Elliptic Curves

An elliptic curve (not to be confused with an ellipse) is a certain kind of polynomial equation which can usually be expressed in the form

\displaystyle y^{2}=x^{3}+ax+b

where a and b satisfy the condition that the quantity

\displaystyle 4a^{3}+27b^{2}

is not equal to zero. This is not the most general form of an elliptic curve, as it will not hold for coefficients of “finite characteristic” equal to 2 or 3; however, for our present purposes, this definition will suffice.

Examples of elliptic curves are the following:

\displaystyle y^{2}=x^{3}-x

\displaystyle y^{2}=x^{3}-x+1

which, for real x and y may be graphed in the “Cartesian” or “xy” plane as follows (image courtesy of user YassineMrabet of Wikipedia):


This rather simple mathematical object has very interesting properties which make it a central object of study in many areas of modern mathematical research.

In this post we focus mainly on one of these many interesting properties, which is the following:

The points of an elliptic curve form a group.

A group is a set with a law of composition which is associative, and the set contains an “identity element” under this law of composition, and every element of this set has an “inverse” (see Groups). Now this law of composition applies whether the points of the elliptic curve have rational numbers, real numbers, or complex numbers for coordinates, and it is always given by the same formula. It is perhaps most visible if we consider real numbers, since in that case we can plot it on the xy plane as we have done earlier. The law of composition is also often called the “tangent and chord” or “tangent and secant” construction.

We now expound on this construction. Given two points on the elliptic curve P and Q on the curve, we draw a line passing through both of them. In most cases, this line will pass through another point R on the curve. Then we draw a vertical line that passes through the point R. This vertical line will pass through another point R' on the curve. This gives us the law of composition of the points of the elliptic curve, and we write P+Q=R'. Here is an image courtesy of user SuperManu of Wikipedia:


The usual case that we have described is on the left; the other three images show other different cases where the line drawn does not necessarily go through three points. This happens, for example, when the line is tangent to the curve at some point Q, as in the second picture; in this case, we think of the line as passing through Q twice. Therefore, when we compute P+Q, the third point is Q itself, and it is through Q that we draw our vertical line to locate Q', which is equal to P+Q.

The second picture also shows another computation, that of Q+Q, or 2Q. Again, since this necessitates taking a line that passes through the point Q twice, this means that the line must be tangent to the elliptic curve at Q. The third point that it passes through is the point P, and we draw the vertical line through P to find the point P', which is equal to 2Q.

Now we discuss the case described by the third picture, where the line going through the two points P and Q which we want to “add” is a vertical line. To explain what happens, we need the notion of a “point at infinity” (see Projective Geometry). We write the point at infinity as 0, expressing the idea that it is the identity element of our group. We cannot find this point at infinity in the xy plane, but we can think of it as the third point that the vertical line passes through aside from P and Q. In this case, of course, there is no need to draw another vertical line – we simply write P+Q=0.

Finally we come to the case described by the fourth picture; this is simply a combination of the earlier cases we have described above. The vertical line is tangent to the curve at the point P, so we can think of it as passing through P twice, and the third point is passes through is the point at infinity 0, so we can write 2P=0.

We will not prove explicitly that the points form a group under this law of composition, i.e. that the conditions for a set to form a group are satisfied by our procedure, but it is an interesting exercise to attempt to do so; readers may try it out for themselves or consult the references provided at the end of the post. It is worth mentioning that our group is also an abelian group, i.e. we have P+Q=Q+P, and hence we have written our law of composition “additively”.

Now, to make the group law apply even when x and y are not real numbers, we need to write this procedure algebraically. This is a very powerful approach, since this allows us to operate with mathematical concepts even when we cannot visualize them.

Let x_{P} and y_{P} be the x and y coordinates of a point P, and let x_{Q} and y_{Q} be the x and y coordinates of another point Q. Let

\displaystyle m=\frac{y_{Q}-y_{P}}{x_{Q}-x_{P}}

be the slope of the line that connects the points P and Q. Then the point P+Q has x and y coordinates given by the following formulas:

\displaystyle x_{P+Q}=m^{2}-x_{P}-x_{Q}

\displaystyle y_{P+Q}=-y_{P}-m(x_{P+Q}-x_{P})

In the case that Q is the same point as P, then we define the slope of the tangent line to the elliptic curve at the point P using the formula

\displaystyle m=\frac{3x_{P}^{2}+a}{2y_{P}}

where a is the coefficient of x in the formula, of the elliptic curve, i.e.

\displaystyle y^{2}=x^{3}+ax+b.

Then the x and y coordinates of the point 2P are given by the same formulas as above, appropriately modified to reflect the fact that now the points P and Q are the same:

\displaystyle x_{2P}=m^{2}-2x_{P}

\displaystyle y_{2P}=-y_{P}-m(x_{2P}-x_{P})

This covers the first two cases in the image above; for the third case, when P and Q are distinct points and y_{P}=-y_{Q}, we simply set P+Q=0. For the fourth case, when P and Q refer to the same point, and y_{P}=0, we set 2P=0. The point at infinity itself can be treated as a mere point and play into our computations, by setting P+0=P, reflecting its role as the identity element of the group.

The group structure on the points of elliptic curves have practical applications in cryptography, which is the study of “encrypting” information so that it cannot be deciphered by parties other than the intended recipients, for example in military applications, or when performing financial transactions over the internet.

On the purely mathematical side, the study of the group structure is currently a very active field of research. An important theorem called the Mordell-Weil theorem states that even though there may be an infinite number of points whose coordinates are given by rational numbers (called rational points), these points may all be obtained by performing the “tangent and chord” or “tangent and secant” construction on a finite number of points. In more technical terms, the group of rational points on an elliptic curve is finitely generated.

There is a theorem concerning finitely generated abelian groups stating that any finitely generated abelian group G is isomorphic to the direct sum of r copies of the integers and a finite abelian group called the torsion subgroup of G. The number r is called the rank of G. The famous Birch and Swinnerton-Dyer conjecture, which currently carries a million dollar prize for its proof (or disproof), concerns the rank of the finitely generated abelian group of rational points on an elliptic curve.

