Divisibility in Integral Domains

Abstract

This chapter deals with basic notions (divisibility, units, irreducible elements, Euclidean rings, and principal ideal domains) in general domains.

In this chapter we will study the notion of divisibility in general domains. We will restrict our attention to commutative domains R containing a unit¹ 1, i.e., an element with the property 1r = r for all r ∈ R. Recall that a ring R is called a domain if it does not contain any zero divisors, that is, if ab = 0 for elements a, b ∈ R implies that a = 0 or b = 0. Subrings of fields are always domains, and every domain may be interpreted as a subring of its field of quotients (see Exercise 4.3). Our goal is the definition of units, primes, and irreducible elements and a first investigation of the question in which quadratic number rings the theorem of unique factorization holds.

4.1 Units, Primes, and Irreducible Elements

It is easy to transfer the notion of divisibility of integers in \(\mathbb {Z}\) to arbitrary domains R: Given a, b ∈ R, we say that b divides a if there is a c ∈ R such that a = bc, and we write b∣a in this case. More generally we write a ≡ b mod mR if m∣(a − b) in R. Congruences in R have the usual properties; we leave the proofs as exercises (see Exercise 4.9).

Proposition 4.1

Let R be a domain; for all a, b, c, d, m, n ∈ R, we have

1. (a)

   a ≡ b mod  m, c ≡ d mod  m ⇒ a + c ≡ b + d mod  m;

2. (b)

   a ≡ b mod  m, c ≡ d mod  m ⇒ ac ≡ bd mod  m; and

3. (c)

   n∣m und a ≡ b mod  m ⇒ a ≡ b mod  n.

The properties (a) and (b) are equivalent to the statement that a ≡ b mod m implies f(a) ≡ f(b) mod m for all polynomials \(f \in \mathbb {Z}[x]\). The following result shows that certain congruences in \(\mathcal O_k\) imply congruences in \(\mathbb {Z}\); it allows us to work in the bigger ring \(\mathcal O_k\) and then pull back results from there to the ring of ordinary integers.

Proposition 4.2

Let\(a, b, m \in \mathbb {Z}\) . Then a ≡ b mod  m in\(\mathcal O_k\)if and only if a ≡ b mod  m in\(\mathbb {Z}\).

Proof

The congruence a ≡ b mod m in \(\mathcal O_k\) is equivalent to a − b = mγ for some \(\gamma \in \mathcal O_k\). Since \(\gamma = \frac {a-b}m\), we have \(\gamma \in \mathcal O_k \cap \mathbb {Q}\), and now Proposition 2.4 shows that \(\gamma \in \mathbb {Z}\), and hence \(a \equiv b \bmod m\mathbb {Z}\) in \(\mathbb {Z}\). The converse is trivial. □

The following result is also useful for computing with quadratic irrationalities; the simple proof is given in Exercise 4.10.

Proposition 4.3

Let {1, ω} be an integral basis of a quadratic number field, and let\(m \in \mathbb {Z}\)be an integer. Then m∣(a + bω) in\(\mathcal O_k\)if and only if m∣a and m∣b.

Elements of a domain R that divide 1 are called units of R. The set R ^× of all units forms a group with respect to multiplication; it is called the unit group of R. Examples of unit groups of some well-known rings are the following:

The computation of units in number fields is often challenging; checking whether a given element is a unit is rather easy:

Proposition 4.4

An element\(\varepsilon \in \mathcal O_k\)is a unit if and only if Nε = ±1. If we write\(\varepsilon = \frac {t+u\sqrt {m}}2\)for integers t ≡ u mod 2, then ε is a unit if and only if t ² − mu ² = ±4.

Proof

Let \(\varepsilon \in \mathcal O_k\) be a unit; then εη = 1 for some \(\eta \in \mathcal O_k\), and taking the norm yields NεNη = N(1) = 1. Since Nε and Nη are integers whose product is 1, we either have Nε = Nη = 1 or Nε = Nη = −1. Conversely, Nε = ±1 for some \(\varepsilon \in \mathcal O_k\) means ± εε′ = 1, and hence ε is a unit.

