Algebraic Closures Splitting fields answer the question of where a single polynomial breaks apart into linear factors, but each splitting field is tailored to one polynomial. A natural ambition is to find a single field that simultaneously contains roots of every nonconstant polynomial over $K$ — a universal ambient space into which all algebraic extensions embed. This is the algebraic closure, and its existence transforms the study of field extensions from a collection of ad hoc constructions into a coherent theory with a fixed backdrop. [definition: Algebraically Closed Field] A field $\Omega$ is **algebraically closed** if every nonconstant polynomial $f \in \Omega[t]$ has at least one root in $\Omega$. Equivalently, every nonconstant polynomial in $\Omega[t]$ splits completely into linear factors over $\Omega$. [/definition] To see that the two formulations are equivalent: if every nonconstant polynomial has a root, then by induction on degree every polynomial splits completely, since after extracting one root $\alpha$ we can factor out $(t - \alpha)$ and apply the hypothesis to the quotient. The field $\mathbb{C}$ is the canonical example, by the Fundamental Theorem of Algebra. [definition: Algebraic Closure] An **algebraic closure** of a field $K$ is a field $\bar{K}$ satisfying two conditions: - $\bar{K}$ is algebraically closed. - $\bar{K}$ is algebraic over $K$. [/definition] The algebraic condition is essential: without it, we could take any algebraically closed field containing $K$ regardless of size, but the algebraic closure is the smallest such field, built entirely from roots of polynomials with coefficients in $K$. [quotetheorem:1313] The proof is a canonical application of Zorn's lemma. Form the collection of all algebraic extensions of $K$, partially ordered by inclusion (up to appropriate set-theoretic bookkeeping to ensure this is a legitimate poset). Any chain in this collection has an upper bound, namely its union: if $\{L_i\}$ is a chain of algebraic extensions, the union $\bigcup_i L_i$ inherits a field structure and remains algebraic over $K$, since every element belongs to some $L_i$ and is therefore algebraic over $K$. By Zorn's lemma, there exists a maximal algebraic extension $\bar{K}$. To confirm $\bar{K}$ is algebraically closed, suppose for contradiction that some nonconstant $f \in \bar{K}[t]$ has no root in $\bar{K}$. Adjoin a root $\alpha$ of $f$ to form $\bar{K}(\alpha)$. Since $\alpha$ is algebraic over $\bar{K}$ and every element of $\bar{K}$ is algebraic over $K$, the extension $\bar{K}(\alpha)$ is algebraic over $K$. This contradicts the maximality of $\bar{K}$, so no such $f$ exists. The proof reveals something structurally important: the algebraic closure is not constructed by an explicit formula but by declaring that a maximal object must exist and then showing maximality forces the desired property. The existence of $\bar{K}$ is guaranteed, but its concrete description requires choosing embeddings at each step. [quotetheorem:1314] The proof again uses Zorn's lemma, this time to extend partial embeddings. Consider the collection of pairs $(L, \sigma)$ where $K \subseteq L \subseteq \bar{K}$ and $\sigma \colon L \to \bar{K}'$ is a $K$-embedding. This collection is partially ordered by extension of embeddings, every chain has an upper bound, and a maximal element $\sigma \colon L \to \bar{K}'$ must satisfy $L = \bar{K}$: if $L \subsetneq \bar{K}$, pick any $\alpha \in \bar{K} \setminus L$, and the minimal polynomial of $\alpha$ over $L$ has a root in $\bar{K}'$ (since $\bar{K}'$ is algebraically closed), allowing $\sigma$ to extend to $L(\alpha)$, contradicting maximality. The image of the resulting embedding is an algebraic extension of $\sigma(K) = K$ inside the algebraically closed field $\bar{K}'$, and since $\bar{K}'$ has no proper algebraic extensions — it is its own algebraic closure — the map is surjective. Uniqueness up to isomorphism justifies writing $\bar{K}$ as if it were a definite object. In practice, one fixes an algebraic closure once and embeds all algebraic extensions of $K$ into it, treating $\bar{K}$ as a canonical ambient universe. [remark: Equivalent Characterizations] The following conditions on a field extension $\Omega / K$ are equivalent to $\Omega$ being an algebraic closure of $K$: - $\Omega$ has no proper algebraic extensions. - Every nonconstant $f \in K[t]$ splits completely in $\Omega$. - $\Omega$ is a splitting field of the entire set $\{f \in K[t] : f \text{ nonconstant}\}$ over $K$. [/remark] The equivalence of the second and third characterizations makes the connection to splitting fields explicit: the algebraic closure is precisely the object obtained by simultaneously splitting every polynomial over $K$, rather than splitting polynomials one at a time. This is the sense in which $\bar{K}$ serves as a universal splitting field. In the sections that follow, we will frequently fix $\bar{K}$ and study the lattice of intermediate fields $K \subseteq L \subseteq \bar{K}$, each corresponding to a finite set of polynomials that have been split. ## 2.6 Separable Extensions Throughout this chapter we have been counting: the size of a Galois group, the number of embeddings, the degree of an extension. These counts only work out cleanly when irreducible polynomials behave as we expect — namely, when they have no repeated roots. In characteristic zero this is automatic, but in characteristic $p$ something genuinely strange can happen: an irreducible polynomial can have all of its roots repeated, collapsing every root into a single point with high multiplicity. Separability is the precise condition that rules this out, and it will be the first of two properties — separability and normality — whose conjunction defines a Galois extension. [definition: Separable Polynomial] A polynomial $f \in K[t]$ is **separable** if it has no repeated roots in $\bar{K}$. An irreducible polynomial $f$ is separable if and only if $\gcd(f, f') = 1$ in $K[t]$, where $f'$ denotes the formal derivative. [/definition] The derivative criterion is worth understanding concretely. If $\alpha$ is a repeated root of $f$, then $f = (t - \alpha)^2 g$ for some polynomial $g$, and differentiating gives $f' = 2(t - \alpha)g + (t - \alpha)^2 g'$, so $f'(\alpha) = 0$. Conversely, if $\alpha$ is a simple root then $f = (t - \alpha)h$ with $h(\alpha) \neq 0$, and $f'(\alpha) = h(\alpha) \neq 0$. So $f$ is inseparable precisely when $f$ and $f'$ share a common factor — which for irreducible $f$ means $f \mid f'$, forcing $f' = 0$. This is where characteristic enters. Over a field of characteristic zero, $f' = 0$ is impossible for any nonzero polynomial: if $f = a_n t^n + \cdots + a_0$ then $f' = n a_n t^{n-1} + \cdots$, and $n a_n \neq 0$ since $n \neq 0$ in $K$. So every irreducible polynomial in characteristic zero is automatically separable — repeated roots simply cannot arise for irreducibles. In characteristic $p$, however, $f' = 0$ is not only possible but natural: it happens exactly when every exponent of $t$ appearing in $f$ is a multiple of $p$, i.e., when $f$ is a polynomial in $t^p$. [example: An Inseparable Polynomial] Let $K = \mathbb{F}_p(a)$, the rational function field over $\mathbb{F}_p$ in a single transcendental $a$. Consider $f = t^p - a \in K[t]$. In $\bar{K}$, the unique root of $f$ is some element $\alpha$ satisfying $\alpha^p = a$. By the Frobenius endomorphism, $t^p - a = (t - \alpha)^p$ in $\bar{K}[t]$. So $f$ has exactly one root, with multiplicity $p$. Moreover, $f$ is irreducible over $K$: if it factored, some monic factor $g$ of degree $d < p$ would divide $(t - \alpha)^p$, forcing $g = (t-\alpha)^d$, so $\alpha^d \in K$; but then $\alpha = \alpha^p / \alpha^{p-1} = a / \alpha^{p-1} \in K(\alpha^d)$, which after iteration gives $\alpha \in K$, contradicting $a$ being transcendental. Thus $t^p - a$ is irreducible but inseparable. [/example] This example reveals a genuine obstruction. The extension $K(\alpha)/K$ has degree $p$, but there is only one $K$-embedding $K(\alpha) \to \bar{K}$ (since $\alpha$ is the only root of the minimal polynomial). The usual argument that $|Gal(L/K)| = [L:K]$ for a splitting field breaks down entirely: there are no nontrivial automorphisms, even though the degree is $p$. Separability is exactly the condition that restores the correspondence between degree and the number of embeddings. [definition: Separable Element and Separable Extension] An element $\alpha \in L$ algebraic over $K$ is **separable over $K$** if its minimal polynomial $P_\alpha \in K[t]$ is separable. A finite algebraic extension $L/K$ is a **separable extension** if every element of $L$ is separable over $K$. [/definition] [definition: Separable Degree] Let $L/K$ be a finite extension. The **separable degree** of $L$ over $K$, written $[L:K]_s$, is the number of field homomorphisms $L \to \bar{K}$ that fix $K$ pointwise. [/definition] The separable degree measures how many embeddings actually exist. There is always an inequality $[L:K]_s \leq [L:K]$, and this inequality becomes an equality precisely when $L/K$ is separable. In the inseparable example above, $[K(\alpha) : K] = p$ but $[K(\alpha) : K]_s = 1$, and the gap $p - 1$ represents the "missing" embeddings swallowed by the repeated root. Separability is thus not an exotic condition — it is exactly what you need to make the degree equal to the number of symmetries, which is the backbone of Galois theory. For towers, separable degrees multiply: if $K \subseteq L \subseteq M$, then \begin{align*} [M : K]_s = [M : L]_s \cdot [L : K]_s. \end{align*} This mirrors the tower law for ordinary degrees and allows inductive arguments about separability. In particular, a tower $M/L/K$ is separable if and only if both $M/L$ and $L/K$ are separable. One of the most beautiful results in the theory is that a separable extension, no matter how many generators it seems to require, can always be generated by a single element. This is far from obvious: if $L = K(\beta, \gamma)$, why should there be any single element $\alpha$ with $L = K(\alpha)$? The answer is that separability, by guaranteeing distinct embeddings, provides enough room to find such an element. [quotetheorem:1267] The proof splits along the size of $K$. If $K$ is finite, then $L$ is also finite, and the multiplicative group $L^*$ is cyclic (a standard fact about finite fields); any generator of $L^*$ is a primitive element. If $K$ is infinite, one argues for two generators at a time: suppose $L = K(\beta, \gamma)$. The minimal polynomial $P_\beta$ has finitely many roots $\beta = \beta_1, \dots, \beta_m$ in $\bar{K}$, and similarly $P_\gamma$ has roots $\gamma = \gamma_1, \dots, \gamma_n$. For each pair $(i, j)$ with $\gamma_j \neq \gamma$, the equation $\beta_i + c \gamma = \beta + c \gamma_j$ has exactly one solution $c \in K$. Since there are only finitely many such bad values of $c$ and $K$ is infinite, we can choose $c \in K$ avoiding all of them. Setting $\alpha = \beta + c\gamma$, one verifies that $\gamma \in K(\alpha)$ (using the fact that $\gamma$ is the unique root of $P_\gamma$ in $K(\alpha)$, which follows from our choice of $c$), and hence $\beta = \alpha - c\gamma \in K(\alpha)$ as well, giving $L = K(\alpha)$. What makes this theorem surprising is not just its conclusion but the role separability plays in the proof. The crucial step — ruling out all but finitely many values of $c$ — requires that the roots $\gamma_1, \dots, \gamma_n$ are distinct, which is precisely separability. An inseparable extension can genuinely fail to be generated by a single element: the field $\mathbb{F}_p(a^{1/p}, b^{1/p})$ over $\mathbb{F}_p(a, b)$ has degree $p^2$ but no primitive element. The theorem therefore marks a sharp boundary between the well-behaved world of separable extensions and the pathological world beyond it. In practice, the theorem is enormously useful for computations: rather than tracking multiple generators and their relations, one works with a single $\alpha$ and its minimal polynomial. Having established the structural theory of separable extensions, we now develop two numerical invariants that encode the action of all embeddings simultaneously into single elements of the base field. [motivation] The embeddings $\sigma_1, \dots, \sigma_n : L \to \bar{K}$ (where $n = [L:K]_s$) are individually transcendental-looking objects — field maps into an algebraic closure. But their aggregate behavior, summed or multiplied over all embeddings, produces elements that land back in $K$. This collapse from $L$ down to $K$ is what makes the trace and norm computable and useful: they convert information about all embeddings at once into a single number you can calculate from a minimal polynomial. [/motivation] [definition: Trace and