Suppose you want to solve $x^2 - 2 = 0$. The rational numbers $\mathbb{Q}$ contain no solution: there is no fraction whose square is $2$. You could declare this a failure and move on, but the more productive response is to ask a different question — what is the *smallest* collection of numbers that contains $\mathbb{Q}$ and also contains a solution? The answer is $\mathbb{Q}(\sqrt{2}) = \{a + b\sqrt{2} : a, b \in \mathbb{Q}\}$, a field in its own right, built by adjoining the missing root. This act of enlargement — taking a field and constructing a larger one that contains it — is the subject of field extension theory. The same construction arises throughout algebra. The complex numbers $\mathbb{C}$ are an extension of $\mathbb{R}$, formed precisely because $x^2 + 1$ has no real root. The field $\mathbb{F}_{p^n}$ with $p^n$ elements is an extension of the prime field $\mathbb{F}_p$. Number fields — the central objects of algebraic number theory — are finite extensions of $\mathbb{Q}$. In every case, the motivation is the same: the base field is too small to contain all roots of certain polynomials, and we enlarge it to accommodate them. What makes the theory deep is that extensions carry rich structure. An extension $K/k$ is simultaneously a field and a vector space over $k$. Its dimension as a vector space — called the degree — gives a precise measure of how much $K$ exceeds $k$. Elements of $K$ can be algebraic (roots of polynomials over $k$) or transcendental. The algebraic elements are organised by their minimal polynomials. And when the extension is Galois, its symmetries — the automorphisms of $K$ fixing $k$ pointwise — form a group whose subgroup lattice mirrors the lattice of intermediate fields. This last phenomenon, the Galois correspondence, is the culmination of the entire theory. [example: Irrationality of the Square Root of Two] We verify that $\sqrt{2} \notin \mathbb{Q}$, confirming that $\mathbb{Q}$ genuinely lacks a square root of $2$. Suppose for contradiction that $\sqrt{2} = p/q$ with $p, q \in \mathbb{Z}$, $q \neq 0$, and $\gcd(p, q) = 1$. Then $2q^2 = p^2$, so $2 \mid p^2$, and since $2$ is prime, $2 \mid p$. Write $p = 2m$; then $2q^2 = 4m^2$, giving $q^2 = 2m^2$, so $2 \mid q$. This contradicts $\gcd(p, q) = 1$. Therefore $\sqrt{2}$ is irrational and $\mathbb{Q}(\sqrt{2})$ is a strictly larger field than $\mathbb{Q}$. [/example] ## Definition The central object is the field extension itself. Two fields are involved: a smaller one $k$ that sits inside a larger one $K$. What matters structurally is not just the containment, but how $K$ behaves over $k$ — and the right language for this is the language of vector spaces. [definition: Field Extension] A **field extension** $K/k$ consists of two fields $K$ and $k$ together with a field homomorphism $\iota: k \to K$. When $\iota$ is the inclusion map (i.e., $k \subset K$ as sets with the same operations), we say $k$ is a **subfield** of $K$ and write $K/k$ directly. The field $K$ is called the **extension field** (or **top field**) and $k$ is called the **base field** (or **ground field**). [/definition] Note that the slash in $K/k$ does not denote a quotient — it is purely notational and should be read "$K$ over $k$." Because any field homomorphism is injective, the map $\iota$ embeds $k$ as a subfield of $K$. We may therefore always assume $k \subset K$ without loss of generality (identifying $k$ with its image under $\iota$). When $K$ is a field extension of $k$, the field $K$ carries the structure of a vector space over $k$: the underlying abelian group of $K$ is the vector space, with scalar multiplication $k \times K \to K$ given by the field multiplication restricted to $k \times K$. The dimension of this vector space is the most fundamental numerical invariant of the extension. Before defining it, consider why dimension matters. In $\mathbb{Q}(\sqrt{2})$, every element has the form $a + b\sqrt{2}$ with $a, b \in \mathbb{Q}$. The set $\{1, \sqrt{2}\}$ spans $\mathbb{Q}(\sqrt{2})$ over $\mathbb{Q}$ and is linearly independent over $\mathbb{Q}$ (since $\sqrt{2} \notin \mathbb{Q}$). So the extension has dimension $2$. In contrast, $\mathbb{C}/\mathbb{R}$ has dimension $2$ as well (basis $\{1, i\}$), while $\mathbb{R}/\mathbb{Q}$ has infinite dimension — indeed uncountably infinite. The degree tells us precisely how many "new directions" the extension adds. [definition: Degree of a Field Extension] Let $K/k$ be a field extension. The **degree** of $K$ over $k$, denoted $[K : k]$, is the dimension of $K$ as a vector space over $k$: \begin{align*} [K : k] := \dim_k K. \end{align*} If $[K : k]$ is finite, the extension is called **finite**; otherwise it is called **infinite**. [/definition] [remark: Degree Is Not the Same as the Number of Elements] The degree $[K : k]$ measures the vector space dimension, not the cardinality of $K$. A degree-$2$ extension of $\mathbb{Q}$ is an infinite set, but a degree-$2$ extension of $\mathbb{F}_p$ has exactly $p^2$ elements. The degree captures how $K$ sits over $k$ as a $k$-module, not the size of $K$ itself. [/remark] The degree is multiplicative in towers, a fact that turns out to be one of the most useful tools in the theory. If $k \subset F \subset K$ are fields, then $K$ sits over $k$ in two steps: first $F/k$, then $K/F$. How do their degrees relate? [quotetheorem:1248] The Tower Law is indispensable. It tells us that the degree of a composite extension is the product of the degrees of the intermediate steps. As an immediate consequence: if $[K : k] = p$ is prime, then the only intermediate fields between $k$ and $K$ are $k$ and $K$ themselves, since any intermediate field $F$ would satisfy $p = [K : k] = [K : F][F : k]$, forcing one factor to equal $1$. ## Algebraic and Transcendental Elements Having defined field extensions in the abstract, the next task is to understand the elements of the extension field. An element $\alpha \in K$ can relate to $k$ in two fundamentally different ways: it may satisfy a polynomial equation with coefficients in $k$, or it may not. This dichotomy — algebraic versus transcendental — drives most of the structure theory. Why does this distinction matter? The algebraic elements are tame: they are controlled by polynomials, their minimal polynomials carry precise information, and extensions generated by algebraic elements are always finite. The transcendental elements, by contrast, behave like free variables — they generate extensions isomorphic to rational function fields, which are infinite and lack the rich polynomial structure. [definition: Algebraic Element] Let $K/k$ be a field extension and let $\alpha \in K$. The element $\alpha$ is **algebraic** over $k$ if there exists a nonzero polynomial $f \in k[x]$ such that $f(\alpha) = 0$. If no such polynomial exists, $\alpha$ is called **transcendental** over $k$. [/definition] [definition: Algebraic Extension] A field extension $K/k$ is called **algebraic** if every element $\alpha \in K$ is algebraic over $k$. [/definition] When every element of $K$ is tame in this sense, the whole extension inherits the polynomial arithmetic that makes algebraic elements tractable. Every finite extension is algebraic: if $[K : k] = n$, then for any $\alpha \in K$, the $n+1$ elements $1, \alpha, \alpha^2, \ldots, \alpha^n$ must be linearly dependent over $k$ (since $K$ has dimension $n$), so some nontrivial $k$-linear combination equals zero, giving a polynomial of degree at most $n$ satisfied by $\alpha$. The converse — that algebraic implies finite — fails in general: the field of all algebraic numbers $\overline{\mathbb{Q}} \subset \mathbb{C}$ is algebraic over $\mathbb{Q}$ but has infinite degree. [example: Algebraic versus Transcendental over the Rationals] The element $\sqrt{2} \in \mathbb{R}$ is algebraic over $\mathbb{Q}$: it satisfies $x^2 - 2 = 0$. Similarly, $i \in \mathbb{C}$ satisfies $x^2 + 1 = 0$, and $\zeta = e^{2\pi i/n}$ satisfies the cyclotomic polynomial $\Phi_n(x)$. By