If \(\varepsilon = \frac {t+u\sqrt {m}}2\) is a unit, then clearly t ² − mu ² = ±4. If conversely t ² − mu ² = ±4 and m ≡ 2, 3 mod 4, then it follows that t and u both must be even, and hence \(\varepsilon = \frac t2 + \frac u2 \sqrt {m} \in \mathbb { Z}[\sqrt {m}\,]\). If m ≡ 1 mod 4, on the other hand, then t ≡ u mod 2. In both cases, ε is a unit in \(\mathcal O_k\). □

It follows that the norm yields a group homomorphism \(E_k \longrightarrow E_{\mathbb {Q}} = \{\pm 1\}\), where \(E_k = \mathcal O_k^\times \) and \(E_{\mathbb {Q}} = \mathbb {Z}^\times \) are the unit groups of \(\mathcal O_k\) and \(\mathbb {Z}\).

The unit groups in complex quadratic number fields can be described explicitly.

Theorem 4.5

Let m < 0 be squarefree,\(k = \mathbb {Q}(\sqrt {m})\) , and\(R = \mathcal O_k\)the ring of integers in k. Then

$$\displaystyle \begin{aligned} R^\times = \left\{ \begin{array}{cl} \langle i \rangle & \mathit{\text{ if }} m = -1; \\ \langle -\rho \rangle & \mathit{\text{ if }} m = -3; \\ \langle -1 \rangle & \mathit{\text{ otherwise}}. \end{array} \right. \end{aligned}$$

Here \(i = \sqrt {-1}\) denotes a primitive fourth and \(\rho = \frac 12(-1+\sqrt {-3})\) a primitive cube root of unity.

Proof

Assume first that m ≡ 1, 2 mod 4, and let \(\varepsilon = a+b\sqrt {-m}\) be a unit. Then 1 = Nε = a ² + mb ² (the case Nε = −1 cannot occur since m > 0). For m > 1, this implies a = ±1 and b = 0, and hence ε = ±1 (and of course ± 1 are units). If m = 1, there are four possibilities, namely a = ±1, b = 0 and a = 0, b = ±1. All these units are powers of \(i = \sqrt {-1}\).

If m ≡ 3 mod 4, we set \(\varepsilon = \frac 12(a+b\sqrt {-m})\) for integers a, b and find 4 = a ² + mb ² as a necessary and sufficient condition for ε to be a unit. For m > 3, there are again only the trivial solutions corresponding to ε = ±1; if m = 3, then we obtain the units

$$\displaystyle \begin{aligned}\pm1, \quad \pm \frac{-1+\sqrt{-3}\,}2, \quad \pm \frac{1+\sqrt{-3}\,}2.\end{aligned} $$

Setting \(\rho = \frac {-1+\sqrt {-3}\,}2\) (this is a cube root of unity since ρ ³ = 1), we find that E _k is generated by − ρ (a primitive sixth root of unity). □

The determination of the unit group of rings of integers in real quadratic number fields boils down to solving the Pell equation t ² − mu ² = ±4; we will prove in Chap. 7 below that this equation has integral solutions whenever m ≥ 2 is not a square. At this point we only observe that \(\varepsilon = 1+\sqrt {2}\) is a unit with infinite order in \(\mathbb {Z}[\sqrt {2}\,]\) (see Theorem 2.7): If we had \((1+\sqrt {2})^n = \pm 1\) for some n ≥ 1, then taking absolute values (after identifying \(\sqrt {2}\) with the positive real square root of 2), we obtain \(1 = |\pm 1| = |1+\sqrt {2}\,|{ }^n > 1\), and similarly \(1 = |\pm 1| = |1+\sqrt {2}\,|{ }^n = |1 - \sqrt {2}\,|{ }^{-n}< 1\) if n ≤−1. In particular, \(\mathbb {Z}[\sqrt {2}\,]\) has infinitely many units.

John Pell (1611–1685) was an English mathematician. His name got attached to the Pell equation through a mistake by Euler, who apparently confused him with Lord William Brouncker . It was Brouncker who developed a method for solving such equations in integers in connection with Fermat’s challenge in 1657 for the English mathematicians. The proof that Brouncker’s method always leads to a solution was given much later by Lagrange .

A method for solving the Pell equation similar to Brouncker’s had already been developed by Indian mathematicians, in particular Brahmagupta (ca. 598–670) and Bhaskara II (1114–1185); their contributions (see Plofker [104]) became known in Europe only during the nineteenth century. We will present a method for solving the Pell equation in Chap. 7.