Norm] Let $L/K$ be a finite separable extension of degree $n$, with $K$-embeddings $\sigma_1, \dots, \sigma_n : L \to \bar{K}$. The **trace** and **norm** of an element $\alpha \in L$ are \begin{align*} \mathrm{Tr}_{L/K}(\alpha) &= \sum_{i=1}^{n} \sigma_i(\alpha), \\ N_{L/K}(\alpha) &= \prod_{i=1}^{n} \sigma_i(\alpha). \end{align*} [/definition] Both the trace and norm lie in $K$ — not merely in $\bar{K}$ — because any $K$-automorphism of $\bar{K}$ permutes the embeddings $\sigma_1, \dots, \sigma_n$ among themselves, leaving the sum and product unchanged. The trace is $K$-linear: $\mathrm{Tr}_{L/K}(\alpha + \beta) = \mathrm{Tr}_{L/K}(\alpha) + \mathrm{Tr}_{L/K}(\beta)$, and $\mathrm{Tr}_{L/K}(c\alpha) = c \cdot \mathrm{Tr}_{L/K}(\alpha)$ for $c \in K$. The norm is multiplicative: $N_{L/K}(\alpha \beta) = N_{L/K}(\alpha) N_{L/K}(\beta)$. When $L = K(\alpha)$, both invariants can be read off directly from the minimal polynomial. If $P_\alpha = t^n + a_{n-1} t^{n-1} + \cdots + a_0$ with roots $\alpha_1, \dots, \alpha_n$ in $\bar{K}$, then by Vieta's formulas, \begin{align*} \mathrm{Tr}_{L/K}(\alpha) &= \alpha_1 + \cdots + \alpha_n = -a_{n-1}, \\ N_{L/K}(\alpha) &= \alpha_1 \cdots \alpha_n = (-1)^n a_0. \end{align*} This means trace and norm are computable from the minimal polynomial alone, without needing to explicitly construct any embeddings. [quotetheorem:1315] These tower formulas say that summing (or multiplying) over all embeddings $M \to \bar{K}$ can be done in two stages: first sum over the embeddings $M \to \bar{L}$, then apply the $L/K$ trace to the result. The formulas are what make trace and norm practically powerful. If one needs to compute $\mathrm{Tr}_{M/K}(\alpha)$ for a degree-twelve extension that factors as two degree-six extensions, one does not need to find all twelve embeddings explicitly — the tower formula reduces it to two smaller computations. [remark: Connection to the Discriminant] The trace gives rise to the **trace form**, the symmetric bilinear form $(\alpha, \beta) \mapsto \mathrm{Tr}_{L/K}(\alpha \beta)$ on $L$ as a $K$-vector space. The discriminant of a basis $\alpha_1, \dots, \alpha_n$ is $\det(\mathrm{Tr}_{L/K}(\alpha_i \alpha_j))$. The extension $L/K$ is separable if and only if the trace form is nondegenerate, i.e., if and only if the discriminant of some (equivalently, every) basis is nonzero. This gives a purely algebraic, computation-friendly criterion for separability that does not require finding any roots explicitly — and it connects separability directly to the arithmetic of number fields, where discriminants govern ramification. [/remark] The picture that has emerged in this section is the following. Separability is the condition that forces irreducible polynomials to behave as one expects: distinct roots, the right number of embeddings, and degree equal to the count of symmetries. In characteristic zero it costs nothing. In characteristic $p$ it must be verified. With separability in hand, the Primitive Element Theorem guarantees that finite separable extensions are simple — generated by a single element — which makes them computationally tractable. Trace and norm then provide scalar invariants that aggregate the action of all embeddings and connect to discriminants, ramification, and arithmetic. The next ingredient needed for Galois theory is normality: the requirement that the extension contains all roots of the minimal polynomials of its elements, not just one. The combination of separability and normality will be the exact condition under which the fundamental theorem holds. ## 2.7 Normal Extensions Separability ensures that the roots of a minimal polynomial are distinct, but it says nothing about whether those roots actually live in the extension field. A separable extension can still miss most of the roots of a defining polynomial, and this asymmetry has serious consequences for the Galois group. The field $\mathbb{Q}(\sqrt[3]{2})$ illustrates the problem precisely: it contains the real cube root of $t^3 - 2$, but the other two roots, $\omega\sqrt[3]{2}$ and $\omega^2\sqrt[3]{2}$ where $\omega = e^{2\pi i/3}$, lie entirely outside $\mathbb{R}$. Any automorphism of $\mathbb{Q}(\sqrt[3]{2})$ fixing $\mathbb{Q}$ must send $\sqrt[3]{2}$ to another root of $t^3 - 2$ in the field, and since there is only one such root, the automorphism group is trivial. This is the gap that normality fills: it demands that once an irreducible polynomial has one foot in the extension, all of its roots must follow. [definition: Normal Extension] An algebraic extension $L/K$ is **normal** if for every irreducible polynomial $f \in K[t]$ that has at least one root in $L$, the polynomial $f$ splits completely in $L[t]$. [/definition] The condition is a coherence requirement on the extension: $L$ must be closed under the full orbit of each element under the action of $K$-algebra maps into an algebraic closure. Equivalently, it prevents the situation where $L$ recognizes one conjugate of an element but ignores the rest. There is a second characterization of normality that is often more useful in practice, because it describes which extensions are normal before computing any automorphisms. [quotetheorem:1316] The two directions require different ideas. Suppose first that $L$ is the splitting field of some polynomial $f$ over $K$. Let $g \in K[t]$ be irreducible with a root $\alpha \in L$, and let $\beta$ be any other root of $g$ in some algebraic closure $\bar{K}$. Since $\alpha$ and $\beta$ are both roots of the same irreducible polynomial, there is a $K$-isomorphism $\varphi: K(\alpha) \xrightarrow{\sim} K(\beta)$. The field $L$ is the splitting field of $f$ over $K(\alpha)$, and $\varphi(L)$ is the splitting field of $f$ over $K(\beta)$; since splitting fields are unique up to isomorphism, $\varphi$ extends to a $K$-automorphism $\Phi$ of $\bar{K}$ with $\Phi(L) = L$. In particular $\beta = \Phi(\alpha) \in L$, so $g$ splits completely in $L$. For the converse, write a finite normal extension as $L = K(\alpha_1, \ldots, \alpha_r)$. For each $i$, let $p_i \in K[t]$ be the minimal polynomial of $\alpha_i$ over $K$. Normality forces every root of $p_i$ to lie in $L$, so $L$ is the splitting field of the product $f = \prod_i p_i$. This equivalence is the structural reason splitting fields appear so prominently in Galois theory: they are precisely the finite normal extensions. [definition: Normal Closure] Let $L/K$ be a finite algebraic extension. The **normal closure** of $L$ over $K$ is the smallest extension $N/K$ (inside a fixed algebraic closure $\bar{K}$) such that $N/K$ is normal and $N \supseteq L$. [/definition] [motivation] Given any finite extension, normality may fail, but there is always a canonical way to repair this failure by adjoining the missing conjugates. The normal closure makes this minimal repair precise. [/motivation] If $L = K(\alpha_1, \ldots, \alpha_r)$ and $p_i$ denotes the minimal polynomial of $\alpha_i$ over $K$, then the normal closure is the splitting field of $\prod_i p_i$ over $K$. The splitting field automatically contains $L$ and is normal by the theorem above, and minimality follows because any normal extension containing $L$ must contain all roots of each $p_i$ and therefore contains the splitting field. [example: Quadratic Case] The extension $\mathbb{Q}(\sqrt{2})/\mathbb{Q}$ is normal. The minimal polynomial of $\sqrt{2}$ is $t^2 - 2$, with roots $\pm\sqrt{2}$. Both roots lie in $\mathbb{Q}(\sqrt{2})$, so the polynomial splits completely. Equivalently, $\mathbb{Q}(\sqrt{2})$ is the splitting field of $t^2 - 2$ over $\mathbb{Q}$. [/example] [example: The Failure at Degree Three] The extension $\mathbb{Q}(\sqrt[3]{2})/\mathbb{Q}$ is not normal. The minimal polynomial $t^3 - 2$ has three roots: $\sqrt[3]{2}$, $\omega\sqrt[3]{2}$, and $\omega^2\sqrt[3]{2}$, where $\omega = e^{2\pi i/3}$. Only the first root is real, so the other two do not belong to $\mathbb{Q}(\sqrt[3]{2}) \subset \mathbb{R}$. Thus $t^3 - 2$ has a root in $\mathbb{Q}(\sqrt[3]{2})$ but does not split there. The normal closure of $\mathbb{Q}(\sqrt[3]{2})$ over $\mathbb{Q}$ is $\mathbb{Q}(\sqrt[3]{2}, \omega)$. To see the degree, note that $[\mathbb{Q}(\sqrt[3]{2}):\mathbb{Q}] = 3$ and the minimal polynomial of $\omega$ over $\mathbb{Q}(\sqrt[3]{2})$ is $t^2 + t + 1$ (since $\omega \notin \mathbb{R}$), so the normal closure has degree $3 \cdot 2 = 6$ over $\mathbb{Q}$. [/example] [remark: Normal Is Not Transitive] Normality does not pass through towers. If $M/L$ is normal and $L/K$ is normal, the extension $M/K$ need not be normal. A standard counterexample is $K = \mathbb{Q}$, $L = \mathbb{Q}(\sqrt{2})$, and $M = \mathbb{Q}(\sqrt[4]{2})$. Both $M/L$ and $L/K$ are normal (each is degree two, hence a splitting field of a quadratic), but $M/K$ is not normal: the minimal polynomial $t^4 - 2$ has roots $\pm\sqrt[4]{2}$ and $\pm i\sqrt[4]{2}$, and the complex roots do not lie in $M \subset \mathbb{R}$. [/remark] With both separability and normality in hand, the stage is set for the definition of a Galois extension and the statement of the fundamental theorem. Normality supplies the missing conjugates; separability ensures those conjugates are distinct. Together they force the automorphism group to be as large as the degree allows, which is exactly the condition the fundamental theorem requires. ## 2.8 Fundamental Theorem of Galois Theory Everything in the preceding sections — separability, normality, splitting fields, character theory — has been building toward a single structural insight: that the intermediate fields of a field extension are secretly controlled by a group. This section makes that precise. The Fundamental Theorem of Galois Theory is not merely an important result; it is the reason Galois theory exists as a subject. [motivation] Polynomial equations over $\mathbb{Q}$ can be extraordinarily complicated. There is no obvious reason why the structure of their roots should be tractable. Galois's key observation was that the symmetries of the roots — the automorphisms of a splitting field — form a group, and that this group encodes everything about which combinations of roots can be expressed in terms of which others. The theorem we prove in this section makes this encoding completely explicit: intermediate fields and subgroups are in perfect, order-reversing correspondence. To understand the field, study the group. [/motivation] [definition: Galois Extension] Let $L/K$ be a finite field extension. We say $L/K$ is a **Galois extension** if it is both normal and separable. In this case the **Galois group** is \begin{align*} \operatorname{Gal}(L/K) = \{ \sigma : L \to L \mid \sigma \text{ is a field automorphism with } \sigma|_K = \operatorname{id}_K \}. \end{align*} A Galois extension satisfies $|\operatorname{Gal}(L/K)| = [L:K]$, and this equality can be taken as an equivalent definition. [/definition] The condition $|\operatorname{Gal}(L/K)| = [L:K]$ is worth pausing over. For a general finite extension, the automorphism group can be much smaller than the degree. Normality ensures that all conjugates of every element live in $L$; separability ensures that each minimal polynomial contributes the maximum number of distinct automorphisms. Together they force the count to be exact. [definition: Fixed Field] Let $H \leq \operatorname{Gal}(L/K)$ be a subgroup. The **fixed field** of $H$ is \begin{align*} L^H = \{ \alpha \in L : \sigma(\alpha) = \alpha \text{ for all } \sigma \in H \}. \end{align*} This is always an intermediate field: $K \subseteq L^H \subseteq L$. [/definition] The fixed field construction takes a subgroup and produces a field. The Galois correspondence will tell us that these two operations — taking the Galois group of an intermediate extension and taking the fixed field of a subgroup — are inverse to each other. Before we can state that, we need a foundational lemma due to Artin that connects the size of a group of automorphisms to the degree of the fixed field extension. [quotetheorem:1272] [citeproof:1272] Artin's lemma is the engine of everything that follows. It tells us that any finite group of automorphisms is already the Galois group of the fixed field extension, with no ambiguity. This is what allows the correspondence to be a bijection rather than merely a map. Now we can state and prove the central theorem of the course. [quotetheorem:1274] [citeproof:1274] [remark: Significance of the Theorem] The Fundamental Theorem is not just a classification result — it is a translation dictionary between two entirely different mathematical worlds. Every question about intermediate fields of $L/K$ becomes a question about subgroups of $G$, and group theory is, in many respects, far more tractable than field theory. We can draw subgroup lattices, compute