contrast, $\pi$ and $e$ are transcendental over $\mathbb{Q}$ — no nonzero rational polynomial vanishes at either. This is a deep theorem (Lindemann–Weierstrass), not a formal consequence of the definitions; the transcendence of $\pi$ rules out the classical problem of squaring the circle. [/example] For an algebraic element $\alpha$, there is a canonical polynomial that governs $\alpha$ most efficiently. Among all nonzero polynomials in $k[x]$ that vanish at $\alpha$, there is one of minimal degree, and it turns out to be unique up to scaling — and in fact unique if we require it to be monic. To see why such a polynomial exists and is irreducible: the evaluation map \begin{align*} \operatorname{ev}_\alpha: k[x] &\to K \\ f &\mapsto f(\alpha) \end{align*} is a ring homomorphism. Its kernel $I = \{f \in k[x] : f(\alpha) = 0\}$ is an ideal of $k[x]$. Since $k[x]$ is a principal ideal domain, $I = (m_{\alpha, k})$ for a unique monic generator $m_{\alpha, k}$. The quotient $k[x]/(m_{\alpha, k})$ embeds into $K$ via $\operatorname{ev}_\alpha$, and since $K$ is a field, the image is an integral domain. This forces $(m_{\alpha, k})$ to be a prime ideal in $k[x]$, which in a PID means $m_{\alpha, k}$ is irreducible. [definition: Minimal Polynomial] Let $K/k$ be a field extension and let $\alpha \in K$ be algebraic over $k$. The **minimal polynomial** of $\alpha$ over $k$, denoted $m_{\alpha, k} \in k[x]$, is the unique monic irreducible polynomial of smallest degree in $k[x]$ such that $m_{\alpha, k}(\alpha) = 0$. The **degree** of $\alpha$ over $k$ is $\deg(m_{\alpha, k})$. [/definition] The minimal polynomial has a key divisibility property: if $f \in k[x]$ satisfies $f(\alpha) = 0$, then $m_{\alpha, k} \mid f$ in $k[x]$. This follows immediately from the fact that $m_{\alpha, k}$ generates the kernel of $\operatorname{ev}_\alpha$. [quotetheorem:1251] This theorem is fundamental. It tells us that the abstract operation of adjoining $\alpha$ to $k$ is concretely realised as the quotient ring $k[x]/(m_{\alpha, k})$. Every element of $k(\alpha)$ is a polynomial expression $a_0 + a_1\alpha + \cdots + a_{n-1}\alpha^{n-1}$ with $a_i \in k$, with multiplication performed by reducing modulo $m_{\alpha, k}$. [example: The Field $\mathbb{Q}(\sqrt{2})$] The minimal polynomial of $\sqrt{2}$ over $\mathbb{Q}$ is $m_{\sqrt{2}, \mathbb{Q}} = x^2 - 2$, which is monic, irreducible over $\mathbb{Q}$ (it has no rational roots by the rational root theorem), and vanishes at $\sqrt{2}$. By the theorem above, \begin{align*} \mathbb{Q}(\sqrt{2}) \cong \mathbb{Q}[x]/(x^2 - 2), \end{align*} with $\mathbb{Q}$-basis $\{1, \sqrt{2}\}$ and $[\mathbb{Q}(\sqrt{2}) : \mathbb{Q}] = 2$. To multiply in this field: $(a + b\sqrt{2})(c + d\sqrt{2}) = (ac + 2bd) + (ad + bc)\sqrt{2}$, using $(\sqrt{2})^2 = 2$. To invert $a + b\sqrt{2} \neq 0$: rationalise the denominator, \begin{align*} \frac{1}{a + b\sqrt{2}} = \frac{a - b\sqrt{2}}{(a + b\sqrt{2})(a - b\sqrt{2})} = \frac{a - b\sqrt{2}}{a^2 - 2b^2}. \end{align*} The denominator $a^2 - 2b^2 \neq 0$ because $\sqrt{2}$ is irrational: if $a^2 = 2b^2$ with $a, b \in \mathbb{Q}$ not both zero, then $(a/b)^2 = 2$, contradicting the irrationality of $\sqrt{2}$. [/example] ## Composite Extensions and Adjoining Multiple Elements In practice, we often need to adjoin not just one element but several. Solving a cubic, for instance, may require adjoining a cube root and a primitive cube root of unity. The resulting field is generated over $k$ by multiple elements, and its structure depends on the algebraic relations among them. When we adjoin a finite collection of algebraic elements $\alpha_1, \ldots, \alpha_m$ to $k$, the process can be carried out step by step. Each step is governed by a minimal polynomial — but the minimal polynomial of $\alpha_i$ may change as we pass to larger intermediate fields. More precisely, $\alpha_2$ has a minimal polynomial over $k(\alpha_1)$ that divides its minimal polynomial over $k$, and the degree can drop. A natural