Elements a, b ∈ R are called associated, if there is a unit e ∈ R ^× such that a = be; we write a ∼ b and verify easily that this defines an equivalence relation on R.

Irreducible and Prime Elements

An element a ∈ R ∖ R ^× is called irreducible if a has only trivial divisors, that is, units and associates. More exactly: a is irreducible in R if a = bc implies that b or c is a unit. An element p ∈ R ∖ R ^× is called prime if p∣ab implies that p∣a or p∣b. Observe that units are by definition neither prime nor irreducible.

Proposition 4.6

Prime elements are irreducible.

Proof

Let a be prime. If we could factor a, there would exist b, c ∈ R ∖ R ^× with a = bc. Now a∣bc; if a∣b, i.e., b = ad for some d ∈ R, then a = acd, hence 1 = cd, and c is a unit in contradiction to our assumption. □

A simple criterion for the primality of an element in a ring is the following:

Proposition 4.7

An element p ∈ R is prime if and only if the residue class ring R∕pR of the residue classes modulo p is a domain.

The proof is simple. The residue class ring modulo p does not have a zero divisor if ab ≡ 0 mod p implies that a ≡ 0 mod p or b ≡ 0 mod p. But this is just a version of the definition of a prime element, which states that an element is prime if p∣ab implies that p∣a or p∣b.

4.1.1 Elements with Prime Norm Are Prime

We have already seen that elements \(\pi \in \mathcal O_k\) for which p = |Nπ| is a rational prime are always irreducible. As a matter of fact, such elements are always prime. This will follow easily from the theory of ideals that we will develop later; here we will give a direct proof based on Proposition 4.7.

Proposition 4.8

If k is a quadratic number field with ring of integers \(\mathcal O_k\) , then each \(\pi \in \mathcal O_k\) with prime norm is prime.

This is easy to see if \(\mathcal O_k\) is a unique factorization domain (see the next section): Elements with prime norm are irreducible, and in unique factorization domains, irreducible elements are prime. In order to prove this for general rings \(\mathcal O_k\), we show that the residue class ring \(\mathcal O_k/\pi \mathcal O_k\) does not have zero divisors. In fact, we will show that \(\mathcal O_k/\pi \mathcal O_k \simeq \mathbb {F}_{p} = \mathbb {Z}/p\mathbb {Z}\) is isomorphic to the field with p elements.

To this end, let {1, ω} be an integral basis of \(\mathcal O_k\); then π = a + bω for integers \(a, b \in \mathbb {Z}\). We claim that b is not divisible by π (and thus not divisible by p = |ππ′|). In fact, π∣b implies π∣a since a = π − bω, and taking norms, we find p∣a ² and p∣b ². Since p is prime, this implies that p∣a and p∣b. But then π = a + bω would be divisible by p, and hence π′ would be a unit: a contradiction.

Thus there exists an integer \(c \in \mathbb {Z}\) with bc ≡ 1 mod p, and in particular, we have \(bc \equiv 1 \bmod \pi \mathcal O_k\). We find bω ≡−a mod π, after multiplying through by c, thus \(\omega \equiv -ac \bmod \pi \mathcal O_k\). If any \(\gamma = r+s\omega \in \mathcal O_k\) is given, then we find \(\gamma \equiv r - sac \bmod \pi \mathcal O_k\), and thus modulo π every element is congruent to an ordinary integer. Reducing this number modulo p (and p is a multiple of π), we find that γ is congruent to one of the numbers 0, 1, 2, …, p − 1 modulo π.

Now it is easy to show that there are no zero divisors in the ring of residue classes: If we had αβ ≡ 0 mod π and if A, B ∈{0, 1, …, p − 1} are integers with \(\alpha \equiv A \bmod \pi \mathcal O_k\) and \(\beta \equiv B \bmod \pi \mathcal O_k\), then π∣AB; taking norms yields p∣A ² B ², and hence p∣A or p∣B. Thus A = 0 or B = 0, and therefore α ≡ A = 0 mod π or β ≡ B = 0 mod π.

Proposition 4.9

Let p be an odd prime number and\(\mathcal O_k\)the ring of integers in\(k = \mathbb {Q}(\sqrt {m})\) . Then p is prime in\(\mathcal O_k\)if and only if the congruence x ² ≡ m mod  p is not solvable.