indices, check normality with conjugation, and classify groups of small order. The theorem says all of this machinery applies directly to field extensions. This explains why the Abel-Ruffini theorem — that the general degree-five polynomial has no solution by radicals — is ultimately a theorem about $S_5$. An extension by radicals corresponds to a solvable group (one with a subnormal series with abelian quotients). Since $S_5$ is not solvable, no such tower of field extensions can produce all roots of a general quintic. The Galois group of an equation is the precise invariant that answers the question of solvability. The inclusion-reversal deserves emphasis: larger fields correspond to smaller groups, and smaller fields to larger groups. In particular, $K$ corresponds to all of $G$, and $L$ corresponds to the trivial subgroup. This reversal is not an inconvenience — it is the geometry of the situation. Adding constraints on elements (by requiring them to be fixed by more automorphisms) shrinks the field, and the larger the fixing group, the smaller the fixed field. [/remark] [example: The Splitting Field of $x^3 - 2$ over $\mathbb{Q}$] Let $\omega = e^{2\pi i/3}$ be a primitive cube root of unity. The splitting field of $x^3 - 2$ over $\mathbb{Q}$ is $L = \mathbb{Q}(\sqrt[3]{2}, \omega)$. Since $[L:\mathbb{Q}] = 6$ and $L/\mathbb{Q}$ is Galois, we have $G = \operatorname{Gal}(L/\mathbb{Q})$ with $|G| = 6$. The group $G$ is isomorphic to $S_3$, generated by: \begin{align*} \sigma : \sqrt[3]{2} \mapsto \omega\sqrt[3]{2}, \quad \omega \mapsto \omega \\ \tau : \sqrt[3]{2} \mapsto \sqrt[3]{2}, \quad \omega \mapsto \omega^2. \end{align*} Here $\sigma$ has order 3, $\tau$ has order 2, and $\tau \sigma \tau^{-1} = \sigma^{-1}$, confirming $G \cong S_3$. The subgroups of $S_3$ are: - The trivial group $\{e\}$, corresponding to $L$ itself. - Three subgroups of order 2: $\langle \tau \rangle$, $\langle \sigma\tau \rangle$, $\langle \sigma^2\tau \rangle$, each generated by a reflection. - One subgroup of order 3: $A_3 = \langle \sigma \rangle \cong \mathbb{Z}/3\mathbb{Z}$. - The full group $G$, corresponding to $\mathbb{Q}$. By the degree formula $[F:\mathbb{Q}] = [G:H]$, any subgroup of order 2 corresponds to a field of degree 3 over $\mathbb{Q}$, and the subgroup of order 3 corresponds to a field of degree 2. Reading off the fixed fields: \begin{align*} L^{\langle \tau \rangle} &= \mathbb{Q}(\sqrt[3]{2}), \\ L^{\langle \sigma\tau \rangle} &= \mathbb{Q}(\omega\sqrt[3]{2}), \\ L^{\langle \sigma^2\tau \rangle} &= \mathbb{Q}(\omega^2\sqrt[3]{2}), \\ L^{A_3} &= \mathbb{Q}(\omega). \end{align*} The lattice of subgroups (with $A_3$ normal in $G$, and the three order-2 subgroups not normal) maps under $\Psi$ to the lattice of intermediate fields with arrows reversed. In particular, $A_3 \trianglelefteq G$ corresponds to $\mathbb{Q}(\omega)/\mathbb{Q}$ being Galois with \begin{align*} \operatorname{Gal}(\mathbb{Q}(\omega)/\mathbb{Q}) \cong G/A_3 \cong \mathbb{Z}/2\mathbb{Z}. \end{align*} The three fields $\mathbb{Q}(\sqrt[3]{2})$, $\mathbb{Q}(\omega\sqrt[3]{2})$, $\mathbb{Q}(\omega^2\sqrt[3]{2})$ are not Galois over $\mathbb{Q}$ (their corresponding subgroups of order 2 are not normal in $S_3$), which matches the fact that $x^3 - 2$ does not split completely over any of these fields. [/example] [example: The Splitting Field of $x^4 - 2$ over $\mathbb{Q}$] Let $L = \mathbb{Q}(\sqrt[4]{2}, i)$. This is the splitting field of $x^4 - 2$ over $\mathbb{Q}$, with roots $\sqrt[4]{2}, i\sqrt[4]{2}, -\sqrt[4]{2}, -i\sqrt[4]{2}$. We have $[L:\mathbb{Q}] = 8$, so $|G| = 8$. The Galois group is generated by: \begin{align*} \sigma : \sqrt[4]{2} \mapsto i\sqrt[4]{2}, \quad i \mapsto i, \\ \tau : \sqrt[4]{2} \mapsto \sqrt[4]{2}, \quad i \mapsto -i. \end{align*} Here $\sigma$ has order 4, $\tau$ has order 2, and $\tau\sigma\tau^{-1} = \sigma^{-1} = \sigma^3$, so $G \cong D_4$, the dihedral group of order 8. The group $D_4$ has exactly 10 subgroups, so by the theorem there are exactly 10 intermediate fields between $\mathbb{Q}$ and $L$. Organizing by order of subgroup (equivalently, by degree of fixed field over $\mathbb{Q}$): **Subgroups of order 4** (fixed fields of degree 2 over $\mathbb{Q}$): \begin{align*} \langle \sigma \rangle &\longleftrightarrow \mathbb{Q}(i), \\ \langle \sigma^2, \tau \rangle &\longleftrightarrow \mathbb{Q}(\sqrt{2}), \\ \langle \sigma^2, \sigma\tau \rangle &\longleftrightarrow \mathbb{Q}(i\sqrt{2}). \end{align*} **Subgroups of order 2** (fixed fields of degree 4 over $\mathbb{Q}$): \begin{align*} \langle \sigma^2 \rangle &\longleftrightarrow \mathbb{Q}(\sqrt{2}, i), \\ \langle \tau \rangle &\longleftrightarrow \mathbb{Q}(\sqrt[4]{2}), \\ \langle \sigma^2\tau \rangle &\longleftrightarrow \mathbb{Q}(i\sqrt[4]{2}), \\ \langle \sigma\tau \rangle &\longleftrightarrow \mathbb{Q}((1+i)\sqrt[4]{2}/\sqrt{2}), \\ \langle \sigma^3\tau \rangle &\longleftrightarrow \mathbb{Q}((1-i)\sqrt[4]{2}/\sqrt{2}). \end{align*} The trivial group and full group give $L$ and $\mathbb{Q}$ as before. Among the order-4 subgroups, all three are normal in $D_4$ (since $[D_4 : H] = 2$ forces normality), so the corresponding degree-2 extensions $\mathbb{Q}(i)/\mathbb{Q}$, $\mathbb{Q}(\sqrt{2})/\mathbb{Q}$, $\mathbb{Q}(i\sqrt{2})/\mathbb{Q}$ are all Galois over $\mathbb{Q}$, each with Galois group $\mathbb{Z}/2\mathbb{Z}$. The degree-4 extensions present more variety: $\langle \sigma^2 \rangle$ is normal in $G$, giving $\mathbb{Q}(\sqrt{2}, i)/\mathbb{Q}$ Galois with group $\mathbb{Z}/2\mathbb{Z} \times \mathbb{Z}/2\mathbb{Z}$, while the reflections $\langle \tau \rangle$ and $\langle \sigma^2\tau \rangle$ are not normal in $D_4$, so $\mathbb{Q}(\sqrt[4]{2})$ and $\mathbb{Q}(i\sqrt[4]{2})$ are not Galois over $\mathbb{Q}$. The $D_4$ example illustrates a key qualitative point: the non-abelian structure of the Galois group is directly reflected in the asymmetry of the intermediate field lattice. Some extensions are Galois, some are not; the theorem tells us exactly which ones and why. [/example] [explanation: Reading the Correspondence in Practice] When working with a concrete Galois extension, the strategy is: 1. Compute $G = \operatorname{Gal}(L/K)$ by identifying generators and their actions on roots. 2. List all subgroups of $G$ (using Sylow theory, normal series, or direct computation for small groups). 3. For each subgroup $H$, the fixed field $L^H$ is found by determining which elements are fixed by every element of $H$. 4. Check normality of each subgroup to determine which intermediate extensions are themselves Galois over $K$. 5. For normal subgroups, identify the quotient $G/H$ to name the Galois group of the subextension. The theorem guarantees this process yields a complete, irredundant list of all intermediate fields with no possibility of missing one or double-counting. [/explanation] ## 2.9 Finite Fields [motivation] The Fundamental Theorem of Galois Theory is most often met first in the context of characteristic-zero fields, where the architecture can feel baroque. Finite fields offer a corrective: here every extension is Galois, the Galois group is always cyclic, and it is generated by a single automorphism so natural it has its own name. Studying finite fields is not merely an application of the theory — it is a place where the full machinery snaps into focus with unusual clarity. [/motivation] The first question is whether finite fields beyond $\mathbb{F}_p$ exist at all, and what cardinalities are possible. The answer is clean. [quotetheorem:1275] The proof of existence and uniqueness runs through a single polynomial. Consider $f(t) = t^{p^n} - t$ over $\mathbb{F}_p$, and let $\mathbb{F}_{p^n}$ be its splitting field. The formal derivative is $f'(t) = p^n t^{p^n - 1} - 1 = -1$, since $p^n \equiv 0$ in characteristic $p$. Because $\gcd(f, f') = \gcd(f, -1) = 1$, the polynomial $f$ is separable: it has exactly $p^n$ distinct roots in the splitting field. The crucial observation is that this root set is itself a field. If $a$ and $b$ are roots, then $a^{p^n} = a$ and $b^{p^n} = b$, and the Frobenius identity $(a - b)^{p^n} = a^{p^n} - b^{p^n} = a - b$ shows $a - b$ is also a root; likewise $(ab^{-1})^{p^n} = ab^{-1}$. So the $p^n$ roots form a subfield, which must be the entire splitting field. This subfield has exactly $p^n$ elements, establishing existence. For uniqueness, let $K$ be any field with $p^n$ elements. Its multiplicative group $K^\times$ has order $p^n - 1$, so by Lagrange's theorem every element satisfies $x^{p^n - 1} = 1$, hence every element of $K$ (including $0$) satisfies $x^{p^n} = x$. Thus every element of $K$ is a root of $t^{p^n} - t$, and since $K$ has exactly $p^n$ elements and $t^{p^n} - t$ has at most $p^n$ roots, $K$ is precisely the splitting field of $t^{p^n} - t$ over $\mathbb{F}_p$. Splitting fields are unique up to isomorphism, so $K \cong \mathbb{F}_{p^n}$. The multiplicative group deserves its own statement because it is used repeatedly in what follows. [quotetheorem:1317] The argument is a standard lemma about finite subgroups of fields: if $G$ is a finite subgroup of the multiplicative group of any field, then $G$ is cyclic. The key is that in a field, the equation $x^d = 1$ has at most $d$ solutions. If $G$ were not cyclic, there would exist some $d \mid |G|$ for which the number of elements of order dividing $d$ exceeds $d$, contradicting this bound. Therefore $G$ must be cyclic. A generator of $\mathbb{F}_q^\times$ is called a primitive element, and its existence is not merely a curiosity — it means $\mathbb{F}_q = \mathbb{F}_p(\alpha)$ for some $\alpha$, confirming that every finite extension of a finite field is simple. [motivation] The Galois group of $\mathbb{F}_{p^n}/\mathbb{F}_p$ is where the theory becomes particularly elegant. Rather than hunting for automorphisms abstractly, we can write one down immediately: raise everything to the $p$-th power. [/motivation] [definition: Frobenius Automorphism] Let $q = p^n$. The Frobenius automorphism is the map \begin{align*} \mathrm{Fr} : \mathbb{F}_{p^n} &\longrightarrow \mathbb{F}_{p^n} \\ x &\longmapsto x^p. \end{align*} [/definition] That $\mathrm{Fr}$ is a field homomorphism follows from characteristic $p$: $\mathrm{Fr}(x + y) = (x+y)^p = x^p + y^p = \mathrm{Fr}(x) + \mathrm{Fr}(y)$, where the cross terms all vanish by divisibility of binomial coefficients $\binom{p}{k}$ by $p$ for $0 < k < p$. Multiplicativity is immediate. Since $\mathrm{Fr}$ is a nonzero field homomorphism, it is injective; as $\mathbb{F}_{p^n}$ is finite, it is bijective. Every element of $\mathbb{F}_p$ satisfies $x^p = x$ by Fermat's little theorem, so $\mathrm{Fr}$ fixes $\mathbb{F}_p$ pointwise. Therefore $\mathrm{Fr} \in \mathrm{Gal}(\mathbb{F}_{p^n}/\mathbb{F}_p)$. [quotetheorem:1318] The extension $\mathbb{F}_{p^n}/\mathbb{F}_p$ has degree $n$ (since $\mathbb{F}_{p^n}$ is an $n$-dimensional $\mathbb{F}_p$-vector space), so $|\mathrm{Gal}(\mathbb{F}_{p^n}/\mathbb{F}_p)| = n$. It suffices to show that $\mathrm{Fr}$ has order exactly $n$ in this group. The iterate $\mathrm{Fr}^k$ sends $x \mapsto x^{p^k}$. We have $\mathrm{Fr}^k = \mathrm{id}$ if and only if every $x \in \mathbb{F}_{p^n}$ satisfies $x^{p^k} = x$, which means every element is a root of $t^{p^k} - t$. This polynomial has at most $p^k$ roots, so we need $p^n \leq p^k$, i.e., $n \leq k$. Thus the smallest positive $k$ with $\mathrm{Fr}^k = \mathrm{id}$ is $k = n$, confirming that $\mathrm{Fr}$ has order $n$ and generates the full Galois group. This result is striking: the Galois group of every finite field extension is not merely abelian but cyclic, and it comes with a canonical generator written down before we even knew the group's structure. In characteristic zero, finding a generator of the Galois group typically requires real work; here it is free. Now the Fundamental Theorem of Galois Theory translates the entire lattice of subfields into pure number theory. [quotetheorem:1319] The divisibility condition has a direct algebraic explanation matching what we saw in the uniqueness proof: $\mathbb{F}_{p^d}$ consists of elements satisfying $x^{p^d} = x$. For such an element to also satisfy $x^{p^n} = x$, we need $x^{p^d} = x$ to imply $x^{p^n} = x$. Writing $n = dk$, we get $x^{p^n} = (x^{p^d})^{p^{d(k-1)}} = x^{p^{d(k-1)}}$, and iterating, $x^{p^n} = x$. Conversely, if $d \nmid n$, the roots of $t^{p^d} - t$ and $t^{p^n} - t$ can overlap only in a smaller subfield. The FTGT supplies the structural reason: subgroups of the cyclic group $\mathbb{Z}/n\mathbb{Z}$ are themselves cyclic, indexed exactly by the divisors of $n$, and the lattice of subgroups is anti-isomorphic to the lattice of subfields. [example: Subfields of $\mathbb{F}_{64}$] Take $p = 2$, $n = 6$, so $q = 2^6 = 64$. The divisors