question is: can the entire composite extension $k(\alpha_1, \ldots, \alpha_m)$ itself be generated by a single element over $k$? This is not obvious — the fact that each step is a simple extension does not immediately imply the whole tower is. When such a single generator exists, we say the extension is simple, and the generator is called a primitive element. Having a single generator is more than notational convenience. It means the entire extension is controlled by one minimal polynomial: to understand $K$ over $k$, you need only understand one irreducible polynomial $m_{\alpha, k}$. Without a primitive element, the extension is spread across multiple generators with potentially complicated interrelations, and there is no single polynomial equation whose roots describe the whole extension. Concretely, computations — finding bases, computing norms and traces, factoring polynomials — are vastly simpler when every element of $K$ can be expressed as a polynomial in a single $\alpha$. The Primitive Element Theorem, which we reach at the end of this section, guarantees that this simplification is available for all finite separable extensions. [definition: Simple Extension] A field extension $K/k$ is called **simple** if there exists $\alpha \in K$ such that $K = k(\alpha)$. The element $\alpha$ is called a **primitive element** of the extension. [/definition] Not every extension is simple, but algebraic extensions that are also separable always are — this is the content of the Primitive Element Theorem, stated in the next section. The tower law tells us how to compute degrees for composite extensions. If $\alpha_1, \ldots, \alpha_m$ are algebraic over $k$ with minimal polynomials of degrees $n_1, \ldots, n_m$ respectively, then: \begin{align*} [k(\alpha_1, \ldots, \alpha_m) : k] \leq n_1 n_2 \cdots n_m, \end{align*} with equality when the minimal polynomial of $\alpha_i$ over $k(\alpha_1, \ldots, \alpha_{i-1})$ still has degree $n_i$ for each $i$ (i.e., when no $\alpha_i$ satisfies a lower-degree polynomial over the previously adjoined elements). [example: Adjoining $\sqrt{2}$ and $\sqrt{3}$] Consider the tower $\mathbb{Q} \subset \mathbb{Q}(\sqrt{2}) \subset \mathbb{Q}(\sqrt{2}, \sqrt{3})$. First, $[\mathbb{Q}(\sqrt{2}) : \mathbb{Q}] = 2$ since $\sqrt{2}$ satisfies $x^2 - 2$, which is irreducible over $\mathbb{Q}$. Next, we need $[\mathbb{Q}(\sqrt{2}, \sqrt{3}) : \mathbb{Q}(\sqrt{2})]$. The element $\sqrt{3}$ satisfies $x^2 - 3 \in \mathbb{Q}(\sqrt{2})[x]$. Is $x^2 - 3$ irreducible over $\mathbb{Q}(\sqrt{2})$? It factors iff $\sqrt{3} \in \mathbb{Q}(\sqrt{2})$, i.e., iff $\sqrt{3} = a + b\sqrt{2}$ for some $a, b \in \mathbb{Q}$. Squaring: $3 = a^2 + 2b^2 + 2ab\sqrt{2}$. Since $\sqrt{2} \notin \mathbb{Q}$, we must have $2ab = 0$. If $a = 0$: $3 = 2b^2$, so $b^2 = 3/2$, impossible for $b \in \mathbb{Q}$. If $b = 0$: $3 = a^2$, so $\sqrt{3} \in \mathbb{Q}$, which is false. So $x^2 - 3$ is irreducible over $\mathbb{Q}(\sqrt{2})$, giving $[\mathbb{Q}(\sqrt{2}, \sqrt{3}) : \mathbb{Q}(\sqrt{2})] = 2$. By the Tower Law: \begin{align*} [\mathbb{Q}(\sqrt{2}, \sqrt{3}) : \mathbb{Q}] = 2 \cdot 2 = 4. \end{align*} A $\mathbb{Q}$-basis is $\{1, \sqrt{2}, \sqrt{3}, \sqrt{6}\}$. [/example] ## Separability An algebraic extension may behave well or badly depending on whether its minimal polynomials have repeated roots. When all roots are distinct, the extension is called separable; when repeated roots appear, it is inseparable. Inseparability is a purely characteristic-$p$ phenomenon: it cannot occur in characteristic zero. To see why repeated roots are a problem, recall that a polynomial $f \in k[x]$ has a repeated root in $\overline{k}$ (the algebraic closure) if and only if $\gcd(f, f') \neq 1$ in $k[x]$, where $f'$ is the formal derivative. For an irreducible polynomial over a field of characteristic zero, $f' \neq 0$ (since the leading coefficient's derivative is nonzero), so $\gcd(f, f') = 1$ and all roots are simple. In characteristic $p$, however, $f' = 