Proof

If x ² ≡ m mod p is solvable, then \(p \mid (x+\sqrt {m})(x-\sqrt {m})\), but \(p \nmid (x \pm \sqrt {m})\). Thus p is not prime.

Now we show that p remains prime in \(\mathcal O_k\) if \((\frac mp) = -1\). This case is not covered by Proposition 4.8 since here N(p) = p ² is not prime. The idea for proving the result is the same as in the proof of Proposition 4.8: We show that the residue classes modulo p in \(\mathcal O_k\) form a field.

We will give the proof in the case where \(\mathcal O_k = \mathbb { Z}[\sqrt {m}\,]\). Here the residue classes modulo p in \(\mathcal O_k\) are represented by the p ² elements \(a + b\sqrt {m}\) with 0 ≤ a, b < p; clearly every \(\alpha \in \mathcal O_k\) is congruent modulo p to one of these elements, and they are pairwise distinct. These residue classes form a ring, and we want to show that they form a field. This will follow if we can write down an inverse for each residue class \(a + b\sqrt {m} \bmod p\) different from 0 mod p. Now

$$\displaystyle \begin{aligned}\frac 1{a + b\sqrt{m}} = \frac{a-b\sqrt{m}}{a^2 - mb^2},\end{aligned} $$

and the denominator is ≡ 0 mod p if and only if a and b are divisible by p (otherwise m would be a quadratic residue modulo p). Since 0 ≤ a, b < p, this implies a = b = 0. In fact, a ² ≡ mb ² mod p implies either (if b≠0) that \((\frac ab)^2 \equiv m \bmod p\), and then x ² ≡ m mod p is solvable and m is a quadratic residue modulo p, or (if b = 0) that a ² ≡ 0 mod p and hence a = 0. Thus for each nonzero residue class \(a + b\sqrt {m} \bmod p\), the inverse is given by \(\frac {a - b\sqrt {m}}{a^2 - mb^2} \bmod p\).

In the case m ≡ 1 mod 4, the residue classes modulo p are represented by elements a + bω with 0 ≤ a, b < p; the rest of the proof is left to the readers as an exercise. □

For p = 2, there is a corresponding criterion that may be proved in a similar manner.

Proposition 4.10

The element p = 2 is prime in the ring of integers\(\mathcal O_k\)of the quadratic number field\(k = \mathbb {Q}(\sqrt {m})\)if and only if m ≡ 5 mod 8.

We leave the proof as an exercise for the readers.

4.2 Unique Factorization Domains

A domain in which the theorem of unique factorization holds is called a unique factorization domain (UFD). More exactly, we demand

• UFD–1. Each non-unit ≠0 is a product of finitely many irreducible elements.

• UFD–2. Irreducible elements are prime.

There are domains in which UFD–1 fails: In the domain A that is obtained by adjoining all 2ⁿ-th roots of 2 to \(\mathbb {Z}\), namely , the element 2 cannot be written as a finite product of irreducible elements since

The defining property of unique factorization domains is that the factorization guaranteed by UFD–1 should be unique:

• UFD–3. Let a ∈ R ∖{0} and a = ep ₁⋯p _s = e′q ₁⋯q _t, where e, e′∈ R ^× are units and where the p _j and q _j are irreducible elements in R. Then s = t, and we can rearrange the q _j in such a way that p _i ∼ q _i for i = 1, …, s.

Clearly, UFD–3 holds in any unique factorization domain.

Proposition 4.11

Conditions UFD–2 and UFD–3 are equivalent in every domain R in which UFD–1 holds.

Proof

UFD–2 ⇒ UFD–3: Since the p _i are irreducible, they are prime by assumption. In particular, p ₁ divides one of the factors q _j, say q ₁. Since q ₁ is irreducible, we must have p ₁ ∼ q ₁. Since R is a domain, p ₁ may be canceled, and we obtain \(e_1 p_2 \cdots p_s = e^{\prime }_1 q_2 \cdots q_t\). Induction now yields the claim.

UFD–3 ⇒ UFD–2: Let a be irreducible and a∣xy, where x, y ∈ R. Then there exists an element b ∈ R with ab = xy. Because of UFD–3, the decomposition into irreducible elements is unique up to order and units; thus an associate of a must occur in the factorization of x or y, and we find a∣x or a∣y. Thus a is prime. □

Since \(1 + \sqrt {-5}\) is irreducible in \(R = \mathbb {Z}[\sqrt {-5}\,]\), but not prime, R is not a unique factorization domain. This fact also proves that the theorem of unique factorization in \(\mathbb {Z}\), which often seems obvious to beginners in number theory, requires a proof.