Another thing that we can do with elliptic curves is use them to obtain representations of Galois groups (see Galois Groups). A representation of a group G on a vector space V over a field K is a homomorphism from G to GL(V), the group of bijective linear transformations of the vector space V to itself. We know of course from Matrices that linear transformations of vector spaces can always be written as matrices (in our case the matrices must have nonzero determinant to ensure that the linear transformations are bijective). Representation theory allows us to study the objects of abstract algebra using the methods of linear algebra.

To any elliptic curve we can associate a certain algebraic number field (see Algebraic Numbers). The elements of these algebraic number fields are “generated” by the algebraic numbers that provide the coordinates of “p-torsion” points of the elliptic curve, i.e. those points P for which pP=0 for some prime number p.

The set of p-torsion points of the elliptic curve is a 2-dimensional vector space over the finite field \mathbb{Z}/p\mathbb{Z} (see Modular Arithmetic and Quotient Sets), also written as \mathbb{F}_{p}. Among other things this means that we can choose two p-torsion points P and Q of the elliptic curve such that any other p-torsion point can be written as aP+bQ for integers a and b between 0 and p-1. When an element of the Galois group of the algebraic number field generated by the coordinates of the p-torsion points of the elliptic curve permutes the elements of the algebraic number field, it also permutes the p-torsion points of the elliptic curve. This permutation can then be represented by a 2\times 2 matrix with coefficients in \mathbb{F}_{p}.

The connection between Galois groups and elliptic curves is a concept that is central to many developments and open problems in mathematics. It plays a part, for example in the proof of the famous problem called Fermat’s Last Theorem. It is also related to the open problem called the Kronecker Jugendtraum (which is German for Kronecker’s Childhood Dream, and named after the mathematician Leopold Kronecker), also known as Hilbert’s Twelfth Problem, which seeks a procedure for obtaining all field extensions of algebraic number fields whose Galois group is an abelian group. This problem has been solved only in the special case of imaginary quadratic fields, and the solution involves special kinds of “symmetries” of elliptic curves called complex multiplication (not to be confused with the multiplication of complex numbers). David Hilbert, who is one of the most revered mathematicians in history, is said to have referred to the theory of complex multiplication as “…not only the most beautiful part of mathematics but of all science.”


Elliptic Curve on Wikipedia

Mordell-Weil Theorem on Wikipedia

Birch and Swinnerton-Dyer Conjecture on Wikipedia

Wiles’ Proof of Fermat’s Last Theorem on Wikipedia

Hilbert’s Twelfth Problem on Wikipedia

Complex Multiplication on Wikipedia

Image by User YassineMrabet of Wikipedia

Image by User SuperManu of Wikipedia

Fearless Symmetry: Exposing the Hidden Patterns of Numbers by Avner Ash and Robert Gross

Elliptic Tales: Curves, Counting, and Number Theory by Avner Ash and Robert Gross

Rational Points on Elliptic Curves by Joseph H. Silverman

Valuations and Completions

In ordinary everyday life, there are several notions of closeness. There is for example, a physical notion of distance, and we say, for instance, that we are close to our next-door neighbors. But there is another sense of closeness, such that we can say that we are “close” to our relatives, or to our friends, even though physically they may be far away.

There is also a similar notion of “closeness” between numbers. The most basic method is provided by the familiar “absolute value“. Given three numbers x, x_{1}, and x_{2}, to say that x is closer to x_{1} than to x_{2} means that |x-x_{1}|<|x-x_{2}|. So for example, since |(-1)-(2)|=3 and |(8)-(2)|=6, we therefore say that the number 2 is “closer” to the number -1 than to the number 8. In other words, the smaller the value of |x-y|, the closer x and y are to each other.

But there are also other notions of “closeness” for numbers, just as we have explained above, that with our relatives or friends we may be “close” even if we are far away from each other. Consider the numbers 1 and 10001. Simply by looking, they can perhaps be said to be “relatives” or “friends”, which makes them in some way closer than, say, 1 and 18. The same may be said for 5 and 3000005, that they are perhaps members of the same “family”. This is, of course, because their difference is divisible by a large power of 10, and since we use the decimal system to write our numbers, there is some sort of visual cue that these numbers are “family members”.

But in number theory, 10 is not really very special. Perhaps it just so happens that we have 10 fingers which we use for counting, so we used 10 as a base for our number system. What is really special in number theory are the prime numbers. So for our notion of closeness we choose a prime, and define our measure of closeness so that two numbers are closer together whenever their difference is divisible by a large power of that prime number. For our chosen prime p, we want an analogue of the absolute value, which we will call the p-adic absolute value, and written |x-y|_{p}, which is smaller if the difference of x and y is divisible by a large power of p. The “ordinary” absolute value will now be denoted by |x-y|_{\infty}.

We want to define this for rational numbers as follows. Given a rational number a, we express it as


such that b, c, and p are mutually prime, i.e. they have no factors in common except 1. Then we set


We can see that this definition gives us the properties we are looking for – the value of |a|_{p} is indeed smaller if a is divisible by a large power of p.

The absolute value (both the “ordinary” absolute value and the p-adic absolute value) is also called the multiplicative valuation. There is also a related notion called the exponential valuation, which, in the p-adic case, we denote by v_{p}(a) for a rational number a. The exponential valuation is obtained from the multiplicative valuation by setting


In the case above, where a=p^{m}\frac{b}{c} and b, c, and p are mutually prime, we simply have


For the ordinary absolute value, we just set


where \text{ln } of course stands for the natural logarithm.

The concept of “closeness” between numbers, even just the “ordinary” one, was used to discover something interesting about the number line. If it was merely composed of the rational numbers, then there would be “gaps” in the line. To make a “true” number line, one must fill in these gaps, and this lead to the construction of the real numbers by the mathematician Richard Dedekind in the 19th century.

We elaborate on the nature of these “gaps”, following closely the idea behind Dedekind’s construction. Consider the real number \sqrt{2}. It is known from ancient times that this number cannot be written as a ratio of two integers and is therefore not a rational number. However, we can construct an infinite sequence of rational numbers such that every successive rational number in the sequence is “closer” to \sqrt{2}, compared to the one before it.

The mathematician Leopolod Kronecker once claimed, “God made the integers, all else is the work of man.” We know how to construct the rational numbers from the integers (for those who would like to think of the natural numbers as being even more basic than the integers, it is also easy to construct the integers from the natural numbers), by taking pairs of integers, and considering sets of equivalence classes (see Modular Arithmetic and Quotient Sets) of these pairs; for example, we set \frac{1}{2} and \frac{2}{4} as equivalent, because “cross multiplication” on the numerators and denominators gives us the same result. So the rational numbers are really equivalence classes of pairs of integers.