0$ is possible — this happens exactly for polynomials of the form $g(x^p)$, known as purely inseparable polynomials. [definition: Separable Element] Let $K/k$ be a field extension and let $\alpha \in K$ be algebraic over $k$ with minimal polynomial $m_{\alpha, k} \in k[x]$. The element $\alpha$ is called **separable** over $k$ if $m_{\alpha, k}$ has no repeated roots in $\overline{k}$ (the algebraic closure of $k$). [/definition] The condition of having no repeated roots is equivalent to the formal GCD condition $\gcd(m_{\alpha, k}, m_{\alpha, k}') = 1$ in $k[x]$: a polynomial and its formal derivative share a common factor if and only if they share a common root, which happens if and only if the polynomial has a repeated root in $\overline{k}$. This algebraic characterisation is what makes separability checkable without passing to $\overline{k}$ explicitly. When every element of $K$ is separable over $k$, the extension itself earns the name separable — and the theory becomes considerably richer. [definition: Separable Extension] A field extension $K/k$ is called **separable** if every element $\alpha \in K$ is separable over $k$. [/definition] In characteristic zero, separability is automatic — but in characteristic $p$, it is a genuine constraint that rules out a class of pathological extensions built from the Frobenius. The following remark makes this precise. [remark: All Extensions in Characteristic Zero Are Separable] If $\operatorname{char}(k) = 0$, then every algebraic extension of $k$ is separable. Indeed, for any irreducible $f \in k[x]$, the derivative $f'$ has degree $\deg(f) - 1 < \deg(f)$, so $f'$ cannot be divisible by $f$ unless $f' = 0$. But $f' = 0$ would force all exponents in $f$ to be multiples of $\operatorname{char}(k)$, which is impossible in characteristic $0$. Hence irreducible polynomials over fields of characteristic zero always have distinct roots, and all algebraic extensions are separable. [/remark] The following example shows that in characteristic $p$ this can fail dramatically — a single irreducible polynomial can have a root of multiplicity $p$, making the extension maximally inseparable. [example: An Inseparable Extension] Let $k = \mathbb{F}_p(t)$, the field of rational functions in $t$ over the finite field $\mathbb{F}_p$. Consider $f(x) = x^p - t \in k[x]$. This polynomial is irreducible over $k$ (by Eisenstein at the prime $(t)$ in $\mathbb{F}_p[t]$). Let $\alpha$ be a root of $f$ in some extension, so $\alpha^p = t$. The formal derivative is $f'(x) = px^{p-1} = 0$ in characteristic $p$. Hence $\gcd(f, f') = f \neq 1$, and $\alpha$ is inseparable over $k$. To confirm that $\alpha$ is a repeated root: in the splitting field, $x^p - t = x^p - \alpha^p = (x - \alpha)^p$ (using the Frobenius identity in characteristic $p$). So $\alpha$ is a root of multiplicity $p$. [/example] For separable extensions, a beautiful structural theorem holds: any finite separable extension is generated by a single element. [quotetheorem:1267] The primitive element $\alpha$ can be chosen concretely when $k$ is infinite: if $K = k(\beta, \gamma)$, then $\alpha = \beta + c\gamma$ works for all but finitely many $c \in k$. ## The Galois Correspondence The deepest result in field extension theory is the Galois correspondence, which establishes a precise duality between the subgroup lattice of a certain group of automorphisms and the lattice of intermediate fields. This duality makes many classification problems — such as determining which polynomial equations are solvable by radicals — tractable by translating them into questions about group theory. [illustration:galois-correspondence-lattice] The key players are the automorphisms of $K$ that fix $k$ pointwise. These automorphisms form a group under composition, and its structure reflects the arithmetic of the extension. [definition: Galois Group] Let $K/k$ be a field extension. The **Galois group** of $K$ over $k$, denoted $\operatorname{Gal}(K/k)$, is the group of all