We call an element d in some domain a common divisor of elements a, b ∈ R if d∣a and d∣b. How should we choose a “greatest” common divisor among these common divisors? In the ordinary integers, we can choose the greatest divisor with respect to the absolute value, but this is not a suitable definition for general domains R. What we want is a definition of the greatest common divisor in terms of divisibility alone: We call d ∈ R a greatest common divisor of a, b ∈ R and write \(d \sim \gcd (a,b)\) if d has the following properties:

• GCD–1. d is a common divisor of a and b, i.e., d∣a and d∣b.

• GCD–2. Every common divisor of a and b divides d, i.e., if c∣a and c∣b for some c ∈ R, then c∣d.

Again we would like to emphasize the fact that this definition is well suited for building a theory of greatest common divisors but cannot easily be used for finding a greatest common divisor of two elements in some domain.

In unique factorization domains, the greatest common divisor of two elements can be written down explicitly. In fact, if \(a = u\prod p^{\alpha _p}\) and \(b = v\prod p^{\beta _p}\) are the prime factorizations of a and b (with units u, v ∈ R ^×), then we can easily show that \(d = \prod p^{\min (\alpha _p,\beta _p)}\) is a greatest common divisor of a and b. One has to remark that even in the case of the ordinary integers, finding the prime factorization of two (large) integers can be very difficult.

Two elements a and b of some unique factorization domain R are called coprime (or relatively prime) if their greatest common divisor is a unit. Observe that we demand that R be a unique factorization domain. In fact, in domains without unique factorization, a greatest common divisor need not exist, and if it does, it need not have the properties we expect from a greatest common divisor, such as \(\gcd (a,b)^2 = \gcd (a^2,b^2)\).

Proposition 4.12

If R is a unique factorization domain, if a, b ∈ R are coprime, and if ab = ex ⁿ(n ≥ 2) for some unit e ∈ R ^×and some x ∈ R, then there exist units e ₁, e ₂ ∈ R ^×and elements c, d ∈ R such that a = e ₁ c ⁿand b = e ₂ d ⁿ , where cd = x and e ₁ e ₂ = e.

Proof

We prove this by induction on the number of prime factors of a. If a is a unit, then the claim follows with c = 1, d = x, e ₁ = a, and e ₂ = ea ⁻¹.

Assume that the claim is true for all a ∈ R with at most t different prime factors, and let p ∈ R be a prime with p∣a. Assume that p ^h ∥ a (we write p ^h ∥ a if p ^h∣a and \(p^{h+1} \nmid a\), i.e., if p ^h is the largest power of p that divides a). Since p ^h ∥ x ⁿ (here we use the fact that a and b are coprime), we must have h = nk for some \(k \in \mathbb {N}\) and p ^k ∥ x. Thus a = p ^h a ₁, x = p ^k x ₁ and \(a_1b = ex_1^n\). By induction assumption, we have a ₁ = e ₁ c ⁿ and b = e ₂ d ⁿ, and now the claim follows since a = e ₁(cp ^k)ⁿ. □

Corollary 4.13

If R is a unique factorization domain, if\(\gcd (a,b) = p\)for elements a, b, p ∈ R, where p is prime, and if ab = ex ⁿ(n ≥ 2) for some e ∈ R ^×and x ∈ R, then there exist units e ₁, e ₂ ∈ R ^×and c, d ∈ R with a = e ₁ pc ⁿand b = e ₂ p ⁿ⁻¹ d ⁿ(after switching a and b, if necessary).

Proof

Exercise 4.28. □

4.3 Principal Ideal Domains

Principal ideal domains will play a minor role in this chapter, mainly as a link in the chain of inclusions

Euclidean Domains ⊂ Principal Ideal Domains ⊂ Unique Factorization Domains

that we will use for constructing unique factorization domains. Both inclusions are proper; for rings of integers in quadratic number fields (and in fact of general number fields), the second inclusion is in fact an equality.

First we will have to explain the notion of a principal ideal domain. To this end, consider a domain R; a subring I of R is called an ideal of R if I ⋅ R ⊆ I. Thus an ideal is a subset of a domain that is closed with respect to addition (I + I ⊆ I) as well as with respect to multiplication by arbitrary elements of the domain R.