The problem we face now is how to construct the real numbers from the rational numbers. We have seen that we can construct sequences which “converge” in some sense to some value that is not a rational number. By “converge”, we mean that successive terms become closer and closer to each other late in the sequence. Technically, we do not refer to such a sequence as a convergent sequence, since it is a sequence of rational numbers but it does not converge to a rational number. Instead, we refer to it as a Cauchy sequence.

And this gives us a possible solution to our problem above – we could simply define the real numbers as the set of all Cauchy sequences. Those that converge to a rational number “represent” that rational number, and those that do not “represent” an irrational number such as \sqrt{2}. However, there is still one more problem that we have to take care of. There may be more than one Cauchy sequence that “represents” a certain rational or irrational number.

Consider, for instance, the sequence

\displaystyle 5,5,5,5,5,...

which obviously converges to the rational number 5, and consider another sequence

\displaystyle 6,5,5,5,5,...

which is different in the first term but similarly converges to the rational number 5. They are different sequences, but they “represent” the same rational number. We would like to have a method of “identifying” these two sequences under some equivalence relation. In order to do this, we consider the “difference” of these two sequences:

\displaystyle 1,0,0,0,0,...

We see that it converges to 0. Such a sequence is called a nullsequence, and this gives us our equivalence relation – two Cauchy sequences are to be considered equivalent if they differ by a nullsequence. The set of real numbers \mathbb{R} is then defined as the set of equivalence classes of Cauchy sequences under this equivalence relation.

The process of “filling in” the “gaps” between the rational numbers is called completion. Note that a notion of “closeness” is important in the process of completion. If we had a different notion of closeness, for example, by using the p-adic absolute value instead of the ordinary absolute value, we would obtain a different kind of completion. Instead of the real numbers \mathbb{R}, we would have instead the p-adic numbers \mathbb{Q}_{p}. The p-adic numbers play an important role in number theory, as they encode information related to primes.


Valuation on Wikipedia

Complete Metric Space on Wikipedia

p-adic Number on Wikipedia

Algebraic Number Theory by Jurgen Neukirch

Algebraic Number Theory by J. W. S. Cassels and A. Frohlich

Divisors and the Picard Group

In this post, once again focusing on the subject of algebraic geometry, we will consider a “curve”, which, confusingly, refers what we usually think of as a surface. The reason for this is that if we are considering complex numbers x and y, an equation such as y^{2}=x^{3}-x, which we would normally think of as a “curve” if x and y were real numbers, actually refers to something that looks like a surface, in the same way the real numbers form a line and complex numbers form a plane. We will rely on this intuition and leave the more formal definitions of curves, surfaces, and dimension to the references for now.

A divisor is a finite “linear combination” of points on the curve, with integer coefficients. For example, if we have points P_{1} and P_{2} on the curve, we can have something like

\displaystyle 5P_{1}-3P_{2}.

The degree of a divisor is the sum of its coefficients. For the example above, the degree is equal to 2.

A special kind of divisor called a principal divisor comes from  so-called “rational functions” (which, despite the name, may not really be “functions” in the set-theoretic sense but merely expressions involving a “fraction” whose numerator and denominator are both polynomials) on the curve. We let the coefficients of each point denote the “order of vanishing” of the function. For instance, the function

\displaystyle \frac{x(x-1)^{2}}{(x-3)^5}

gives rise to the principal divisor


where P_{1} is the point x=0P_{2} is the point x=1, and P_{3} is the point x=3.

The Picard group of a curve is a group (whose law of composition is given by addition – see also Groups) obtained from the divisors by considering two divisors D and D' equivalent (see Modular Arithmetic and Quotient Sets) if their difference D-D' is a  principal divisor. An element of the Picard group is also called a divisor class.

The Picard group of a curve can say a lot of things about the curve. For instance, it can be used to prove that on the curve y^{2}=x^{3}-x, which is an example of what is called an elliptic curve, the points form a group. The group structure on the elliptic curve, along with other properties such as its being a Riemann surface (a surface which “locally” looks like the complex plane), makes it one of the most interesting objects in mathematics.

The Picard group is also important because its elements, the divisor classes on the curve, correspond to line bundles (vector bundles of dimension 1 – see Vector Fields, Vector Bundles, and Fiber Bundles – but do keep in mind our discussion earlier regarding complex numbers and how this changes our conventions regarding dimension, as in the case of the line and the plane, and curves and surfaces) on the curve. Line bundles are also related to sheaves, in particular those called “locally free sheaves of rank 1” (more general vector bundles correspond to locally free sheaves of finite rank). There is, therefore, a relation between the concept of divisors, the concept of vector bundles, and the concept of sheaves.

We now relate the theory of divisors and the Picard group to number theory. We have mentioned in Localization that we can obtain a scheme out of the integers \mathbb{Z}; the points of this scheme are the prime ideals of \mathbb{Z}, and the set of all these points (prime ideals) we call \text{Spec }\mathbb{Z}. As we can make a scheme out of a more general ring, we can therefore make a scheme out of the ring of integers \mathcal{O}_{K} of an algebraic number field K (see Algebraic Numbers); its points will be the prime ideals of \mathcal{O}_{K}, and the “rational functions” on this scheme will be the elements of K.

In this case, the divisors are made up of “linear combinations” of prime ideals. The principal divisors, which come from rational functions, then correspond, accordingly, to principal fractional ideals, ideals which are generated by a single element of K, which as we have mentioned above correspond to the rational functions. Finally, the Picard group is none other than the ideal class group, which “measures” the failure of unique factorization in an algebraic number field!