of $6$ are $1, 2, 3, 6$. By the subfield correspondence, $\mathbb{F}_{64}$ contains exactly four subfields: - $\mathbb{F}_2$ (corresponding to the full group $\mathbb{Z}/6\mathbb{Z}$, fixed by all of Gal) - $\mathbb{F}_4 = \mathbb{F}_{2^2}$ (corresponding to the subgroup $\{0, 2, 4\} \cong \mathbb{Z}/3\mathbb{Z}$, fixed by $\mathrm{Fr}^2$) - $\mathbb{F}_8 = \mathbb{F}_{2^3}$ (corresponding to the subgroup $\{0, 3\} \cong \mathbb{Z}/2\mathbb{Z}$, fixed by $\mathrm{Fr}^3$) - $\mathbb{F}_{64}$ itself (corresponding to the trivial subgroup, fixed only by the identity) Note that $\mathbb{F}_4$ and $\mathbb{F}_8$ are both subfields of $\mathbb{F}_{64}$, but neither contains the other, since $2 \nmid 3$ and $3 \nmid 2$. Their intersection is $\mathbb{F}_2$, and there is no subfield of size $16$ or $32$ inside $\mathbb{F}_{64}$ because $4$ and $5$ do not divide $6$. [/example] [remark: The Frobenius in Arithmetic] The Frobenius automorphism extends far beyond finite fields. In algebraic number theory, for a prime $\mathfrak{p}$ lying over a rational prime $p$ in a number field, the decomposition group at $\mathfrak{p}$ contains a canonical element — the arithmetic Frobenius — which reduces to the map $x \mapsto x^p$ on the residue field. This is the entry point to class field theory and, ultimately, to the Langlands program, where one asks which representations of Galois groups arise from automorphic forms. The humble map $x \mapsto x^p$ on $\mathbb{F}_{p^n}$ is thus the prototype of one of the central objects in modern mathematics. [/remark] The theoretical framework is now complete: solvability by radicals is equivalent to having a solvable Galois group. But how does one actually compute a Galois group for a specific polynomial? # 3. Solutions to Polynomial Equations Galois theory began with the desire to solve polynomial equations by radicals, and this chapter delivers the payoff: a complete characterization of when this is possible. The route passes through cyclotomic extensions (which provide roots of unity), Kummer extensions (which describe what adjoining a single radical looks like), and the group-theoretic notion of solvability. The culmination is the theorem that a polynomial is solvable by radicals if and only if its Galois group is a solvable group — and the demonstration that the symmetric group $S_n$ fails this test for $n geq 5$. ## 3.1 Cyclotomic Extensions [motivation] The Galois correspondence gives a precise dictionary between subgroups and subfields, but its power only becomes visible when we have explicit examples where both sides can be computed. Adjoining roots of unity provides the cleanest such examples: the resulting extensions have abelian Galois groups whose structure is completely determined by arithmetic modulo $n$. Understanding these extensions is the first step toward deciding which polynomial equations can be solved by radicals. [/motivation] When we adjoin an $n$th root of unity to $\mathbb{Q}$, we are adjoining a root of $t^n - 1$. But $t^n - 1$ splits into factors corresponding to the various orders of its roots, and it is the irreducible factor capturing the primitive roots that carries the essential arithmetic. [definition: Roots of Unity] Let $n \geq 1$. An **$n$th root of unity** is any element $\zeta$ in an algebraic closure $\overline{\mathbb{Q}}$ satisfying $\zeta^n = 1$. The set of all $n$th roots of unity forms a cyclic group of order $n$ under multiplication. A **primitive $n$th root of unity** is a generator of this cyclic group, equivalently an element of exact order $n$. [/definition] The primitive $n$th roots are precisely those $\zeta^k$ where $\gcd(k, n) = 1$, so there are $\phi(n)$ of them. Rather than work with all roots at once, we isolate the minimal polynomial that these primitive roots share over $\mathbb{Q}$. [definition: Cyclotomic Polynomial] The **$n$th cyclotomic polynomial** is \begin{align*} \Phi_n(t) = \prod_{\substack{1 \leq k \leq n \\ \gcd(k,n) = 1}} (t - \zeta^k) \end{align*} where $\zeta = e^{2\pi i/n}$. This is a monic polynomial of degree $\phi(n)$ with roots exactly the primitive $n$th roots of unity. [/definition] The factorization $t^n - 1 = \prod_{d \mid n} \Phi_d(t)$ holds because every $n$th root of unity is a primitive $d$th root for exactly one divisor $d$ of $n$. This gives a recursive method for computing cyclotomic polynomials from smaller ones. The first few are $\Phi_1(t) = t - 1$, $\Phi_2(t) = t + 1$, $\Phi_3(t) = t^2 + t + 1$, $\Phi_4(t) = t^2 + 1$, $\Phi_5(t) = t^4 + t^3 + t^2 + t + 1$. A key fact is that $\Phi_n(t)$ has integer coefficients, which follows by induction using the factorization above and the fact that $\mathbb{Z}[t]$ is a UFD. The deeper result is irreducibility over $\mathbb{Q}$. [quotetheorem:1279] The proof rests on a prime-stepping argument. Suppose $\Phi_n = fg$ in $\mathbb{Z}[t]$ with $f$ monic irreducible and $g$ nonconstant. Let $\zeta$ be a root of $f$. We show every primitive $n$th root is also a root of $f$, forcing $g = 1$. It suffices to show: if $\zeta$ is a root of $f$ and $p$ is any prime not dividing $n$, then $\zeta^p$ is also a root of $f$. Since $\Phi_n(\zeta^p) = 0$, either $f(\zeta^p) = 0$ or $g(\zeta^p) = 0$. Suppose $g(\zeta^p) = 0$, so $\zeta$ is a root of $g(t^p)$. Then $f \mid g(t^p)$ in $\mathbb{Q}[t]$. Reducing mod $p$, we get $\bar{f} \mid \overline{g(t^p)} = \bar{g}(t^p) = \bar{g}(t)^p$ in $\mathbb{F}_p[t]$. So $\bar{f}$ and $\bar{g}$ share a common irreducible factor $\bar{h}$ in $\mathbb{F}_p[t]$, meaning $\bar{h}^2 \mid \overline{\Phi_n}$ in $\mathbb{F}_p[t]$. But $t^n - 1$ has no repeated roots in $\mathbb{F}_p[t]$ when $p \nmid n$ (its derivative $nt^{n-1}$ is nonzero), so its factor $\overline{\Phi_n}$ is squarefree — a contradiction. Therefore $f(\zeta^p) = 0$. Repeating this argument across all primes not dividing $n$ shows every primitive $n$th root is a root of $f$, so $\deg f = \phi(n) = \deg \Phi_n$ and $g$ is a constant, hence $g = 1$. This argument is worth absorbing carefully: the key input is that $t^n - 1$ is separable mod $p$ whenever $p \nmid n$, and squarefreeness in the reduction forces all primitive roots to live in a single irreducible factor. The irreducibility of $\Phi_n$ over $\mathbb{Q}$ is not obvious from its explicit form — for instance $\Phi_{105}$ has a coefficient of $-2$, dispelling any hope of a simpler pattern argument. [quotetheorem:1320] Since $\Phi_n$ is irreducible of degree $\phi(n)$ and $\zeta_n$ is a root, the degree statement is immediate. Galois-ness follows because $\mathbb{Q}(\zeta_n)$ is the splitting field of the separable polynomial $t^n - 1$ over $\mathbb{Q}$: once one primitive root $\zeta_n$ is present, all $n$th roots $\zeta_n^k$ belong to $\mathbb{Q}(\zeta_n)$, so $t^n - 1$ splits completely. Having established that $\mathbb{Q}(\zeta_n)/\mathbb{Q}$ is Galois of degree $\phi(n)$, we can identify its Galois group explicitly. Any automorphism fixing $\mathbb{Q}$ is determined by its value on $\zeta_n$, and it must send $\zeta_n$ to another primitive $n$th root, so to $\zeta_n^a$ for some $a$ with $\gcd(a, n) = 1$. [quotetheorem:1278] The map is well-defined because $\sigma_a$ depends only on $a \bmod n$: if $a \equiv b \pmod{n}$ then $\zeta_n^a = \zeta_n^b$. It is a homomorphism because $\sigma_a \circ \sigma_b(\zeta_n) = \sigma_a(\zeta_n^b) = \zeta_n^{ab} = \sigma_{ab}(\zeta_n)$. Injectivity is clear since $\sigma_a = \sigma_b$ forces $\zeta_n^a = \zeta_n^b$, hence $a \equiv b \pmod{n}$. Both groups have order $\phi(n)$, so the map is an isomorphism. The abelian nature of $\operatorname{Gal}(\mathbb{Q}(\zeta_n)/\mathbb{Q})$ will be central to the solvability theory developed in subsequent sections. The general principle that extensions with abelian Galois groups — called **abelian extensions** — admit explicit descriptions is a preview of class field theory, though we will not pursue that direction here. [example: The Fifth Cyclotomic Field] Take $n = 5$. Here $\phi(5) = 4$ and $(\mathbb{Z}/5\mathbb{Z})^* = \{1, 2, 3, 4\}$ is cyclic of order $4$, generated by $2$ (since $2^1 = 2$, $2^2 = 4$, $2^3 = 3$, $2^4 = 1$ mod $5$). The Galois group $\operatorname{Gal}(\mathbb{Q}(\zeta_5)/\mathbb{Q}) = \{\sigma_1, \sigma_2, \sigma_3, \sigma_4\}$ is cyclic of order $4$, generated by $\sigma_2$. The lattice of subgroups of $\mathbb{Z}/4\mathbb{Z}$ has a unique subgroup of order $2$, namely $\{0, 2\} \leftrightarrow \{\sigma_1, \sigma_4\}$ (since $\sigma_4(\zeta_5) = \zeta_5^4 = \overline{\zeta_5}$, which is complex conjugation). By the Galois correspondence, $\mathbb{Q}(\zeta_5)/\mathbb{Q}$ has a unique intermediate field of degree $2$ over $\mathbb{Q}$, namely the fixed field of $\{\sigma_1, \sigma_4\}$. The element $\zeta_5 + \zeta_5^4 = \zeta_5 + \overline{\zeta_5} = 2\cos(2\pi/5)$ is fixed by $\sigma_4$ and generates this intermediate field. One computes $2\cos(2\pi/5) = (\sqrt{5} - 1)/2$, so the unique quadratic subfield is $\mathbb{Q}(\sqrt{5})$. [/example] [remark: Subfields of Prime Cyclotomic Fields] For a prime $p$, the group $(\mathbb{Z}/p\mathbb{Z})^*$ is cyclic of order $p - 1$. The subgroups of a cyclic group of order $p - 1$ correspond to divisors of $p - 1$, so the Galois correspondence gives one intermediate field $\mathbb{Q} \subset F_d \subset \mathbb{Q}(\zeta_p)$ for each divisor $d$ of $p - 1$, with $[F_d : \mathbb{Q}] = d$. In particular, $\mathbb{Q}(\zeta_p)$ contains a unique quadratic subfield. When $p \equiv 1 \pmod{4}$ this subfield is $\mathbb{Q}(\sqrt{p})$; when $p \equiv 3 \pmod{4}$ it is $\mathbb{Q}(\sqrt{-p})$. These subfields played a historical role in Gauss's theory of quadratic residues, and the Galois correspondence makes their existence transparent. [/remark] ## 3.2 Kummer Extensions The previous section showed how to adjoin roots of unity to a field. The next natural step is to adjoin an $n$th root of a field element — that is, to study the splitting field of a polynomial of the form $t^n - \lambda$. But the Galois theory of such extensions depends heavily on whether the base field already contains the relevant roots of unity. When it does not, the splitting field must account for both the radical and the missing roots of unity, and the Galois group can be non-abelian. The cleanest theory emerges when the roots of unity are already present, and isolating this case leads to the notion of a Kummer extension. Before reaching that definition, we study the splitting field of $t^n - \lambda$ over an arbitrary field $K$ (subject only to a separability condition on the characteristic) and use the structure we find to motivate the definition. [definition: Cyclic Extension] A Galois extension $L/K$ is a *cyclic extension* if $\operatorname{Gal}(L/K)$ is a cyclic group. [/definition] Cyclic extensions are the simplest non-trivial Galois extensions. As we will see, the splitting field of $t^n - \lambda$ naturally produces cyclic extensions once the appropriate roots of unity are in place. [quotetheorem:1326] [citeproof:1326] The theorem reveals a two-step structure in any splitting field of $t^n - \lambda$: first adjoin the roots of unity to get $K(\mu)$, then adjoin a single root $\alpha$ to reach $L$. The second step is always cyclic. The first step is a cyclotomic extension, already studied in the previous section. The interest of Kummer theory lies entirely in the second step — and this motivates restricting attention to fields that already contain the roots of unity. [example: Splitting Field of $t^4 + 2$ over $\mathbb{Q}$] Consider $t^4 + 2 \in \mathbb{Q}[t]$, which we write as $t^4 - (-2)$. Let $\mu = i$ (a primitive $4$th root of unity) and $\alpha = \sqrt[4]{-2}$, a root of $t^4 + 2$. The four roots are \begin{align*} \alpha, \quad -\alpha, \quad i\alpha, \quad -i\alpha, \end{align*} giving the factorization $t^4 + 2 = (t - \alpha)(t + \alpha)(t - i\alpha)(t + i\alpha)$. The splitting field is $\mathbb{Q}(i, \alpha)$, and the tower is $\mathbb{Q} \subseteq \mathbb{Q}(i) \subseteq \mathbb{Q}(i, \alpha)$. To check irreducibility of $t^4 + 2$ over $\mathbb{Q}(i)$: if $t^4 + 2$ were reducible over $\mathbb{Q}(i)$, the product of some proper subset of the roots would lie in $\mathbb{Q}(i)$. In particular, $\sqrt{-2} = \alpha^2$ would have to lie in $\mathbb{Q}(i)$, meaning $\sqrt{-2} = a + bi$ for some $a, b \in \mathbb{Q}$. Squaring gives $-2 = a^2 - b^2 + 2abi$, forcing $ab = 0$ and $a^2 - b^2 = -2$. If $a = 0$ then $b^2 = 2$, impossible in $\mathbb{Q}$; if $b = 0$ then $a^2 = -2$, also impossible. So $t^4 + 2$ is irreducible over $\mathbb{Q}(i)$, and by the theorem, $\mathbb{Q}(i) \subseteq \mathbb{Q}(i, \alpha)$ is a cyclic extension of degree exactly $4$. [/example] The example illustrates the theorem's third part in action: irreducibility over $K(\mu)$ is what forces the degree to be the full $n$, and checking it requires concrete arithmetic in $K(\mu)$. We now isolate the situation where the base field already contains the roots of unity. [definition: Kummer Extension] Let $K$ be a field, $\lambda \in K$ non-zero, $n \in \mathbb{N}$, and suppose $\operatorname{char} K = 0$ or $0 < \operatorname{char} K \nmid n$. Suppose $K$ contains a primitive $n$th root of unity, and let $L$ be the splitting field of $t^n - \lambda$. If $[L : K] = n$, then $L/K$ is called a *Kummer extension*. [/definition] When $K$ already contains a primitive $n$th root of unity $\mu$, the first step $K \subseteq K(\mu)$ of the tower collapses: $K(\mu) = K$. The entire extension $L/K$ is then the cyclic extension produced by the second step. The Kummer extension is precisely the case where this cyclic extension has the largest possible degree. A natural question arises: is the converse true? If $L/K$ is a cyclic extension of degree $n$ and $K$ contains a primitive $n$th root of unity, must $L$ be the splitting field of some $t^n - \lambda$? The answer is yes, but the proof requires a technical tool: the linear independence of field homomorphisms. [quotetheorem:1282] [citeproof:1282] This lemma is a statement about the richness of field automorphisms: they are "spread out" enough that no non-trivial linear combination over $L$ can vanish identically. The result is sometimes called Dedekind's lemma on the independence of characters, and it plays a foundational role throughout Galois theory. Its immediate application here is to produce, inside a cyclic extension, an element with a prescribed transformation property under the generator of the Galois group. [quotetheorem:1283] [citeproof:1283] This result closes the circle: the structure theorem showed that splitting fields of $t^n - \lambda$ (when the degree is maximal) produce cyclic extensions. The converse shows that every cyclic extension of the right degree arises this way. Even when a splitting field of $t^n - \lambda$ does not have degree $n$ — for instance because $\lambda$ is secretly a perfect power — the extension is still cyclic by the structure theorem, and the converse then identifies it as a Kummer extension for a different element. For example, if $n = 4$ and $\lambda$ happens to be a square in $K$, the splitting field of $t^4 - \lambda$ is really the splitting field of $t^2 - \sqrt{\lambda}$, a Kummer extension of degree $2$ rather than $4$. [citeproof:1283] The construction of $\beta$ in the proof — a "Lagrange resolvent" — is worth noting. The expression $\beta = \sum_{j=0}^{n-1} \mu^j \phi^j(\alpha)$ is designed so that applying $\phi$ shifts the exponents by one and introduces a factor of $\mu^{-1}$, giving $\beta$ the exact eigenvalue property needed. This technique reappears whenever one needs to produce elements with prescribed transformation behavior under a cyclic group action. [example: Decomposition of $t^3 - 2$ over $\mathbb{Q}$] Consider $t^3 - 2 \in \mathbb{Q}[t]$, and let $\omega$ be a primitive cube root of unity. The splitting field of $t^3 - 2$ over $\mathbb{Q}$ is $\mathbb{Q}(\omega, \sqrt[3]{2})$, and the tower decomposes as \begin{align*} \mathbb{Q} \subset \mathbb{Q}(\omega) \subset \mathbb{Q}(\omega, \sqrt[3]{2}). \end{align*} The first step $\mathbb{Q} \subset \mathbb{Q}(\omega)$ is a cyclotomic extension of degree $2$ (since $\omega$ is a root of the irreducible $t^2 + t + 1$). For the second step, $\mathbb{Q}(\omega)$ contains a primitive cube root of unity, and $t^3 - 2$ is irreducible over $\mathbb{Q}(\omega)$ (since $\sqrt[3]{2}$ is real and not in $\mathbb{Q}(\omega) \subset \mathbb{C}$, and any factorization of $t^3 - 2$ over $\mathbb{Q}(\omega)$ would require $\sqrt[3]{2} \in \mathbb{Q}(\omega)$). So $\mathbb{Q}(\omega) \subset \mathbb{Q}(\omega, \sqrt[3]{2})$ is a Kummer extension of degree $3$. This decomposition — first a cyclotomic step, then a Kummer step — is the prototype for the general strategy of studying radical extensions: adjoin roots of unity first to ensure the base field satisfies the hypotheses of Kummer theory, then adjoin the radical. [/example] ## 3.3 Radical Extensions The classical formulas for roots of cubics and quartics express solutions as nested combinations of square roots, cube roots, and fourth roots of rational expressions in the coefficients. Before asking whether such formulas exist for higher-degree polynomials, we need a precise algebraic framework for what it means to build a field by successively extracting roots — and for what it means for a polynomial to be solvable by this process. [definition: Radical Step] A field extension $L/K$ is a *radical step* if $L = K(\alpha)$ for some $\alpha$ satisfying $\alpha^n \in K$ for some positive integer $n$. We call $\alpha$ a *radical element* of exponent $n$ over $K$. [/definition] A single radical step adjoins one $n$-th root; the interest lies in iterating this construction. [definition: Radical Extension] An extension $F/K$ is a *radical extension* if there exists a tower of fields \begin{align*} K = F_0 \subset F_1 \subset F_2 \subset \cdots \subset F_r = F \end{align*} such that each step $F_i / F_{i-1}$ is a radical step. That is, for each $i$ there exist $\alpha_i \in F_i$ and $n_i \geq 1$ with $\alpha_i^{n_i} \in F_{i-1}$ and $F_i = F_{i-1}(\alpha_i)$. [/definition] The number $r$ is the *depth* of the tower, and the sequence $(n_1, \ldots, n_r)$ records the degrees of the roots being extracted at each stage. A radical extension is thus precisely the algebraic structure underlying a formula involving nested radicals: starting from the base field and adjoining one radical at a time. [definition: Solvable by Radicals] A polynomial $f \in K[x]$ is *solvable by radicals over $K$* if its splitting field is contained in some radical extension of $K$. Equivalently, there exists a radical extension $F/K$ such that $f$ splits completely over $F$. [/definition] Note that we ask only for containment: the splitting field need not itself be a radical extension, since radical extensions need not be Galois. The definition captures the idea that all roots of $f$ can be expressed using the field operations of $K$ together with finitely many nested radical extractions. [example: Illustration] The discriminant formula for the quadratic $x^2 + bx + c$ over $\mathbb{Q}$ gives roots in $\mathbb{Q}(\sqrt{b^2 - 4c})$, a radical extension of depth one. The Cardano formula for a depressed cubic $x^3 + px + q$ produces roots lying in a tower of the form $\mathbb{Q} \subset \mathbb{Q}(\omega, \Delta^{1/2}) \subset \mathbb{Q}(\omega, \Delta^{1/2}, u^{1/3})$, where $\omega$ is a primitive cube root of unity, $\Delta$ is the discriminant, and $u$ is an explicit expression in $p$ and $q$. This illustrates the general pattern: roots of unity inevitably enter as soon as we adjoin cube roots or higher. That last observation is not accidental. [/example] [remark: Enlarging to a Galois Radical Extension] Given any radical extension $F/K$, one can always find a Galois radical extension $E/K$ with $F \subseteq E$. The construction proceeds by first adjoining all the necessary roots of unity to $K$ — obtaining a field over which each radical step $F_i/F_{i-1}$ becomes a Kummer extension — and then taking the Galois closure. Since Kummer extensions are Galois when the base field contains appropriate roots of unity, the resulting tower has each step abelian, hence Galois. The enlarged extension $E$ is radical and Galois over $K$, and $f$ still splits within it. [/remark] This remark justifies working with Galois radical extensions without loss of generality when studying solvability. It also points toward why solvable groups enter the picture: Galois radical extensions, when built from Kummer steps, have Galois groups that are successively built from abelian quotients — precisely the structure axiomatized by solvability. [quotetheorem:1321] The proof of this theorem occupies the next section. One direction — Galois group solvable implies solvable by radicals — proceeds by building the radical tower from the subnormal series of the group, using roots of unity to make each quotient step abelian and then invoking Kummer theory. The other direction — solvability by radicals forces the Galois group to be solvable — follows from the correspondence between radical towers and subnormal series with abelian factors. The theorem transforms the question of solving polynomials by radicals into a question in group theory, and once one can write down a polynomial whose Galois group is $S_5$ or $A_5$ — neither of which is solvable — the insolvability of the general quintic follows immediately. This is the route we take in Section 3.5. ## 3.4 Solubility of Groups, Extensions, and Polynomials The question at the heart of this section is structural: which field extensions can be built by successively adjoining roots, and what does the Galois group look like when they can? A radical tower is a chain of fields $F = F_0 \subset F_1 \subset \cdots \subset F_r$ where each step $F_{i+1} = F_i(\alpha_i)$ with $\alpha_i^{n_i} \in F_i$. The symmetry group of such an extension is constrained in a very specific way — it must be *solvable* — and this constraint is the key to understanding why degree-five polynomials resist a general formula. ### Solvable Groups A group $G$ is **solvable** if there exists a subnormal series \begin{align*} 1 = G_0 \trianglelefteq G_1 \trianglelefteq \cdots \trianglelefteq G_k = G \end{align*} in which every quotient $G_i / G_{i-1}$ is abelian. The requirement is not that the series be a composition series, nor that the subgroups be normal in $G$ itself — only normality within the next larger group is needed. Solvability is therefore a measure of how far $G$ is from being abelian: any abelian group is solvable by the series $1 \trianglelefteq G$, and more complicated groups are solvable if their "abelian defects" can be peeled away in layers. The **derived series** provides a canonical test. Define $G^{(0)} = G$ and $G^{(i+1)} = [G^{(i)}, G^{(i)}]$, the commutator subgroup of the previous term. Since $[H,H]$ is always characteristic in $H$, each $G^{(i+1)}$ is normal in $G^{(i)}$, and the quotients $G^{(i)}/G^{(i+1)}$ are abelian by construction. The group $G$ is solvable if and only if $G^{(n)} = 1$ for some $n$. The derived series is the fastest-descending subnormal series with abelian quotients: any other such series contains the terms of the derived series. This makes it the right tool for proving non-solvability — if the derived series never reaches $1$, no other abelian-quotient series can either. ### Small Symmetric Groups The symmetric groups $S_n$ for small $n$ are solvable, and it is instructive to see the series explicitly. - $S_2 \cong \mathbb{Z}/2\mathbb{Z}$ is abelian, so the series $1 \trianglelefteq S_2$ works. - For $S_3$, the alternating group $A_3 \cong \mathbb{Z}/3\mathbb{Z}$ is normal in $S_3$ with quotient $S_3/A_3 \cong \mathbb{Z}/2\mathbb{Z}$, giving $1 \trianglelefteq A_3 \trianglelefteq S_3$ with cyclic quotients. - For $S_4$, the Klein four-group $V = \{e, (12)(34), (13)(24), (14)(23)\}$ is normal in $A_4$, and $A_4/V \cong \mathbb{Z}/3\mathbb{Z}$, $V \cong (\mathbb{Z}/2\mathbb{Z})^2$. The series $1 \trianglelefteq V \trianglelefteq A_4 \trianglelefteq S_4$ has abelian quotients. These cases match the historical fact that general polynomials of degree at most four have radical solutions. ### Alternating Groups and the Failure at $n \geq 5$ For $n \geq 5$, the alternating group $A_n$ is simple: it has no proper nontrivial normal subgroups. The proof rests on the behavior of $3$-cycles. Every element of $A_n$ is a product of $3$-cycles, and any two $3$-cycles in $A_n$ are conjugate when $n \geq 5$ (since $n \geq 5$ supplies enough room to extend a conjugating permutation to an even one). A normal subgroup containing any $3$-cycle therefore contains every $3$-cycle and hence all of $A_n$. Since $A_n$ is simple and non-abelian for $n \geq 5$, its derived series satisfies $[A_n, A_n] = A_n$, so the series stalls: $A_n^{(k)} = A_n$ for all $k \geq 0$. The derived series of $S_n$ reaches $A_n$ in one step ($S_n^{(1)} = A_n$) and then freezes. Consequently $S_n$ is not solvable for $n \geq 5$. This is the group-theoretic obstruction. The next theorem connects it to polynomials. ### The Main Theorem **Theorem.** Let $f \in F[x]$ be separable with splitting field $L$. Then $f$ is solvable by radicals over $F$ if and only if $\mathrm{Gal}(L/F)$ is a solvable group. The argument runs in two directions, and each direction has a clear mechanism. **Forward direction.