Observe that I is a subring of R if the weaker condition I ⋅ I ⊂ I is satisfied. In the domain \(R = \mathbb {Z}\), it can be shown that each subring is an ideal. The following example shows that this is not true for general domains: The set

$$\displaystyle \begin{aligned}M = \mathbb{Z} + 2\sqrt{m}\,\mathbb{Z} = \{a + 2b\sqrt{m}: a, b \in \mathbb{Z}\}\end{aligned} $$

is a subring of \(\mathbb {Z}[\sqrt {m}\,]\), but not an ideal. This is because MR = R; in fact, 1 ∈ M implies that each element of R is contained in MR. Since \(\sqrt {m} \in R \setminus M\), the subring M is not an ideal.

It is very easy to write down examples of ideals. If we are given elements a ₁, …, a _n ∈ R, then the set of all R-linear combinations

$$\displaystyle \begin{aligned}I = (a_1, \ldots, a_n) := \{a_1r_1 + \ldots + a_nr_n: r_j \in R\}\end{aligned} $$

of these elements is an ideal called the ideal generated by a ₁, …, a _n. Clearly I is closed with respect to addition; thus it remains to verify that IR ⊆ I. But this is easy: Since a = a ₁ r ₁ + … + a _n r _n ∈ I, clearly ar = a ₁(r ₁ r) + … + a _n(r _n r) is an element of I.

In our proofs we have to consider ideals generated by infinitely many elements a ₁, a ₂, … These ideals I = (a ₁, a ₂, …) are by definition the set of all finiteR-linear combinations of the elements a _i ∈ I.

Remark

In fields R = K, there are only two different ideals, namely the zero ideal (0) and the unit ideal (1) = R.

Ideals generated by a single element a are called principal ideals. These have the form I = (a) = {ar : r ∈ R}; occasionally, we will write I = aR. Principal ideals (a) consist of all multiples of a.

The transition from elements to principal ideals consists essentially in disregarding units.

Lemma 4.14

For a, b ∈ R, the following assertions are equivalent:

1. 1.

   (a) = (b);

2. 2.

   There is a unit e ∈ R ^×with a = be.

The proof is a simple exercise.

A domain in which each ideal is principal is called a principal ideal domain (PID). Clearly, the ring \(\mathbb {Z}\) of ordinary integers is a PID; in fact, the ideal (a ₁, …, a _n) is generated by the greatest common divisor \(d = \gcd (a_1, \ldots , a_n)\). Not every unique factorization domain is a principal ideal domain; the best known example is the domain \(\mathbb { C}[x,y]\) of polynomials in two variables with complex coefficients; here, (x, y) is not principal, as is easily seen.

Remark

The fact that \(\mathbb {C}[x,y]\) is a unique factorization domain follows from a well-known theorem in algebra: If R is a UFD, then so is the polynomial ring R[y]. Since \(R = \mathbb {C}[x]\) is a UFD (this ring is even Euclidean—see Sect. 4.4), the claim follows.

Now we prove that principal ideal domains have unique factorization.

Theorem 4.15

Principal ideal domains are unique factorization domains.

Proof

Assume that UFD–1 is not satisfied. Then there is an a ₁ ∈ R that cannot be written as a product of irreducible elements (in particular, a ₁ is not irreducible). Thus, a ₁ = a ₂ b ₂ (for non-units a ₂, b ₂ ∈ R ∖ R ^×), where one of the factors, say a ₂, is not a product of irreducible elements. Thus, a ₂ = a ₃ b ₃, etc., and we obtain a chain of elements a ₁, a ₂, a ₃… ∈ R with a ₂∣a ₁, a ₃∣a ₂, …, where a _i and a _i+1 are not associated.

Now consider the ideal I = (a ₁, a ₂, …) generated by the a _i. By assumption, there is an element a ∈ R with I = (a), and thus there exist \(m \in \mathbb {N}\) and r _i ∈ R such that a = r ₁ a ₁ + … + r _m a _m. Since a _m∣a _m−1∣⋯∣a ₁, we have a _m∣a. Since a _m+1 ∈ (a), there is an element r ∈ R such that a _m = ar, i.e., with a∣a _m+1. By construction of the a _i, we have a _m+1∣a _m, and hence a _m and a _m+1 are associated in contradiction to the construction of the a _i.