More explicitly, an example of a divisor may be written in this way:

\displaystyle 5\mathfrak{p}_{1}-3\mathfrak{p}_{2}

for prime ideals \mathfrak{p}_{1} and \mathfrak{p}_{2}, which as we have said correspond to points. For a principal divisor, we may have, for example, the following element of the rational numbers \mathbb{Q}

\displaystyle \frac{63}{64}

which generates the principal fractional ideal

\displaystyle (\frac{63}{64})=\{...,-\frac{189}{64},-\frac{126}{64},-\frac{63}{64},0,\frac{63}{64},\frac{126}{64},\frac{189}{64},...\}

which in turn gives us the principal divisor

\displaystyle 2\mathfrak{p}_{1}+\mathfrak{p}_{2}-6\mathfrak{p}_{3}

where \mathfrak{p}_{1}=(3)\mathfrak{p}_{2}=(7), and \mathfrak{p}_{3}=(2), the principal ideals generated by 3, 7, and 2 respectively. Note that if we “factorize” the numerator and denominator of \frac{63}{64}, we obtain

\displaystyle \frac{63}{64}=\frac{3^{2}\cdot 7}{2^{6}}.

More generally, we should “factorize” in terms of ideals, in case we don’t have unique factorization:

\displaystyle (\frac{63}{64})=\frac{(3)^{2}(7)}{(2)^{6}}.

The coefficients of a principal divisor, measuring “how much” of a certain prime is in the factorization of the principal fractional ideal it corresponds to, are called valuations. The theory of valuations offers us another way to develop the entire field of algebraic number theory under a new perspective.


Divisor on Wikipedia

Picard Group on Wikipedia

Algebraic Geometry by Robin Hartshorne

Algebraic Number Theory by Jurgen Neukirch

Etale Cohomology of Fields and Galois Cohomology

In Cohomology in Algebraic Geometry we have introduced sheaf cohomology and Cech cohomology as well as the concept of etale morphisms, and the Grothendieck topology (see More Category Theory: The Grothendieck Topos) that it defines. In this post, we give one important application of these ideas, related to the ideas discussed in Galois Groups.

Let K be a field (see Rings, Fields, and Ideals). A field has only two ideals: (0) and (1), the latter of which is the unit ideal and is therefore the entire field itself as well. Its only prime ideal (which is also a maximal ideal) is (0); recall that in algebraic geometry (see Basics of Algebraic Geometry), the “points” of the mathematical object we call a scheme correspond (locally, at least) to the prime ideals of a ring R, and we refer to this set of “points” as \text{Spec }R. Therefore, for the field K, \text{Spec }K=(0), in other words, \text{Spec }K is made up of a single point.

Now we need to define sheaves on \text{Spec }K. Using ordinary concepts of topology will not be very productive, since our topological space consists only of a single point; therefore, we will not be able to obtain any interesting open covers out of this topological space. However, using the ideas in More Category Theory: The Grothendieck Topos, we can “expand” our idea of open covers. Instead of inclusions of open sets, we will instead make use of etale morphisms, as we have discussed in Cohomology in Algebraic Geometry.

Let K\rightarrow L be an etale morphism. This also means that L is an etale K-algebra (see also The Hom and Tensor Functors for the definition of algebra in our context). It is a theorem that an etale K-algebra is a direct product of finitely many separable field extensions of K (see Algebraic Numbers).

The definition of presheaf and sheaf remains the same, however the sheaf conditions can be restated in our case as the following (perhaps easier to understand) statement, which we copy verbatim from the book Etale Cohomology and the Weil Conjecture by Eberhard Freitag and Reinhardt Kiehl:

The elements s\in \mathcal{F}(B) correspond one-to-one to families of elements

s_{i}\in\mathcal{F}(B_{i}), i\in I

having the property

\text{Image }(s_{i})=\text{Image }(s_{j}), in (B_{i}\otimes_{B}B_{j})

This condition must also hold for i=j!

A separable closure \bar{K} of K is a separable field extension of K (see Cohomology in Algebraic Geometry) that is a subfield of the algebraic closure of K. The algebraic closure of K is an algebraic extension (see Algebraic Numbers) of K which is algebraically closed, i.e., it contains all the roots of polynomials with coefficients in this algebraic extension. Both the algebraic closure and the separable closure of K are unique up to isomorphism. In the case of the field of rational numbers \mathbb{Q}, the separable closure and the algebraic closure coincide and they are both equal to the field of algebraic numbers.

Given the separable closure \bar{K} of K, we define \mathcal{F}(\bar{K}) as the stalk (see Localization) of the sheaf at \bar{K}. It is also written using the language of direct limits (also called an inductive limit):

\displaystyle \mathcal{F}(\bar{K})=\varinjlim\mathcal{F}(L)

We digress slightly in order to explain what this means. The language of direct limits and inverse limits (the latter are also called projective limits) are ubiquitous in abstract algebra, algebraic geometry, and algebraic number theory, and are special cases of the notion of limits we have discussed in Even More Category Theory: The Elementary Topos.

A directed set I is an ordered set in which for every pair i,j there exists k such that i\leq k,j\leq k. A direct, resp. inverse system over I is a family \{A_{i},f_{ij}|i,j\in I,i\leq j\} of objects A_{i} and morphisms f_{ij}: A_{i}\rightarrow A_{j}, resp. f_{ij}: A_{j}\rightarrow A_{i} such that

\displaystyle f_{ii} is the identity map of A_{i}, and

\displaystyle f_{ik}=f_{jk}\circ f_{ij} resp. f_{ik}=f_{ij}\circ f_{jk}

for all i\leq j\leq k .

The direct limit of a direct system is then defined as the quotient

\displaystyle \varinjlim_{i\in I} A_{i}=\coprod_{i\in I} A_{i}/\sim

where two elements x_{i}\in A_{i} and x_{j}\in A_{j} are considered equivalent, x_{i}\sim x_{j} if there exists k such that f_{ik}(x_{i})=f_{jk}(x_{j}).

Meanwhile, the inverse limit of an inverse system is the subset

\displaystyle \varprojlim_{i\in I} A_{i}=\{(x_{i})_{i\in I}\in \prod_{i\in I}A_{i}|f_{ij}(x_{j})=x_{i}\text{ for }i\leq j \}

of the product \displaystyle \prod_{i\in I}A_{i}.

The classical definition of stalk, for a sheaf \mathcal{F} can then also be expressed as the direct limit of the direct system given by the sets (or abelian groups, or modules, etc.) \mathcal{F}(U) and the restriction maps \rho_{UV}: \mathcal{F(U)}\rightarrow \mathcal{F}(V) for open sets V\subseteq U. In our case, of course, instead of inclusion maps V\subseteq U we instead have more general maps induced by etale morphisms.