** Suppose $f$ is solvable by radicals, so there is a radical tower $F = F_0 \subset F_1 \subset \cdots \subset F_r$ with $L \subset F_r$. By adjoining enough roots of unity and passing to a Galois closure, we may assume each step $F_{i+1}/F_i$ is a Kummer extension: $F_{i+1} = F_i(\alpha_i)$ with $\alpha_i^{n_i} \in F_i$ and $F_i$ containing a primitive $n_i$-th root of unity. Kummer theory identifies $\mathrm{Gal}(F_{i+1}/F_i)$ with a subgroup of $\mu_{n_i}$, hence cyclic. The Galois correspondence then produces a subnormal series for $\mathrm{Gal}(F_r/F)$ with cyclic (hence abelian) quotients, so $\mathrm{Gal}(F_r/F)$ is solvable. As a quotient of a solvable group, $\mathrm{Gal}(L/F)$ is solvable. **Converse direction.** Suppose $G = \mathrm{Gal}(L/F)$ is solvable. Write the derived series $G = G^{(0)} \supset G^{(1)} \supset \cdots \supset G^{(k)} = 1$. Each quotient $G^{(i)}/G^{(i+1)}$ is abelian. Passing to fixed fields gives intermediate extensions whose Galois groups are these abelian quotients. Abelian extensions of fields containing enough roots of unity are Kummer extensions by the converse of Kummer theory, meaning they arise by adjoining a single $n$-th root. Adjoining those roots of unity first (a radical step in its own right) and then building the Kummer tower yields a full radical tower reaching $L$, so $f$ is solvable by radicals. The forcing role of roots of unity — which must be present for Kummer theory to apply — is a genuine subtlety. Over fields of characteristic zero containing $\mathbb{Q}$, they are always reachable by radicals, so the argument goes through cleanly. ### Galois Theory of Cubics For a cubic $f(x) = x^3 + px + q$ over $\mathbb{Q}$ (depressed form, having eliminated the $x^2$ term by substitution), the splitting field $L$ has $\mathrm{Gal}(L/\mathbb{Q})$ isomorphic to a transitive subgroup of $S_3$. The transitive subgroups of $S_3$ are $S_3$ itself and $A_3 \cong \mathbb{Z}/3\mathbb{Z}$. The **discriminant** $\Delta = -4p^3 - 27q^2$ distinguishes them. The splitting field contains $\sqrt{\Delta}$, and: - $\mathrm{Gal}(L/\mathbb{Q}) \cong A_3$ if and only if $\Delta$ is a perfect square in $\mathbb{Q}$, equivalently $\sqrt{\Delta} \in \mathbb{Q}$. - $\mathrm{Gal}(L/\mathbb{Q}) \cong S_3$ otherwise. The geometric meaning is clear: $A_3$ corresponds to the case where all three roots can be expressed in a single cyclic extension of degree three, which requires $\mathbb{Q}(\sqrt{\Delta}) = \mathbb{Q}$. Otherwise the Galois group must account for the transposition of complex conjugate roots, and $S_3$ appears. Both groups are solvable, consistent with the classical Cardano formula giving an explicit radical expression for the roots in all cases. ### Galois Theory of Quartics The quartic $f(x) = x^4 + bx^2 + cx + d$ (again depressed) has splitting field with Galois group a transitive subgroup of $S_4$. These are $S_4$, $A_4$, $D_4$, $\mathbb{Z}/4\mathbb{Z}$, and $V$ (the Klein four-group) — all solvable, consistent with the existence of a radical formula. The primary tool is the **resolvent cubic**. If the roots of $f$ are $\alpha_1, \alpha_2, \alpha_3, \alpha_4$, form the three quantities \begin{align*} \theta_1 = \alpha_1\alpha_2 + \alpha_3\alpha_4, \quad \theta_2 = \alpha_1\alpha_3 + \alpha_2\alpha_4, \quad \theta_3 = \alpha_1\alpha_4 + \alpha_2\alpha_3. \end{align*} These are permuted among themselves by $S_4$ acting on the roots, and the elementary symmetric functions in $\theta_1, \theta_2, \theta_3$ lie in the ground field. The resolvent cubic $g(y) = (y - \theta_1)(y - \theta_2)(y - \theta_3)$ therefore has coefficients in $F$. The Galois group of $f$ can be read from the resolvent cubic and the discriminant: the splitting field of $g$ sits inside that of $f$, and the Galois group of $g$ is the image of $\mathrm{Gal}(f)$ under its action on $\{\theta_1, \theta_2, \theta_3\}$. Specifically, $\mathrm{Gal}(f) \subset A_4$ if and only if $\Delta(f)$ is a square, and the further refinement to $D_4$, $\mathbb{Z}/4\mathbb{Z}$, or $V$ depends on whether the resolvent cubic is irreducible and whether $f$ factors over the splitting field of $g$. This layered analysis — resolvent cubic, discriminant, factorization — is the practical algorithm for computing Galois groups of quartics, and it reflects the structure of the subnormal series $1 \trianglelefteq V \trianglelefteq A_4 \trianglelefteq S_4$ that witnesses the solvability of $S_4$. ## 3.5 Insolubility of General Equations of Degree Five and Above Every student who encounters the quadratic formula eventually wonders whether there is an analogous formula for degree five. The answer, established by Abel and Ruffini and given its definitive structural explanation by Galois, is no. This section makes that answer precise: we construct the general polynomial of degree $n$, identify its Galois group as $S_n$, and conclude that no radical formula can exist when $n \geq 5$. Along the way, we prove the converse of the radical-implies-solvable theorem from Section 3.4, completing the equivalence between solvability by radicals and solvability of the Galois group. We close with a concrete polynomial over $\mathbb{Q}$ that is genuinely insoluble. [quotetheorem:1322] The word "general" carries the entire weight of the statement. We are not claiming that no degree-five polynomial is solvable by radicals — many are (for instance, $t^5 - 2$ has cyclic Galois group $\mathbb{Z}/5\mathbb{Z}$ over $\mathbb{Q}(\zeta_5)$ and is solved by $\sqrt[5]{2}$). We are claiming that no single radical formula can work for all choices of coefficients simultaneously, because the Galois group of the general polynomial is $S_n$, and $S_n$ is not a solvable group when $n \geq 5$. ### Symmetric Rational Functions To study the "general polynomial" rigorously, we need to work with polynomials whose coefficients are themselves indeterminates — not elements of any particular field. The natural setting is the field of rational functions in $n$ variables, and the key structural fact is that the subfield fixed by all permutations of those variables is generated by the elementary symmetric polynomials. [definition: Field of Symmetric Rational Functions] Let $K$ be a field and let $L = K(x_1, \ldots, x_n)$ denote the field of rational functions in $n$ independent transcendentals over $K$. The symmetric group $S_n$ acts on $L$ by permuting the variables: each $\sigma \in S_n$ induces a $K$-automorphism $\sigma^* \colon L \to L$ defined by $\sigma^*(x_i) = x_{\sigma(i)}$. This gives an injective group homomorphism $S_n \to \operatorname{Aut}_K(L)$. The **field of symmetric rational functions** is the fixed field \begin{align*} F \;=\; L^{S_n} \;=\; \bigl\{ f \in L : \sigma^*(f) = f \text{ for all } \sigma \in S_n \bigr\}. \end{align*} [/definition] The definition of $F$ as a fixed field is abstract. To work with $F$ concretely, we need explicit generators. [definition: Elementary Symmetric Polynomials] The **elementary symmetric polynomials** in $x_1, \ldots, x_n$ are $e_1, e_2, \ldots, e_n$ defined by \begin{align*} e_i \;=\; \sum_{1 \leq \ell_1 < \ell_2 < \cdots < \ell_i \leq n} x_{\ell_1} x_{\ell_2} \cdots x_{\ell_i}, \qquad 1 \leq i \leq n. \end{align*} Equivalently, $e_1, \ldots, e_n$ are the coefficients appearing in the factored polynomial identity \begin{align*} (t - x_1)(t - x_2) \cdots (t - x_n) \;=\; t^n - e_1\, t^{n-1} + e_2\, t^{n-2} - \cdots + (-1)^n e_n. \end{align*} [/definition] Written out for the first few values: $e_1 = x_1 + x_2 + \cdots + x_n$, $e_2 = x_1 x_2 + x_1 x_3 + \cdots + x_{n-1} x_n$, and $e_n = x_1 x_2 \cdots x_n$. Since every permutation of the $x_i$ merely rearranges the terms of each sum, $e_1, \ldots, e_n$ all belong to the fixed field $F = L^{S_n}$. The fundamental result of this subsection is that these generators account for the entirety of $F$, and that the extension $L/F$ is Galois with Galois group $S_n$. [quotetheorem:1327] [citeproof:1327] Part (iii) is the content that matters most for applications: the field of symmetric rational functions has no "hidden generators" beyond $e_1, \ldots, e_n$. Equivalently, there are no polynomial relations among $e_1, \ldots, e_n$ over $K$ — they are algebraically independent. This algebraic independence is what allows us to specialise the general polynomial to any specific polynomial by substituting values for the $e_i$. ### The General Polynomial and Its Galois Group With the symmetric function machinery in place, we can define the object whose insolubility is the central claim. [definition: General Polynomial] Let $K$ be a field and let $u_1, \ldots, u_n$ be independent transcendentals over $K$. The **general polynomial over $K$ of degree $n$** is \begin{align*} f \;=\; t^n + u_1\, t^{n-1} + \cdots + u_n \;\in\; K(u_1, \ldots, u_n)[t]. \end{align*} We say the general polynomial of degree $n$ over $K$ **can be solved by radicals** if $f$ can be solved by radicals over the base field $K(u_1, \ldots, u_n)$. [/definition] The $u_i$ are not specific numbers — they are formal placeholders. Any radical formula that works for the general polynomial would, by specialisation, give a formula for every polynomial of degree $n$ over $K$. That is why insolubility of the general polynomial is such a strong statement. [example: General Quadratic] The general polynomial of degree $2$ over $\mathbb{Q}$ is $t^2 + u_1\, t + u_2$. Its roots are \begin{align*} \frac{-u_1 \pm \sqrt{u_1^2 - 4u_2}}{2}, \end{align*} which involves only arithmetic operations and the extraction of a single square root. Therefore the general quadratic can be solved by radicals. Analogous (but increasingly elaborate) formulas exist for degree $3$ and $4$ — these were the Cardano and Ferrari formulas from Chapter 1. [/example] We now prove the main theorem. The strategy is to show that the base field $K(u_1, \ldots, u_n)$ is isomorphic to the field $K(e_1, \ldots, e_n)$ of the Symmetric Rational Function Theorem, so the Galois group of the general polynomial is $S_n$. [quotetheorem:1322] [citeproof:1322] The proof reveals a subtlety worth emphasising: the injectivity of $\theta$ is what ensures the $e_i$ are algebraically independent over $K$, or equivalently, that $K(u_1, \ldots, u_n)$ and $K(e_1, \ldots, e_n)$ are genuinely the same field (up to the sign convention). Without this, one could not transfer the Galois group computation from the symmetric function setting to the general polynomial setting. ### The Converse: Solvable Extensions Are Radical In Section 3.4 we proved that if a polynomial is solvable by radicals, then its Galois group is solvable. The proof of the Abel--Ruffini--Galois theorem used only this direction. However, the converse — that a solvable Galois group guarantees solvability by radicals — completes the picture and gives a full characterisation. The difficulty is that a solvable Galois group produces a chain of cyclic extensions, and each cyclic extension should be a Kummer extension (adjunction of a single root). But Kummer theory requires the base field to contain appropriate roots of unity, which may not be present. The key technique is to adjoin a sufficiently large root of unity to every field in the chain, then verify that the Galois groups remain cyclic after this enlargement. [quotetheorem:1288] [citeproof:1288] The injection of the restriction map is the heart of the argument. Without it, adjoining roots of unity could enlarge the Galois groups and destroy the cyclic structure that Kummer theory requires. The injectivity ensures that passing from $L_i \subseteq L_{i+1}$ to $L_i(\mu) \subseteq L_{i+1}(\mu)$ can only shrink (or preserve) the Galois group, never enlarge it. ### The Complete Characterisation and Its Consequences Combining the forward direction from Section 3.4 with the converse above gives the definitive criterion. [quotetheorem:1321] [citeproof:1321] This equivalence transforms the analytic question "can we write down a radical formula?" into the purely algebraic question "is the Galois group solvable?" — a question that can be answered by finite group-theoretic computation. An immediate consequence settles low-degree polynomials. [quotetheorem:1328] [citeproof:1328] For $K = \mathbb{Q}$, this result was already established constructively in Chapter 1 by exhibiting the quadratic formula, Cardano's formula, and Ferrari's method. The theorem above gives a uniform structural explanation: degree $\leq 4$ works because $S_4$ is solvable, and degree $\geq 5$ fails because $S_5$ is not. ### A Concrete Insoluble Polynomial The general polynomial involves transcendental coefficients, which can feel abstract. The Abel--Ruffini--Galois theorem tells us that no universal formula exists, but it does not by itself exhibit a specific polynomial with rational coefficients whose roots escape all radical expressions. The following result does exactly that. [quotetheorem:1329] [citeproof:1329] The root-counting argument above works well for $t^5 - 4t + 2$, but it depends on calculus