Now we show that irreducible elements are prime (UFD–2). To this end, let a ∈ R be irreducible, and let x, y ∈ R be given with a∣xy and \(a \nmid x\); then we have to show that a∣y. Now (a, x) = (d) for some d ∈ R; thus d∣a and d∣x. If we had d ∼ a, it would follow that a∣x in contradiction to our assumption. Since a is irreducible, d must be a unit. Thus d ⁻¹ ∈ R, and therefore 1 = d ⁻¹ d ∈ (d) = (a, x), i.e., there exist m, n ∈ R with 1 = ma + nx. Multiplication by y yields y = may + nxy, and since a∣xy, we find a∣y. This is what we wanted to show. □

An important property of principal ideal domains is the fact that they are Bézout domains:² A domain R is called a Bézout domain if for all a, b ∈ R there exists a \(d \sim \gcd (a,b)\) such that d = ar + bs is an R-linear combination of a and b. Principal ideal domains are always Bézout domains: Given a, b ∈ R, we form the ideal I = (a, b); since R is a principal ideal domain, there is an element d ∈ R with (a, b) = (d). We claim that \(d \sim \gcd (a,b)\). In fact, since a ∈ (d), there is a t ∈ R with a = dt; this shows that d∣a, and similarly we find that d∣b, and hence d is a common divisor of a and b. On the other hand, d ∈ (a, b) implies that there are elements r, s ∈ R with d = ar + bs; if e is any common divisor of a and b, then e divides ar + bs = d, and hence d is a greatest common divisor of a and b. Observe that we have proved the Bézout property en passant.

4.4 Euclidean Domains

In his Lectures on number theory [31, p. 20], Dirichlet (actually we do not know how much of this is due to Dedekind) discusses the foundations of elementary number theory and then writes the following:

It is now clear that the whole structure rests on a single foundation, namely the algorithm for finding the greatest common divisor of two numbers. […] any analogous theory, for which there is a similar algorithm for the greatest common divisor, must also have consequences analogous to those in our theory.

In order to show that some domain R is a unique factorization domain, we will at first use the Euclidean algorithm. A function \(f:R \longrightarrow \mathbb {N}_0\) is called a Euclidean function if it has the following properties:

• EA–1. f(a) = 0 if and only if a = 0.

• EA–2. For all a ∈ R and b ∈ R ∖{0}, there exists a c ∈ R such that f(a − bc) < f(b).

If there exists a Euclidean function on R, then R is called a Euclidean domain.

The ring of integers \(\mathbb {Z}\) is Euclidean with respect to the absolute value | ⋅ |. Other examples of Euclidean domains will be given in the Exercises section. The first domain \(R \ne \mathbb {Z}\) that was shown to be Euclidean was the ring \(\mathbb {Q}[X]\) of polynomials with rational (or real) coefficients. The existence of a Euclidean algorithm in this domain was proved by the Dutch mathematician Simon Stevin (1548–1620). Stevin wrote almost a dozen textbooks and helped to popularize the decimal system in Europe.

Theorem 4.16

Euclidean domains are principal ideal domains.

Proof

Let f be a Euclidean function on R, and let A ⊆ R be an ideal in R. Among the elements in A ∖{0}, there is one, say a, for which f is minimal (in fact, the values of f are natural numbers). We claim that A = (a). Since a ∈ A, we clearly have (a) ⊆ A; it remains to prove the reverse inclusion. To this end, take an arbitrary b ∈ A; by EA–2, there is a q ∈ R with f(b − aq) < f(a); since f(a) was chosen minimal on A ∖{0}, we have f(b − aq) = 0, and EA–2 implies that b = aq. Thus b ∈ (a), and since b ∈ A was arbitrary, we even have A ⊆ (a). □

In particular, Euclidean domains have the Bézout property, i.e., given an ideal (a, b), an element \(d \sim \gcd (a,b)\) can be written as d = ar + bs with r, s ∈ R. The advantage of working in a Euclidean ring is that given a, b ∈ R, we can compute the greatest common divisor \(d \sim \gcd (a,b)\) as well as the Bézout elements r and s using the Euclidean algorithm.