An example of an etale sheaf over \text{Spec }K is given by the following: Let

\displaystyle \mathcal{G}_{m}(B)=B^{*} where B^{*} is the multiplicative group of the etale K-algebra B.

In this case we have \mathcal{F}(\bar{K})=\bar{K}^{*}, the multiplicative group of the separable closure \bar{K} of K. We note that the multiplicative group of a field F is just the group F-\{0\}, with the law of composition given by multiplication.

In order to make contact with the theory of Galois groups, we now define the concept of G-modules, where G is a group. A left G-module is given by an abelian group M and a map \rho: G\times M\rightarrow M such that

\displaystyle \rho(e,a)=x,

\displaystyle \rho (gh,a)=\rho(g,\rho(h,a)),


\displaystyle \rho(g,(ab))=\rho(g,a)\rho(g,b).

Instead of \rho(g,a) we usually just write g\cdot a. A right G-module may be similarly defined, and may be obtained from a left G-module by defining a\cdot g=g^{-1}\cdot a.

The abelian group \mathcal{F}(\bar{K}) has the structure of a G-module, where G is the Galois group \text{Gal}(\bar{K}/K) (also written as G(\bar{K}/K)), the group of field automorphisms of \bar{K} that keep K fixed.

We see now that there is a connection between Galois theory and etale sheaves over a field. More generally, there is a connection between the Etale cohomology of a field and “Galois cohomology“, an important part of algebraic number theory that we now define. Galois cohomology is the derived functor (see More on Chain Complexes and The Hom and Tensor Functors) of the fixed module functor.

First we construct the standard resolution of the the Galois module (a G-module where G is the Galois group of some field extension) A. It is given by X^{n}(G,A), the abelian group of all functions from the direct product G^{n+1} to A, and the coboundary map

\displaystyle \partial^{n}: X^{n-1}\rightarrow X^{n}

given by

\displaystyle \partial^{n}x(\sigma_{0},...,\sigma{n})=\sum_{i=0}^{n}(-1)^{i}x(\sigma_{0},...,\hat{\sigma_{i}},...,\sigma_{n})

where \hat{\sigma_{i}} signifies that \sigma_{i} is to be omitted.

We now apply the fixed module functor to obtain the cochain complex

\displaystyle C^{n}(G,A)=X^{n}(G,A)^{G}.

The elements of C^{n}(G,A) are the functions x: G^{n+1}\rightarrow A such that

\displaystyle x(\sigma\sigma_{0},...,\sigma\sigma_{n})=\sigma x(\sigma_{0},...,\sigma_{n})

for all \sigma\in G.

The Galois cohomology groups H^{n}(G,A) are then obtained by taking the cohomology of this cochain complex, i.e.

\displaystyle H^{n}(G,A)=\text{Ker }\partial^{n+1}/\text{Im }\partial^{n}

Note: We have adopted here the notation of the book Cohomology of Number Fields by Jurgen Neukirch, Alexander Schmidt, and Kay Wingberg. Some references use a different notation; for instance X_{n} may be defined as the abelian group of functions from G^{n} to A instead of from G^{n+1} to A. This results in different notation for the cochain complexes and their boundary operators; however, the Galois cohomology groups themselves will remain the same.

It is a basic result of Galois cohomology that H^{0}(G,A) gives A^{G}, the subset of A such that \sigma\cdot a=a for all \sigma\in G. In other words, A^{G} is the subset of A that is fixed by G.

We have the following connection between Etale cohomology for fields and Galois cohomology:

\displaystyle H^{n}(K,\mathcal{F})=H^{n}(G,\mathcal{F}(\bar{K}))

We now mention some other basic results of the theory. In analogy with sheaf cohomology, the group H^{0}(K,\mathcal{F}) is just the set of “global sections” \Gamma(K,\mathcal{F})=\mathcal{F}(K) of \mathcal{F}. Letting \mathcal{F}=\mathcal{G}_{m} which we have defined earlier, we have

\displaystyle H^{0}(K,\mathcal{G}_{m})=\mathcal{G}_{m}(K)=K^{*}

In the language of Galois cohomology,

\displaystyle H^{0}(G,\mathcal{G}_{m}(\bar{K}))=(\bar{K}^{*})^{G}=K^{*}

Meanwhile, for H^{1}, we have the following result, called Hilbert’s Theorem 90:

\displaystyle H^{1}(K,\mathcal{G}_{m})=H^{1}(G,\bar{K}^{*})=\{1\}.

The group H^{2}(K,\mathcal{G}_{m})=H^{2}(G,\bar{K}^{*}) is called the Brauer group and also plays an important part in algebraic number theory. The etale cohomology of fields, or equivalently, Galois cohomology, are the topic of famous problems in modern mathematics such as the Milnor conjecture and its generalization, the Bloch-Kato conjecture, which was solved by Vladimir Voevodsky in 2009. They also play an important part in the etale cohomology of more general rings.


Etale Cohomology on Wikipedia

Stalk on Wikipedia

Direct Limit on Wikipedia

Inverse Limit on Wikipedia

Hilbert’s Theorem 90 on Wikipedia

Group Cohomology on Wikipedia

Galois Cohomology on Wikipedia

Milnor Conjecture on Wikipedia

Norm Residue Isomorphism Theorem

Etale Cohomology and the Weil Conjecture by Eberhard Freitag and Reinhardt Kiehl

Cohomology of Number Fields by Jurgen Neukirch, Alexander Schmidt, and Kay Wingberg


In Presheaves we have compared functions on a topological space (as an example we considered the complex plane \mathbb{C} with the Zariski topology) and the functions on open subsets of this space (which in our example would be the complex plane \mathbb{C} with a finite number of points removed).

In this post we take on this topic again, with an emphasis on the functions which can be expressed in terms of polynomials; in Presheaves we saw that on the entire complex plane we could not admit \frac{1}{x} as a function (we will refer to these functions defined on a space as regular functions on the space) on the complex plane \mathbb{C} as it was undefined at the point x=0. It can, however, be admitted as a (regular) function on the open subset \mathbb{C}-\{0\}. We will restrict our topological spaces to the case of varieties (see Basics of Algebraic Geometry).