tools that do not generalise to higher degrees or to polynomials over other fields. There is a purely algebraic alternative. [remark: The Reduction Mod $p$ Method] The root-counting approach above relies on a calculus argument specific to degree $5$. A more systematic technique is **reduction modulo a prime**: if $f \in \mathbb{Z}[t]$ is monic and $\tilde{f}$ denotes its image in $\mathbb{F}_p[t]$ for a prime $p$ at which $\tilde{f}$ has the same degree and no repeated roots, then the factorisation pattern of $\tilde{f}$ over $\mathbb{F}_p$ determines a cycle type present in $\operatorname{Gal}(f/\mathbb{Q})$. For instance, if $\tilde{f}$ factors as an irreducible of degree $r$ times an irreducible of degree $s$, then $\operatorname{Gal}(f/\mathbb{Q})$ contains an element of cycle type $(r, s)$. By varying the prime, one accumulates enough cycle types to identify the Galois group without any analytic input. This technique is developed fully in Chapter 4. [/remark] The insolubility theorem is not a dead end — it redirects the question. The right question is not "can every polynomial be solved by radicals?" but "what is the Galois group of this particular polynomial, and what algebraic structure does that impose on its roots?" That reframing, from formula-seeking to group-theoretic classification, is the lasting legacy of Galois's insight. # 4. Computational Techniques The abstract machinery of Galois theory is most powerful when paired with concrete computational tools. This chapter develops two complementary techniques: reduction modulo a prime, which extracts cycle-type information about the Galois group from the arithmetic of finite fields, and the discriminant, which detects whether the Galois group lies inside the alternating group without computing it explicitly. ## Reduction mod $p$ How do you actually compute a Galois group without constructing the splitting field? Constructing splitting fields explicitly is costly: degrees grow, algebraic dependencies multiply, and tracking the action of automorphisms becomes unwieldy even for polynomials of moderate degree. A far more practical strategy is to reduce the problem modulo a prime, exploit the comparatively simple arithmetic of finite fields, and then lift the information back to characteristic zero. This technique turns the abstract Galois group into something you can probe one prime at a time. Let $f \in \mathbb{Z}[t]$ be a monic irreducible polynomial of degree $n$. For any prime $p$, write $\bar{f} \in \mathbb{F}_p[t]$ for the polynomial obtained by reducing each coefficient modulo $p$. When $p$ does not divide the leading coefficient and does not divide the discriminant of $f$, the reduced polynomial $\bar{f}$ is separable, meaning it has no repeated roots in $\overline{\mathbb{F}_p}$. Primes dividing the discriminant are called **ramified**, and there are only finitely many of them; every other prime is a legitimate candidate for the reduction argument. Over $\mathbb{F}_p$, the factorization of $\bar{f}$ is available by the standard algorithm for polynomials over finite fields. Suppose \begin{align*} \bar{f} = \bar{f}_1 \bar{f}_2 \cdots \bar{f}_k \end{align*} where each $\bar{f}_i$ is irreducible of degree $n_i$ over $\mathbb{F}_p$, and $n_1 + n_2 + \cdots + n_k = n$. The tuple $(n_1, \ldots, n_k)$ is called the **cycle type** of this factorization. **Dedekind's Theorem.** Let $f \in \mathbb{Z}[t]$ be a monic irreducible polynomial with splitting field $K$ over $\mathbb{Q}$, and let $G = \mathrm{Gal}(K/\mathbb{Q})$ be viewed as a subgroup of $S_n$ via the action on the roots of $f$. If $p$ is an unramified prime and $\bar{f}$ factors over $\mathbb{F}_p$ into distinct irreducibles of degrees $n_1, \ldots, n_k$, then $G$ contains a permutation of cycle type $(n_1, \ldots, n_k)$. The mechanism behind this result is the Frobenius element. Above an unramified prime $p$, the decomposition group of any prime $\mathfrak{p}$ of the ring of integers of $K$ lying over $p$ is cyclic, generated by the Frobenius automorphism $\mathrm{Frob}_\mathfrak{p}$, which acts on residues by $x \mapsto x^p$. The cycle type of $\mathrm{Frob}_\mathfrak{p}$ acting on the roots of $f$ matches the factorization pattern of $\bar{f}$: each irreducible factor $\bar{f}_i$ of degree $n_i$ corresponds to a single orbit of size $n_i$ under Frobenius, and these orbits are the cycles of the permutation. As $\mathfrak{p}$ varies over primes above $p$, the resulting Frobenius elements form a full conjugacy class in $G$. Chebotarev's density theorem guarantees that every conjugacy class in $G$ appears as a Frobenius class for a positive proportion of primes, so in principle every element of $G$ (up to conjugacy) is eventually witnessed by some prime. ### Worked example: the polynomial $f(t) = t^5 - 5t + 12$. This polynomial is irreducible over $\mathbb{Q}$ (checking rational roots and applying Eisenstein after a substitution confirms this). Since $\deg f = 5$, its Galois group is a transitive subgroup of $S_5$; the candidates are $\mathbb{Z}/5$, $D_5$, $F_{20}$ (the Frobenius group of order 20), $A_5$, and $S_5$. Reduce modulo $p = 2$: over $\mathbb{F}_2$, one finds $\bar{f} = t^5 + t + 1 = (t^2 + t + 1)(t^3 + t^2 + 1)$, which gives cycle type $(2, 3)$. Dedekind's theorem says $G$ contains a permutation of order $\mathrm{lcm}(2,3) = 6$. The only transitive subgroups of $S_5$ with an element of order $6$ are $A_5$ and $S_5$. Reduce modulo $p = 3$: over $\mathbb{F}_3$, one finds $\bar{f} = t^5 + t + 2 = (t^2 + 1)(t^3 + 2t^2 + 2t + 2)$, giving cycle type $(2, 3)$ again, consistent with the same pair of groups. Reduce modulo $p = 7$: over $\mathbb{F}_7$, the polynomial is irreducible of degree $5$, giving cycle type $(5)$. So $G$ contains a $5$-cycle, which is compatible with both $A_5$ and $S_5$. To distinguish $A_5$ from $S_5$, compute the discriminant $\Delta$ of $f$. If $\Delta$ is a perfect square in $\mathbb{Q}$, then $G \subseteq A_5$, so $G \cong A_5$; otherwise $G = S_5$. For $f(t) = t^5 - 5t + 12$, the discriminant is not a perfect square, which forces $G \cong S_5$. This interplay is typical. The reductions mod $p$ narrow the possibilities by producing elements of $G$ with prescribed cycle types, while the discriminant or additional algebraic invariants resolve remaining ambiguities. **Limitations.** Dedekind's theorem is an existence statement, not a reconstruction theorem. It tells you which cycle types occur in $G$, but it cannot directly tell you the group structure or confirm that a subgroup is the full Galois group. A prime $p$ yielding a transposition does imply $G = S_n$ when $G$ is also known to contain an $n$-cycle, but the general problem requires combining data from many primes alongside group-theoretic analysis of which transitive subgroups of $S_n$ are consistent with all observed cycle types. For degrees $\geq 5$, two distinct groups can share the same set of cycle types, making the discriminant and resolvent polynomials essential companions to reduction mod $p$. ## Trace, Norm, and Discriminant How can we extract arithmetic invariants of a field extension without leaving the base field? Given a finite extension $L/K$ and an element $\alpha \in L$, the minimal polynomial of $\alpha$ encodes some information about $\alpha$ in terms of coefficients in $K$, but it sees only the simple extension $K(\alpha)$, not the full extension $L/K$. We need tools that encode the entire extension into data living in $K$ — tools that are computable from matrices, sensitive to the degree $[L:K]$, and compatible with towers of extensions. The trace and norm accomplish exactly this: they package the action of $\alpha$ on $L$ (viewed as a $K$-vector space) into a single element of $K$. ### Definitions via the Multiplication Map The construction begins with linear algebra. Every element $\alpha$ of $L$ defines a $K$-linear endomorphism of $L$ by multiplication, and we extract the trace and determinant of this endomorphism. To make sense of "the trace of a linear map" without choosing a basis, we first recall the basis-independence of the matrix trace. [definition: Trace of a Matrix] Let $K$ be a field. If $A = [a_{ij}]$ is an $n \times n$ matrix over $K$, the **trace** of $A$ is \begin{align*} \operatorname{tr}(A) = \sum_{i=1}^{n} a_{ii}. \end{align*} [/definition] A standard exercise in linear algebra shows that $\operatorname{tr}(B^{-1}AB) = \operatorname{tr}(A)$ for any invertible $n \times n$ matrix $B$. Consequently, similar matrices have the same trace, and we may define the trace of a linear map without reference to a particular basis. [definition: Trace of a Linear Map] Let $V$ be a finite-dimensional vector space over $K$, and let $\sigma \colon V \to V$ be a $K$-linear map. Define \begin{align*} \operatorname{tr}(\sigma) = \operatorname{tr}(\text{any matrix representing } \sigma). \end{align*} This is well-defined by the conjugation-invariance of the matrix trace. [/definition] We now specialise to the setting of field extensions. Given $\alpha \in L$, the map "multiply by $\alpha$" is $K$-linear — and since $L$ is finite-dimensional over $K$, we can take its trace and determinant. [definition: Trace of an Element] Let $K \subseteq L$ be a finite field extension, and let $\alpha \in L$. Consider the $K$-linear map $m_\alpha \colon L \to L$ defined by $\beta \mapsto \alpha\beta$. The **trace** of $\alpha$ over $K$ is \begin{align*} \operatorname{Tr}_{L/K}(\alpha) = \operatorname{tr}(m_\alpha). \end{align*} [/definition] The trace captures "additive" information about $\alpha$'s action on $L$. To capture the "multiplicative" information, we take the determinant of the same map. [definition: Norm of an Element] With notation as above, the **norm** of $\alpha$ over $K$ is \begin{align*} N_{L/K}(\alpha) = \det(m_\alpha). \end{align*} [/definition] This construction produces two functions $\operatorname{Tr}_{L/K}, N_{L/K} \colon L \to K$. Since the trace of a sum of matrices equals the sum of traces, and the determinant of a product equals the product of determinants, the trace $\operatorname{Tr}_{L/K}$ is $K$-linear (in particular additive) and the norm $N_{L/K}$ is multiplicative: $N_{L/K}(\alpha\beta) = N_{L/K}(\alpha) \cdot N_{L/K}(\beta)$. ### First Computations Before developing the general theory, we compute trace and norm in simple cases to see what these invariants look like concretely. [example: Trace and Norm of Base Field Elements] Let $L/K$ be a finite field extension, and let $x \in K$. The multiplication-by-$x$ map $m_x \colon L \to L$ is represented by the scalar matrix $xI$, where $I$ is the $[L:K] \times [L:K]$ identity matrix. Therefore \begin{align*} N_{L/K}(x) = x^{[L:K]}, \qquad \operatorname{Tr}_{L/K}(x) = [L:K] \cdot x. \end{align*} In particular, $\operatorname{Tr}_{L/K}(1) = [L:K]$ and $N_{L/K}(1) = 1$. [/example] [example: Trace and Norm in Quadratic Extensions] Let $K = \mathbb{Q}$ and $L = \mathbb{Q}(i)$. Consider an element $a + bi \in \mathbb{Q}(i)$ with $a, b \in \mathbb{Q}$, and take the basis $\{1, i\}$ of $L$ over $K$. The multiplication map $m_{a+bi}$ sends $1 \mapsto a + bi$ and $i \mapsto (a+bi)i = -b + ai$, so its matrix is \begin{align*} \begin{pmatrix} a & -b \\ b & a \end{pmatrix}. \end{align*} Reading off the trace and determinant gives $\operatorname{Tr}_{L/K}(a + bi) = 2a$ and $N_{L/K}(a + bi) = a^2 + b^2 = |a + bi|^2$. More generally, if $L = \mathbb{Q}(\sqrt{-d})$ where $d > 0$ is square-free, then $N_{L/\mathbb{Q}}(a + b\sqrt{-d}) = a^2 + db^2$. In the special case $d = 1$, this recovers the squared modulus. However, for extensions not related to absolute values (e.g., $\mathbb{Q}(\sqrt{2})/\mathbb{Q}$), the norm $N(a + b\sqrt{2}) = a^2 - 2b^2$ can be negative, so it has no interpretation as a "size." [/example] ### Transitivity of Trace and Norm Computing trace and norm directly from the multiplication matrix becomes unwieldy for large extensions. The key simplification is that trace and norm behave well under towers of extensions: we can break the computation into smaller pieces. [quotetheorem:1293] [citeproof:1293] The transitivity formulas are indispensable in practice. Rather than computing the multiplication matrix over the base field (which may be very large), we can factor through an intermediate extension where each step involves a smaller matrix. ### Computing Trace and Norm from the Minimal Polynomial Computing norms and traces from the matrix definition directly is laborious. It turns out we can read them off from the minimal polynomial — the same way we read the trace and determinant of a matrix from its characteristic polynomial. [quotetheorem:1292] [citeproof:1292] [remark: Direct Verification via the Companion Matrix] It is instructive to verify the $r = 1$ case directly. In the basis $\{1, \alpha, \ldots, \alpha^{n-1}\}$, the matrix of $m_\alpha$ is \begin{align*} A = \begin{pmatrix} 0 & 0 & \cdots & -a_0 \\ 1 & 0 & \cdots & -a_1 \\ 0 & 1 & \cdots & -a_2 \\ \vdots & \vdots & \ddots & \vdots \\ 0 & 0 & \cdots & -a_{n-1} \end{pmatrix}. \end{align*} One checks that $\det(tI - A) = P_\alpha(t)$ by adding $t^i$ times the $i$-th row to the first row, which clears all entries except the last, yielding a determinant that reduces to $P_\alpha$. For $r \neq 1$, choosing a basis of $L$ over $K(\alpha)$ and extending by the powers-of-$\alpha$ basis gives a block-diagonal matrix with $r$ copies of $A$. The trace of this block diagonal is $r \cdot \operatorname{tr}(A) = -r\,a_{n-1}$, and its determinant is $(\det A)^r = (-1)^{nr} a_0^r$. [/remark] This formula is extremely practical: to compute the trace or norm of $\alpha$, one only needs the minimal polynomial of $\alpha$ over $K$ and the degree $[L:K(\alpha)]$. We put it to use immediately. [example: Cube Root of 3 Does Not Lie in Q(Cube Root of 2)] We show that $\sqrt[3]{3} \notin \mathbb{Q}(\sqrt[3]{2})$. Suppose for contradiction that $\sqrt[3]{3} \in L := \mathbb{Q}(\sqrt[3]{2})$. Since both $\mathbb{Q}(\sqrt[3]{3})$ and $\mathbb{Q}(\sqrt[3]{2})$ are degree-$3$ extensions of $\mathbb{Q}$, this would force $L = \mathbb{Q}(\sqrt[3]{3}) = \mathbb{Q}(\sqrt[3]{2})$. Then there exist $a, b, c \in \mathbb{Q}$ with \begin{align*} \sqrt[3]{3} = a + b\sqrt[3]{2} + c\sqrt[3]{4}. \end{align*} The minimal polynomials over $\mathbb{Q}$ are $P_{\sqrt[3]{3}} = t^3 - 3$, $P_{\sqrt[3]{2}} = t^3 - 2$, and $P_{\sqrt[3]{4}} = t^3 - 4$. Since $[L:\mathbb{Q}] = 3$ and each of these elements generates $L$, we have $r = 1$ in each case, and the theorem gives \begin{align*} \operatorname{Tr}_{L/\mathbb{Q}}(\sqrt[3]{3}) = 0, \qquad \operatorname{Tr}_{L/\mathbb{Q}}(\sqrt[3]{2}) = 0, \qquad \operatorname{Tr}_{L/\mathbb{Q}}(\sqrt[3]{4}) = 0, \end{align*} because none of the minimal polynomials have a $t^2$ coefficient (i.e., $a_{n-1} = 0$ in each case). Applying $\operatorname{Tr}_{L/\mathbb{Q}}$ to both sides of the supposed equality and using $\operatorname{Tr}_{L/\mathbb{Q}}(1) = 3$ gives $0 = 3a$, so $a = 0$. We are left with \begin{align*} \sqrt[3]{3} = b\sqrt[3]{2} + c\sqrt[3]{4}. \end{align*} Multiplying both sides by $\sqrt[3]{2}$ gives $\sqrt[3]{6} = b\sqrt[3]{4} + 2c$. The minimal polynomial of $\sqrt[3]{6}$ is $t^3 - 6$, which again has vanishing $t^2$ coefficient, so $\operatorname{Tr}_{L/\mathbb{Q}}(\sqrt[3]{6}) = 0$. Applying the trace: $0 = 0 + 6c$, forcing $c = 0$. This leaves $\sqrt[3]{3} = b\sqrt[3]{2}$, hence $b^3 = 3/2$, which has no rational solution. Contradiction. [/example] This argument illustrates a general technique: traces can detect linear independence of algebraic numbers over $\mathbb{Q}$, because the trace annihilates elements whose minimal polynomial lacks the second-highest coefficient. ### Trace, Norm, and Embeddings The formulas above compute trace and norm from the minimal polynomial. We now connect them to the $K$-embeddings of $L$, which will be the form most useful for Galois-theoretic applications. [quotetheorem:1294] [citeproof:1294] The hypothesis that $L/K$ is separable is essential: it guarantees that there are exactly $[L:K]$ embeddings, which is what makes the sum and product come out correctly. Without separability, the number of embeddings can be strictly less than the degree. ### Vanishing of the Trace in the Inseparable Case For inseparable extensions, the trace is not just harder to compute — it vanishes identically. [quotetheorem:1295] [citeproof:1295] This result has a useful contrapositive: if the trace is not identically zero, then the extension must be separable. In characteristic zero, every extension is separable, and indeed $\operatorname{Tr}_{L/K}(1) = [L:K] \neq 0$. The following corollary confirms that the converse holds in all characteristics. [quotetheorem:1330] [citeproof:1330] Taken together, these results completely characterise the non-degeneracy of the trace: $\operatorname{Tr}_{L/K}$ is identically zero if and only if $L/K$ is inseparable. [example: Trace and Norm over Finite Fields] Let $K = \mathbb{F}_q$ and $L = \mathbb{F}_{q^n}$, where $q$ is a power of a prime $p$. By the theory of finite fields, $L/K$ is a Galois extension with cyclic Galois group \begin{align*} \operatorname{Gal}(L/K) = \mathbb{Z}/n\mathbb{Z}, \end{align*} generated by the Frobenius automorphism $\varphi = \operatorname{Fr}_q \colon x \mapsto x^q$. Since $L/K$ is Galois, we may take $E = L$ in the embedding theorem, and the embeddings are precisely $\operatorname{id}, \varphi, \varphi^2, \ldots, \varphi^{n-1}$. The trace and norm are therefore \begin{align*} \operatorname{Tr}_{L/K}(\alpha) &= \alpha + \alpha^q + \alpha^{q^2} + \cdots + \alpha^{q^{n-1}}, \\ N_{L/K}(\alpha) &= \alpha \cdot \alpha^q \cdot \alpha^{q^2} \cdots \alpha^{q^{n-1}} = \alpha^{(q^n - 1)/(q - 1)}. \end{align*} Since $L/K$ is separable (finite fields are perfect), the trace is not identically zero: for instance, $\operatorname{Tr}_{L/K}(1) = n \cdot 1$, which is nonzero whenever $p \nmid n$. [/example] ### The Discriminant We now turn to the invariant that connects trace computations to the structure of the Galois group. When solving a quadratic $f = t^2 + bt + c$, the discriminant $b^2 - 4c$ determines the nature of the roots: two distinct real roots, a repeated root, or two complex conjugate roots. The following definition generalises this to polynomials of arbitrary degree. [definition: Discriminant] Let $K$ be a field and $f \in K[t]$ a polynomial of degree $n$, with splitting field $L$ over $K$. Write \begin{align*} f = a(t - \alpha_1)(t - \alpha_2) \cdots (t - \alpha_n) \end{align*} for some $a, \alpha_1, \ldots, \alpha_n \in L$. Define the **difference product** and the **discriminant** of $f$ by \begin{align*} \Delta_f = \prod_{i < j} (\alpha_i - \alpha_j), \qquad D_f = \Delta_f^2 = (-1)^{n(n-1)/2} \prod_{i \neq j} (\alpha_i - \alpha_j). \end{align*} [/definition] The discriminant satisfies $D_f \neq 0$ if and only if $f$ has no repeated roots. The squaring in the definition is not merely cosmetic — it is what ensures that $D_f$ always lies in the base field $K$, since any permutation of the roots leaves $\Delta_f^2$ unchanged (even though odd permutations negate $\Delta_f$ itself). It is the difference product $\Delta_f$, not the discriminant, that carries the sign information needed to detect the alternating group. ### The Discriminant and the Galois Group The discriminant provides a computable criterion for determining whether the Galois group sits inside the alternating group — the motivating question that opened this section. [quotetheorem:1325] The argument is based on tracking how the Galois group acts on $\Delta_f = \prod_{i < j}(\alpha_i - \alpha_j)$. A transposition of two roots $\alpha_\ell$ and $\alpha_m$ negates $\Delta_f$ (one checks this by carefully tracking which factors in the product change sign: the factor $(\alpha_\ell - \alpha_m)$ is negated, while the remaining sign changes from pairs involving exactly one of $\ell, m$ cancel pairwise). More generally, an even permutation fixes $\Delta_f$ and an odd permutation negates it. Hence $\Delta_f \in K$ if and only if every element of $\operatorname{Gal}(L/K)$ acts as an even permutation — that is, $G \subseteq A_n$. Since $D_f = \Delta_f^2$, the condition $\Delta_f \in K$ is equivalent to $D_f$ being a perfect square in $K$. Note the hypothesis $\operatorname{char} K \neq 2$ is needed: in characteristic $2$, $\Delta_f = -\Delta_f$, so $\Delta_f$ is automatically fixed by every automorphism, and the criterion provides no information. For cubics, this gives a complete classification: the Galois group of an irreducible cubic over $K$ (with $\operatorname{char} K \neq 2, 3$) is either $S_3$ or $A_3 \cong \mathbb{Z}/3\mathbb{Z}$, and the discriminant criterion decides which. For quartics, the discriminant determines whether $G \subseteq A_4$, but further invariants (such as the resolvent cubic) are needed to distinguish among the subgroups of $A_4$. ### Computing the Discriminant via the Norm To apply the alternating-group criterion in practice, we need a way to compute the discriminant without factoring the polynomial. The following result expresses the discriminant as a norm, which can be evaluated entirely within $K$. [quotetheorem:1323] The proof connects two expressions for the same product. On one side, the discriminant is $(-1)^{n(n-1)/2} \prod_{i \neq j} (\alpha_i - \alpha_j)$ by definition. On the other side, since $f = (t - \alpha_1) \cdots (t - \alpha_n)$ is monic, differentiation gives $f'(\alpha_i) = \prod_{j \neq i}(\alpha_i - \alpha_j)$. The norm of $f'(\alpha)$ is the product of $f'(\alpha_i)$ over all embeddings $\alpha \mapsto \alpha_i$, which equals $\prod_i \prod_{j \neq i}(\alpha_i - \alpha_j) = \prod_{i \neq j}(\alpha_i - \alpha_j)$. Matching the two sides with the appropriate sign factor yields the formula. This is what makes the discriminant computable in practice: given a monic irreducible $f$, one computes $f'(\alpha)$, expresses it in terms of $\alpha$ modulo the relation $f(\alpha) = 0$, finds its minimal polynomial, and reads off the norm. [example: Discriminant of a Depressed Cubic] Let $K$ be a field with $\operatorname{char} K \neq 2, 3$, and let $f = t^3 + bt + c \in K[t]$ be an irreducible depressed cubic with no repeated roots. Let $L$ be the splitting field of $f$ and let $\alpha$ be a root of $f$ in $L$. We compute $f'(\alpha) = 3\alpha^2 + b$. Setting $\beta = f'(\alpha)$, we use the relation $\alpha^3 = -b\alpha - c$ to express $\beta$ differently. From $\alpha^3 + b\alpha + c = 0$, we get $\alpha^3 = -b\alpha - c$, so $3\alpha^2 = -b - 3c/\alpha$ (multiplying $\alpha^3 = -b\alpha - c$ through and rearranging), giving $\beta = 3\alpha^2 + b = -2b - 3c/\alpha$. Equivalently, \begin{align*} \alpha = \frac{-3c}{\beta + 2b}. \end{align*} Substituting this expression for $\alpha$ into $\alpha^3 + b\alpha + c = 0$ and clearing denominators produces a cubic equation for $\beta$ whose constant term is $-4b^3 - 27c^2$. Since $\beta = f'(\alpha)$ generates $K(\alpha)$ over $K$ (the expression above shows $\alpha \in K(\beta)$), this cubic is the minimal polynomial of $\beta$, and therefore \begin{align*} N_{K(\alpha)/K}(\beta) = -(-4b^3 - 27c^2) = 4b^3 + 27c^2. \end{align*} Applying the norm-discriminant formula gives \begin{align*} D_f = (-1)^{3 \cdot 2/2} \cdot N_{K(\alpha)/K}(f'(\alpha)) = -N_{K(\alpha)/K}(\beta) = -4b^3 - 27c^2. \end{align*} As a concrete application, take $f = t^3 - 31t + 62$ over $\mathbb{Q}$ (here $b = -31$, $c = 62$). One checks that $f$ is irreducible over $\mathbb{Q}$ (e.g., by the rational root theorem). The discriminant is \begin{align*} D_f = -4(-31)^3 - 27(62)^2 = 119164 - 103788 = 15376 = 124^2. \end{align*} Since $D_f$ is a perfect square in $\mathbb{Q}$, the theorem on discriminants and the alternating group tells us that $\operatorname{Gal}(L/\mathbb{Q}) \subseteq A_3$. But the Galois group of an irreducible cubic has order divisible by $3$, and $|A_3| = 3$, so $\operatorname{Gal}(L/\mathbb{Q}) \cong A_3 \cong \mathbb{Z}/3\mathbb{Z}$. [/example] ### Artin's Fixed-Field Theorem Finally, we record the theorem that underpins the computation of fixed fields via polynomial invariants — an essential tool for extracting intermediate fields from the Galois correspondence. [quotetheorem:1324] The proof has two halves. The inequality $[L:K] \leq |G|$ is established by contradiction: if the degree exceeded $|G| = n$, one could find $n+1$ elements of $L$ that are linearly independent over $K$, which would give a homogeneous linear system of $n$ equations in $n+1$ unknowns over $L$. A nontrivial solution with the fewest nonzero coordinates leads to a contradiction upon applying an element of $G$ that moves one of the coordinates and subtracting. The reverse inequality $[L:K] \geq |G|$ follows from the Dedekind independence lemma: the $|G|$ distinct automorphisms in $G$ are linearly independent over $L$, so the $K$-dimension of $L$ must be at least $|G|$. Together, these give $[L:K] = |G|$, and the inclusion $G \subseteq \operatorname{Gal}(L/K)$ combined with the degree constraint forces equality. The practical consequence is a strategy for computing fixed fields via polynomial invariants. If $G \leq S_n$ acts on the roots $\alpha_1, \ldots, \alpha_n$ of $f$, the fixed field of a subgroup $H \leq G$ consists of those polynomial expressions in the $\alpha_i$ that are invariant under every permutation in $H$. The elementary symmetric polynomials lie in $K$ (they are invariant under all of $G$), while partial symmetric functions — symmetric in only some of the roots — generate the intermediate fields corresponding to proper subgroups. ## References