field automorphisms $\sigma: K \to K$ such that $\sigma(a) = a$ for all $a \in k$, with the group operation being composition. [/definition] Once we have a group $G = \operatorname{Gal}(K/k)$ acting on $K$, it is natural to ask: what does each subgroup $H \le G$ "see"? An element $\alpha \in K$ is invisible to $H$ — fixed by every automorphism in $H$ — precisely when $\alpha$ is determined by the part of the structure that $H$ does not move. The collection of all such elements forms an intermediate field, and this is the key construction that makes the Galois correspondence work. [definition: Fixed Field] Let $K/k$ be a field extension and let $H \le \operatorname{Gal}(K/k)$ be a subgroup. The **fixed field** of $H$ is: \begin{align*} K^H := \{\alpha \in K : \sigma(\alpha) = \alpha \text{ for all } \sigma \in H\}. \end{align*} This is always an intermediate field satisfying $k \subset K^H \subset K$. [/definition] Not every extension has a Galois group large enough to generate the full Galois correspondence. In an arbitrary extension, $|\operatorname{Gal}(K/k)|$ can be much smaller than $[K : k]$: the symmetry group may not see all of $K$. The extensions where the symmetry group is as large as possible — where $|\operatorname{Gal}(K/k)|$ reaches its maximum value $[K : k]$ — are exactly those for which the correspondence works perfectly, and these are the Galois extensions. Two conditions must hold simultaneously, and it is useful to understand each on its own terms before combining them. The first condition — normality — addresses a basic question about polynomial roots. If an irreducible polynomial $f \in k[x]$ has one root in $K$, do all its roots lie in $K$? Normality says yes. Without this, the Galois group cannot permute all conjugates of an element freely, because some conjugates live outside $K$ and are invisible to any automorphism of $K$ over $k$. Normality is the closure property that ensures $K$ is "round": it contains full root sets, not just partial ones. [definition: Normal Extension] A field extension $K/k$ is called **normal** if it is algebraic and every irreducible polynomial $f \in k[x]$ that has at least one root in $K$ splits completely in $K$ — that is, all roots of $f$ lie in $K$. [/definition] Equivalently, $K/k$ is normal if and only if $K$ is the splitting field of some collection of polynomials in $k[x]$. This characterises normal extensions as those that arise by adjoining all roots of some set of polynomials, rather than just some of them. The second condition is separability, which we have already met: every element of $K$ must have distinct conjugates. Together, normality and separability characterise the extensions for which the automorphism group achieves its maximum size $[K : k]$. The definition by this cardinality condition is the cleanest way to state what a Galois extension is — it captures the idea that there are no "hidden symmetries" missing from $\operatorname{Gal}(K/k)$. [definition: Galois Extension] A finite field extension $K/k$ is **Galois** if $|\operatorname{Gal}(K/k)| = [K : k]$. [/definition] [quotetheorem:3310] The condition $|\operatorname{Gal}(K/k)| = [K : k]$ is the cleanest characterisation: the symmetry group is as large as possible. [quotetheorem:1274] The order-reversing nature of the correspondence is essential: a smaller subgroup fixes more of $K$, giving a larger fixed field. This reversal is the key to using group theory to study field theory. [example: The Galois Group of $\mathbb{Q}(\sqrt{2}, \sqrt{3})/\mathbb{Q}$] We saw that $[\mathbb{Q}(\sqrt{2}, \sqrt{3}) : \mathbb{Q}] = 4$ with basis $\{1, \sqrt{2}, \sqrt{3}, \sqrt{6}\}$. Set $K = \mathbb{Q}(\sqrt{2}, \sqrt{3})$ and $k = \mathbb{Q}$. An automorphism $\sigma \in \operatorname{Gal}(K/k)$ fixes $\mathbb{Q}$ and is determined by where it sends $\sqrt{2}$ and $\sqrt{3}$. Since $\sigma(\sqrt{2})^2 = \sigma(2) = 2$, we have $\sigma(\sqrt{2}) = \pm\sqrt{2}$, and similarly $\sigma(\sqrt{3}) = \pm\sqrt{3}$. This gives $4$ choices, each of which extends to an automorphism. Explicitly: \begin{align*} \sigma_1 &: \sqrt{2} \mapsto \sqrt{2},\quad \sqrt{3} \mapsto \sqrt{3} \quad (\text{identity}) \\ \sigma_2 &: \sqrt{2} \mapsto -\sqrt{2},\quad \sqrt{3} \mapsto \sqrt{3} \\ \sigma_3 &: \sqrt{2} \mapsto \sqrt{2},\quad \sqrt{3} \mapsto -\sqrt{3} \\ \sigma_4 &: \sqrt{2} \mapsto -\sqrt{2},\quad \sqrt{3} \mapsto -\sqrt{3}. \end{align*} Since $|\operatorname{Gal}(K/k)| = 4 = [K : k]$, the extension is Galois. One checks that $\sigma_2^2 = \sigma_3^2 = \sigma_4^2 = \sigma_1$ and all elements commute, so $\operatorname{Gal}(K/k) \cong \mathbb{Z}/2\mathbb{Z} \times \mathbb{Z}/2\mathbb{Z}$. The subgroups of $\mathbb{Z}/2\mathbb{Z} \times \mathbb{Z}/2\mathbb{Z}$ are: $\{e\}$, $\langle \sigma_2 \rangle$, $\langle \sigma_3 \rangle$, $\langle \sigma_4 \rangle$, and $G$ itself. The Galois correspondence gives: \begin{align*} \{e\} &\longleftrightarrow K = \mathbb{Q}(\sqrt{2}, \sqrt{3}) \\ \langle \sigma_2 \rangle &\longleftrightarrow K^{\langle \sigma_2 \rangle} = \mathbb{Q}(\sqrt{3}) \\ \langle \sigma_3 \rangle &\longleftrightarrow K^{\langle \sigma_3 \rangle} = \mathbb{Q}(\sqrt{2}) \\ \langle \sigma_4 \rangle &\longleftrightarrow K^{\langle \sigma_4 \rangle} = \mathbb{Q}(\sqrt{6}) \\ G &\longleftrightarrow k = \mathbb{Q}. \end{align*} All subgroups of the abelian group $G$ are normal, so all four intermediate fields are Galois over $\mathbb{Q}$, each with Galois group $\mathbb{Z}/2\mathbb{Z}$. [/example] To see why the Galois hypothesis is indispensable, consider what happens when it fails. If $K/k$ is not Galois — for instance because it is not normal — the automorphism group $\operatorname{Gal}(K/k)$ is strictly smaller than $[K : k]$, and the correspondence between subgroups and intermediate fields collapses. [example: Failure of the Galois Correspondence for a Non-Normal Extension] Consider $K = \mathbb{Q}(\sqrt[3]{2})$, the real cube root of $2$, as an extension of $k = \mathbb{Q}$. The minimal polynomial of $\sqrt[3]{2}$ over $\mathbb{Q}$ is $x^3 - 2$, which is irreducible (Eisenstein at $2$), so $[K : k] = 3$. However, $K/\mathbb{Q}$ is not normal: the polynomial $x^3 - 2$ has three roots — $\sqrt[3]{2}$, $\omega\sqrt[3]{2}$, and $\omega^2\sqrt[3]{2}$ where $\omega = e^{2\pi i/3}$ — but only one of them, $\sqrt[3]{2}$, lies in $K \subset \mathbb{R}$. The other two roots are non-real and therefore absent from $K$. An automorphism $\sigma \in \operatorname{Gal}(K/\mathbb{Q})$ would have to send $\sqrt[3]{2}$ to another root of $x^3 - 2$, but the only root available in $K$ is $\sqrt[3]{2}$ itself. So the only automorphism fixing $\mathbb{Q}$ pointwise is the identity, and: \begin{align*} |\operatorname{Gal}(K/\mathbb{Q})| = 1 \neq 3 = [K : \mathbb{Q}]. \end{align*} The subgroup lattice of the trivial group $\{e\}$ has exactly two elements: $\{e\}$ and $\{e\}$ itself. If the Galois correspondence held, these two subgroups would correspond bijectively to the intermediate fields between $\mathbb{Q}$ and $K$. But the extension $\mathbb{Q} \subset K$ has degree $3$, a prime, so by the Tower Law the only intermediate fields are $\mathbb{Q}$ and $K$ themselves — two fields, not one — and the bijection would require $|\operatorname{Gal}(K/\mathbb{Q})| = [K:\mathbb{Q}] = 3$, which fails. The fixed field of the full (trivial) Galois group is $K^{\{e\}} = K$, but the fixed field of $\operatorname{Gal}(K/\mathbb{Q})$ is $K$ rather than $\mathbb{Q}$: the base field $\mathbb{Q}$ is not recovered. This is the precise failure that the Galois condition prevents. [/example] ## Finite Fields Among extensions of prime fields $\mathbb{F}_p$, the finite fields form a particularly clean and complete theory. Every finite field has $p^n$ elements for some prime $p$ and positive integer $n \in \mathbb{N}$, and conversely, for every such $p$ and $n$, there exists a unique (up to isomorphism) field with $p^n$ elements. These fields are always Galois over their prime subfield, and their Galois groups are