Note that if we are considering the entire complex plane, the regular functions are only those whose denominators are constants. But on the open subset \mathbb{C}-\{0\}, we may have polynomials in the denominators as long as their zeroes are not in the open subset, in this case 0, which is not in \mathbb{C}-\{0\}. If we take an other open subset, one that is itself a subset of \mathbb{C}-\{0\}, such as \mathbb{C}-\{0,1\}, we can admit even more regular functions on this open subset.

The difference between the properties of a topological space and an open subset of such a space is related to the difference between “local” properties and “global” properties. “Local” means it holds on a smaller part of the space, while “global” means it holds on the entire space. For example, “locally”, the Earth appears flat. Of course, “globally”, we know that the Earth is round. However, ideally we should be able to “patch together” local information to obtain global information. This is what the concept of sheaves (see Sheaves) are for.

We may think about what we will see if we only “look at” a single point, for example, in \mathbb{C}, we may only look at 0. We can look at the set of all ratios of polynomials that are always defined at 0, which means that the polynomial in the denominator is not allowed to have a zero at 0. However, there are many functions that we can have – for example \frac{1}{x-1}, \frac{1}{(x-1)^{2}}, \frac{1}{(x-1)(x-2)}, and so many others aside from those that are already regular on all of \mathbb{C}. The set of all these functions, which form a ring, is called the local ring at 0. The local ring at any point P of a variety X is written \mathcal{O}_{X,P}. Taking the local ring at P is an example of the process of localization.

A single point is not an open subset in our topology, so this does not fit into our definition of a sheaf or a presheaf. Instead, we say that the local ring at a point is the stalk of the sheaf of regular functions at that point. More technically, the stalk of a sheaf (or presheaf) is the set of equivalence classes (see Modular Arithmetic and Quotient Sets) of pairs (U,\varphi), under the equivalence relation (U,\varphi)\sim(U',\varphi') if there exists an open subset V in the intersection U\cap U' for which \varphi |_{V}=\varphi'  |_{V}. The elements of the stalk are called the germs of the sheaf (or presheaf).

An important property of a local ring at a point P is that it has only one maximal ideal (see More on Ideals), which is made up of the polynomial functions that vanish at P. This maximal ideal we will write as \mathfrak{m}_{X,P}. The quotient (again see Modular Arithmetic and Quotient Sets) \mathcal{O}_{X,P}/\mathfrak{m}_{X,P} is called the residue field.

We recall the Hilbert Nullensatz and the definition of varieties and schemes in Basics of Algebraic Geometry. There we established a correspondence between the points of a variety (resp. scheme) and the maximal ideals (resp. prime ideals) of its “ring of functions”. We can use the ideas discussed here concerning locality, via the concept of presheaves and sheaves, to construct more general varieties and schemes.

One of the great things about algebraic geometry is that it is kind of a “synthesis” of ideas from both abstract algebra and geometry, and ideas can be exchanged between both. For example, we have already mentioned in Basics of Algebraic Geometry that we can start with a ring R and look at the set of its maximal (resp. prime) ideals as forming a space. If we look at the set of its prime ideals (usually also referred to as its spectrum, and denoted \text{Spec } R – again we note that the word spectrum has many meanings in mathematics) then we have a scheme. This ring R may not even be a ring of polynomials – we may even consider the ring of integers \mathbb{Z}, and do algebraic “geometry” on the space \text{Spec }\mathbb{Z}!

We can also extract the idea of only looking at local information, an idea which has geometric origins, and apply it to abstract algebra. We can then define local rings completely algebraically, without reference to geometric ideas, as a ring with a unique maximal ideal.

A local ring which is also a principal ideal domain (a ring in which every ideal is a principal ideal, again see More on Ideals) and is not a field is called a discrete valuation ring. Discrete valuation rings are localizations of Dedekind domains, which are important in number theory, as we have discussed in Algebraic Numbers; for instance, in Dedekind domains, even though elements may not factor uniquely into irreducibles, ideals will always factor uniquely into prime ideals.

For the ring of integers \mathbb{Z}, an example of a local ring is given by the ring of fractions whose denominator is an integer not divisible by a certain prime number p. We denote this local ring by \mathbb{Z}_{(p)}. For p=2, \mathbb{Z}_{(2)} is composed of all fractions whose denominator is an odd number. The unique maximal ideal of this ring is given by the fractions whose numerator is an even number. Since \mathbb{Z} is a Dedekind domain, \mathbb{Z}_{(p)} is also a discrete valuation ring. We refer to the local ring \mathbb{Z}_{(p)} as the localization of \mathbb{Z} at the point (prime ideal) (p).

We started with the idea of “local” and “global” in geometry, in particular algebraic geometry, and ended up with ideas important to number theory. This is once more an example of how the exchange of ideas between different branches of mathematics leads to much fruitful development of each branch and of mathematics as a whole.


Localization on Wikipedia

Localization of a Ring on Wikipedia

Local Ring on Wikipedia

Stalk on Wikipedia

Algebraic Geometry by Andreas Gathmann

Algebraic Geometry by J.S. Milne

Algebraic Geometry by Robin Hartshorne

Algebraic Number Theory by Jurgen Neukirch

Galois Groups

In Algebraic Numbers we discussed algebraic number fields and a very important group associated associated to an algebraic number field called its ideal class group. In this post we define another very important group called the Galois group. They are named after the mathematician Evariste Galois, who lived in the early 19th century and developed the theory before his early death in a duel (with mysterious circumstances) at the age of 20 years old.

The problem that motivated the development of Galois groups was the solution of polynomial equations of higher degree. We know that for quadratic equations (equations of degree 2) there exists a “quadratic formula” that allows us to solve for the roots of any quadratic equation. For cubic equations (equations of degree 3) and quartic equations (equations of degree 4), there is also a similar “cubic formula” and a “quartic formula”, although they are not as well-known as the  quadratic formula.

However for quintic equations (equations of degree 5) there is no “quintic formula”. What this means is that not every quintic equation can be solved by a finite number of additions, subtractions, multiplications, divisions, and extractions of roots. Some quintic equations, of course, can be easily solved using these operations, such as x^{5}-1=0. However this does not hold true for all quintic equations. This was proven by another mathematician, Niels Henrik Abel, but it was Galois who gave the conditions needed to determine whether a quintic equation could be solved using the aforementioned operations or not.

The groundbreaking strategy that Galois employed was to study the permutations of roots of polynomial equations. These permutations are the same as the field automorphisms of the smallest field extension (see Algebraic Numbers for the definition of a field extension) that contains these roots (called the splitting field of the polynomial equation) which also fix the field of coefficients of the polynomial.

By “field automorphisms” we mean a function f from a field to itself such that the following conditions are satisfied:



By “fix” we mean that if a is an element of the field of coefficients of the polynomial equation, then we must have


We might perhaps do better by discussing an example. We do not delve straight into quintic equations, and consider first the much simpler case of a quadratic equation such as x^{2}+1=0. We consider the polynomial x^{2}+1 as having coefficients in the field \mathbb{Q} of rational numbers. The roots of this equation are i and -i, and the splitting field is the field \mathbb{Q}[i].

Since there are only two roots, we only have two permutations of these roots. One is the identity permutation, which sends i to i and -i to -i, and the other is the permutation that exchanges the two, sending i to -i and -i to i. The first one corresponds to the identity field automorphism of \mathbb{Q}[i], while the second one corresponds to the complex conjugation field automorphism of \mathbb{Q}[i]. Both these permutations preserve \mathbb{Q}.

These permutations (or field automorphisms) form a group (see Groups), which is what we refer to as the Galois group of the field extension (the splitting field, considered as a field extension of the field of coefficients of the polynomial) or the polynomial.

The idea is that the “structure” of the Galois group, as a group, is related to the “structure” of the field extension. For example, the subgroups of the Galois groups correspond to the “intermediate fields” contained in the splitting field but containing the field of coefficients of the polynomial.

Using this idea, Galois showed that whenever the Galois group of an irreducible quintic polynomial is the symmetric group S_{5} (the group of permutations of the set with 5 elements) or the alternating group A_{5} (the group of “even” permutations of the set with 5 elements), then the polynomial cannot be solved using a finite number of additions, subtractions, multiplications, division, and extractions of roots. This happens, for example, when the irreducible quintic polynomial has three real roots, as in the case of x^{5}-16x+2. More details of the proof can be found in the last chapter of the book Algebra by Michael Artin.

Although the Galois group was initially developed to deal with problems regarding the solvability of polynomial equations, they have found applications beyond this original purpose and have become a very important part of many aspects of modern mathematics, especially in (but not limited to, rather surprisingly) number theory.

For example, the study of “representations” of Galois groups in terms of linear transformations of vector spaces (see Vector Spaces, Modules, and Linear Algebra) is an important part of the proof of the very famous problem called Fermat’s Last Theorem by the mathematician Andrew Wiles in 1994. A very active field of research in the present day related to representations of Galois groups is called the Langlands program. In particular, what is usually being studied is the “absolute” Galois group – the group of field automorphisms of the set of all algebraic numbers that fix the field \mathbb{Q} of rational numbers. A book that makes these ideas accessible to a more general audience is Fearless Symmetry: Exposing the Hidden Patterns of Numbers by Avner Ash and Robert Gross.


Galois Theory on Wikipedia

Galois Group on Wikipedia

Wiles’ Proof of Fermat’s Last Theorem on Wikipedia

Langlands Program on Wikipedia

Fearless Symmetry: Exposing the Hidden Patterns of Numbers by Avner Ash and Robert Gross

Algebra by Michael Artin

Algebraic Numbers

In this post we revisit certain topics discussed in one of the earliest posts on this blog, namely, The Fundamental Theorem of Arithmetic and Unique Factorization. In that post we introduced certain “numbers” such as \mathbb{Z}[i], also referred to as the Gaussian integers, and \mathbb{Z}[\sqrt{-5}], which I currently do not know the name of, despite it being one of the most basic examples of “numbers” displaying “weird” behavior such as the failure of unique factorization.

In that post we have been quite vague, and it is the intention of this post to start taking on the same topics with a little more clarity and rigor.

We define two important concepts – algebraic numbers and finite degree field extensions of the field of rational numbers \mathbb{Q}. These two concepts are the objects of study of the branch of mathematics called algebraic number theory.

An algebraic number is a complex number which is the root of a polynomial with integer coefficients. The square root of -1, which we of course write as i, is an example of an algebraic number. It is a root of the equation


Numbers that are not algebraic numbers are called transcendental numbers. Examples of transcendental numbers are the constants \pi and e.

Given a field (see Rings, Fields, and Ideals) F, a field extension of F is another field K that contains F as a subset (or rather, a subfield). The degree of a field extension of F is its dimension (see More on Vector Spaces and Modules) as a vector space whose field of scalars is F.

It is known that every element of a finite degree field extension of the field of rational numbers \mathbb{Q} is an algebraic number. Hence, such a field extension is also called an algebraic number field.

An algebraic number which is the root of a monic polynomial with integer coefficients is called an algebraic integer. A monic polynomial is a polynomial where the term with the highest degree has a coefficient of 1. Hence, i is not only an algebraic number, but is also an algebraic integer, since the polynomial x^{2}+1 is monic. The algebraic integers in an algebraic number field form a ring. They are related to the elements of the algebraic number field in an analogous way to how ordinary integers are related to rational numbers.

The ring of Gaussian integers \mathbb{Z}[i] is the ring of algebraic integers of the algebraic number field \mathbb{Q}[i], which is made up of complex numbers whose real and imaginary parts are both rational numbers, while the ring \mathbb{Z}[\sqrt{-5}] is the ring of algebraic integers of the algebraic number field \mathbb{Q}[\sqrt{-5}], which is made up of complex numbers which can be written in the form a+b\sqrt{-5}, where a and b are rational numbers.

A unit is an element of the ring of algebraic integers of an algebraic number field which has a multiplicative inverse.As we have already seen in previous posts, it is important to identify the units in the ring of algebraic integers because we have to exclude them when we talk about unique factorization.

One of the things we can do with an algebraic number field is to study the factorization of its ring of algebraic integers. We have explored a little bit of this in The Fundamental Theorem of Arithmetic and Unique Factorization, and we have seen that in the ring \mathbb{Z}[\sqrt{-5}] the factorization into irreducible elements fails to be unique. For example, we may have

6=2\cdot 3=(1+\sqrt{-5})(1-\sqrt{-5})

The numbers 2, 3, 1+\sqrt{-5}, and 1-\sqrt{-5} are all irreducible in the ring \mathbb{Z}[\sqrt{-5}].