cyclic, generated by the Frobenius automorphism. [definition: Frobenius Endomorphism] Let $\mathbb{F}_q$ be a field of characteristic $p > 0$ with $q = p^n$. The **Frobenius endomorphism** is the map \begin{align*} \varphi_p: \mathbb{F}_q &\to \mathbb{F}_q \\ x &\mapsto x^p. \end{align*} This is a field homomorphism (it fixes $\mathbb{F}_p$ pointwise and is bijective), hence an automorphism of $\mathbb{F}_q$ over $\mathbb{F}_p$. [/definition] The Frobenius automorphism turns out to generate the entire Galois group of $\mathbb{F}_{p^n}$ over $\mathbb{F}_p$, and this single automorphism encodes the complete structure of finite field extensions. The following theorem makes this precise. [quotetheorem:3311] Parts (1) and (2) are existence and uniqueness results; parts (3) and (4) describe the Galois theory and subfield lattice of finite fields. The subfield lattice is especially clean: it is in perfect bijection with the divisibility lattice of the integer $n$, with $\mathbb{F}_{p^m} \subset \mathbb{F}_{p^n}$ iff $m \mid n$. The following explanation justifies parts (1) and (2). [explanation: Why $\mathbb{F}_{p^n}$ Exists and Is Unique] The existence comes from the splitting field of $x^{p^n} - x$ over $\mathbb{F}_p$. The key observation is that the set of roots of $x^{p^n} - x$ in $\overline{\mathbb{F}_p}$ forms a field: if $\alpha^{p^n} = \alpha$ and $\beta^{p^n} = \beta$, then $(\alpha \pm \beta)^{p^n} = \alpha^{p^n} \pm \beta^{p^n} = \alpha \pm \beta$ (using the Frobenius identity $(\alpha + \beta)^p = \alpha^p + \beta^p$ in characteristic $p$, applied $n$ times), and $(\alpha\beta)^{p^n} = \alpha^{p^n}\beta^{p^n} = \alpha\beta$. The derivative of $x^{p^n} - x$ is $p^n x^{p^n - 1} - 1 = -1 \neq 0$ in characteristic $p$, so all $p^n$ roots are distinct. The splitting field is thus a field with exactly $p^n$ elements. Uniqueness follows from the fact that any field with $p^n$ elements has multiplicative group $\mathbb{F}_q^\times$ of order $p^n - 1$, so every nonzero element satisfies $\alpha^{p^n - 1} = 1$, giving $\alpha^{p^n} = \alpha$ for all $\alpha \in \mathbb{F}_q$. Hence every field with $p^n$ elements is contained in the splitting field of $x^{p^n} - x$ over $\mathbb{F}_p$, and since both have the same number of elements, they are equal. [/explanation] The smallest nontrivial example beyond the prime fields is $\mathbb{F}_4$, which already exhibits all the key features: construction as a quotient, the Frobenius as a nontrivial automorphism, and a cyclic multiplicative group. [example: The Field $\mathbb{F}_4$] We construct $\mathbb{F}_4$, the unique field with $4 = 2^2$ elements. We need an irreducible polynomial of degree $2$ over $\mathbb{F}_2$. The polynomial $x^2 + x + 1$ has no roots in $\mathbb{F}_2$ (check: $0^2 + 0 + 1 = 1 \neq 0$ and $1^2 + 1 + 1 = 1 \neq 0$ in $\mathbb{F}_2$), so it is irreducible. Set \begin{align*} \mathbb{F}_4 = \mathbb{F}_2[x]/(x^2 + x + 1) = \{0, 1, \omega, \omega + 1\} \end{align*} where $\omega$ denotes the image of $x$ in the quotient. The relation $\omega^2 + \omega + 1 = 0$ in $\mathbb{F}_2$, i.e., $\omega^2 = \omega + 1$ (since $-1 = 1$ in characteristic $2$). The multiplication table for nonzero elements: \begin{align*} \omega \cdot \omega &= \omega + 1, \quad \omega \cdot (\omega + 1) = \omega^2 + \omega = (\omega + 1) + \omega = 1, \quad (\omega + 1)^2 = \omega^2 + 1 = \omega. \end{align*} So $\mathbb{F}_4^\times = \{1, \omega, \omega+1\}$ is cyclic of order $3$, generated by $\omega$. The Frobenius automorphism $\varphi_2: x \mapsto x^2$ acts as $\omega \mapsto \omega^2 = \omega + 1$, which is indeed the nontrivial automorphism of $\mathbb{F}_4$ over $\mathbb{F}_2$. [/example] ## References - S. Lang, *Algebra* (3rd ed., 2002). Springer. Chapters V–VI. - D. S. Dummit and R. M. Foote, *Abstract Algebra* (3rd ed., 2004). Wiley. Chapters 13–14. - E. Artin, *Galois Theory* (2nd ed., 1944). University of Notre Dame Press. - J. Milne, *Fields and Galois Theory* (2022). Available at jmilne.org.