However, for certain rings called Dedekind domains, even if unique factorization into irreducible elements does not hold, the ideals of the ring may still be factored uniquely as a product of the prime ideals (see More on Ideals) of the ring. The ring of algebraic integers of an algebraic number field happens to be a Dedekind domain. We will discuss this factorization of ideals next.

We recall that an ideal of a ring is a subset of the ring which is closed under addition and multiplication by elements of the ring. In other words, it is a subset of the ring which is also a module with the ring itself as its ring of scalars. Perhaps the most simple kind of ideal is a principal ideal, written (a) for an element of the ring a, which consists of all products of a with all the other elements of the ring. We may also say that the ideal (a) is the set of all multiples of a.

In the ring of ordinary integers \mathbb{Z}, all ideals are principal ideals. However, this may not be true for more general rings. For example, in the ring \mathbb{Z}[\sqrt{-5}], consider the set of linear combinations of 2 and 1+\sqrt{-5}, i.e. the set of elements of \mathbb{Z}[\sqrt{-5}] which can be written as a(2)+b(1+\sqrt{-5}), where a and b are elements \mathbb{Z}[\sqrt{-5}]. This set, written (2, 1+\sqrt{-5}), forms an ideal, but this ideal is not a principal ideal. It is not the set of multiples of a single element. However, it is closed under addition and multiplication by any element of \mathbb{Z}[\sqrt{-5}].

 Given two ideals \mathfrak{a} and \mathfrak{b} in some ring, the product \mathfrak{a}\mathfrak{b} is the set of all elements of the ring which can be written as a_{1}b_{1}+a_{2}b_{2}+a_{3}b_{3}+... where a_{1}, a_{2}, a_{3},... are elements of the ideal \mathfrak{a} and b_{1}, b_{2}, b_{3},... are elements of the ideal \mathfrak{b}.

We can now state the following “ideal-theoretic” analogue of the fundamental theorem of arithmetic (quoted from the book Algebraic Number Theory by Jurgen Neukirch):

Every ideal of \mathcal{O} different from (0) and (1) admits a factorization


into nonzero prime ideals \mathfrak{p}_{i} of \mathcal{O} which is unique up to the order of the factors.

Here the symbol \mathcal{O} refers to the ring of algebraic integers of an algebraic number field.

We recall once again our example showing the failure of unique factorization in \mathbb{Z}[\sqrt{-5}]:

6=2\cdot 3=(1+\sqrt{-5})(1-\sqrt{-5})

If we instead consider ideals instead of individual elements, we would have


(Note: Parentheses are used to denote principal ideals in abstract algebra and algebraic number theory. However, they are also used to denote multiplication of expressions, as in basic arithmetic and algebra. Hopefully the intended purpose of the parentheses will be obvious from the context and will not cause too much confusion for the reader. In the examples above, we have first used them for individual elements of the ring, and later on, for ideals, which are sets of elements of the ring.)

But the ideals in the last expression can be factored even further:





Therefore, the principal ideal (6) admits a unique factorization as a product of ideals as follows:


We turn next to the definition of the class number of an algebraic number field, which was given a passing mention in The Fundamental Theorem of Arithmetic and Unique Factorization. The class number “measures” in some way the failure of unique factorization, and if its value is equal to 1, then unique factorization holds (this also means that all ideals in the ring of algebraic integers of the algebraic number field are principal ideals).

To define the class number, we first have to introduce the concept of a fractional ideal. A fractional ideal is a module which is obtained by taking the linear combinations of products of a finite number of elements of an algebraic number field with its ring of algebraic integers. Note that these elements need not be an algebraic integer itself. For example, the set

...-\frac{3}{2}, -1, -\frac{1}{2}, 0, \frac{1}{2}, 1, \frac{3}{2}...

is obtained by taking the products of the rational number \frac{1}{2} with the ordinary integers. We write it as (\frac{1}{2}), and, in analogy with principal ideals, we refer to such fractional ideals which are “generated” by a single element as principal fractional ideals. It is a property of fractional ideals that one can multiply them by a certain algebraic integer (which is an element of the ring of algebraic integers of the algebraic number field to which it belongs) and get back the ring of algebraic integers of the algebraic number field. For the example above, we can multiply each element by 2 and get back the ordinary integers.

The fractional ideals, including the principal fractional ideals, form a group (see Groups) under multiplication. The ideal class group is then the group obtained by taking the quotient (see Modular Arithmetic and Quotient Sets) of the group of fractional ideals by the group of principal fractional ideals. The ideal class group only has a finite number of elements (called ideal classes), and this number is called the class number.

There is another way to define the ideal classes. We will say that two ideals \mathfrak{a} and \mathfrak{b} are equivalent, written \mathfrak{a}\sim \mathfrak{b}, if there exist principal ideals (a) and (b) such that (a)\mathfrak{a}=(b)\mathfrak{b}. The ideals that are equivalent to each other then form an equivalence class, and these equivalence classes are the ideal classes. The set of ideal classes form a group, which is the ideal class group.

The ring \mathbb{Z}[\sqrt{-5}], which does not possess unique factorization (of elements) has two ideal classes – the class of principal fractional ideals, and another class, which includes the ideal (2, 1+\sqrt{-5}). Hence its class number is 2.

In summary, algebraic number fields are not always uniquely factorizable into irreducible elements. The class number (which requires the concept of ideals to be properly defined) allows us to somehow “measure” the failure of unique factorization. However, despite the failure of factorization of elements, there is always the uniqueness of factorization for ideals.

This makes up the basics of the subject of algebraic number theory, which I find to be interestingly named – on one hand, it is “algebraic” number theory, which means that it uses concepts from abstract algebra to study numbers. On the other hand, it is “algebraic number” theory, which means that it is the study of algebraic numbers, which we have defined above as the numbers that are zeroes of polynomials with integer coefficients. Algebraic number theory is one of the oldest and most revered branches of mathematics, and has developed consistently and grown in beauty and elegance throughout history – including in modern times.


Algebraic Number Theory in Wikipedia

Algebra by Michael Artin

A Classical Introduction to Modern Number Theory by Kenneth Ireland and Michael Rosen

Algebraic Number Theory by Jurgen Neukirch