To this end, take elements a, b ∈ R ∖{0}; applying the Euclidean algorithm, we find q ₀, r ₁ ∈ R with a − bq ₀ = r ₁ and f(r ₁) < f(b). Similarly, there exist q ₁, r ₂ ∈ R with b − r ₁ q ₁ = r ₂ and f(r ₂) < f(r ₁) (unless we already have r ₁ = 0; in this case, a = bq ₁ and d = b = 0a + 1b, so everything is trivial). Continuing in this way, we find a chain of equations

$$\displaystyle \begin{aligned}\begin{array}{rclrcl} a - bq_0 & = & r_1 & f(r_1) & < & f(b), \\ b - r_1q_1 & = & r_2 & f(r_2) & < & f(r_1), \\ r_1 - r_2q_2 & = & r_3 & f(r_3) & < & f(r_2), \\ & \vdots & & & \vdots & \\ r_{n-2} - r_{n-1}q_{n-1} & = & r_n & f(r_n) & < & f(r_{n-1}) \\ r_{n-1} - r_nq_n & = & r_{n+1} & f(r_{n+1}) & < & f(r_n). \end{array}\end{aligned} $$

Now the natural numbers f(r _j) cannot become arbitrarily small; thus there exists an index \(n \in \mathbb {N}\) with r _n+1 = 0. We then claim that \(r_n \sim \gcd (a,b)\). In fact, it follows from the last row that r _n∣r _n−1, and then the next to last row gives r _n∣r _n−2, and in this way we climb the ladder until we reach r _n∣r ₁, r _n∣b and r _n∣a. Thus r _n is a common divisor of a and b.

Conversely, if d is any common divisor of a and b, then the first row tells us that d∣r ₁, the second d∣r ₂, etc., and eventually we reach d∣r _n. In other words, r _n is a greatest common divisor.

It may be said that the definition of the greatest common divisor is chosen in such a way that the proof of this fundamental result on the Euclidean algorithm becomes essentially trivial.

We obtain the Bézout elements r, s ∈ R as follows: We start with r _n = r _n−2 − r _n−1 q _n−1 and replace the r _j with the maximal index by the linear combination in the preceding row, in our case r _n−1 by r _n−1 = r _n−3 − r _n−2 q _n−2. Now we have written r _n as a linear combination of r _n−2 and r _n−3. Next we replace r _n−2 by r _n−2 = r _n−4 − r _n−3 q _n−3, etc., until we finally have written r _n as an R-linear combination of a and b.

4.4.1 Summary

We have defined the following notions in quadratic number rings:

• divisibility and congruences,

• units and associate elements, and

• primes and irreducible elements.

Among the important results, we have obtained are the following:

• Primes are irreducible; the converse holds in unique factorization domains.

• We have the inclusions Unique Factorization Domains ⊃ Principal ideal domains ⊃ Euclidean domains.

Moreover we know that in unique factorization domains, there exist greatest common divisors \(d = \gcd (a, b)\); in principal ideal domains, there exist Bézout elements: We can write the greatest common divisor as a \(\mathbb {Z}\)-linear combination of a and b: d = am + bn. Finally, in Euclidean domains, we have an algorithm for computing greatest common divisors as well as Bézout elements.

4.5 Exercises

1. 4.1.

   In the ring \(R = \mathbb {Z}[x]\) of polynomials, show that x∣f(x) for some f ∈ R if and only if f(0) = 0. Show more generally that (x − a)∣f(x) if and only if f(a) = 0.

   Show that these properties continue to hold in polynomial rings R = K[x] over fields K. What about polynomial rings over domains or arbitrary rings?

2. 4.2.

   Show that (1.12) is also a counterexample to the Four Numbers Theorem in \(\mathbb {Z}[\sqrt {-5}\,]\), whereas (1.11) is compatible with the Four Numbers Theorem in \(\mathbb {Z}[\sqrt {-2}\,]\).

3. 4.3.

   Let R be a domain. Consider the set S of pairs (p, q) and define an equivalence relation on S by (p, q) ∼ (r, s) if and only if ps = qr. On the set K of equivalence classes, define addition and multiplication via

   • (p, q) + (r, s) = (ps + qr, qs);

   • (p, q) ⋅ (r, s) = (pr, qs).

   Show that this is well defined and that it makes K into a field with neutral elements (0, 1) for addition and (1, 1) for multiplication.

   Show that the map ι : R→K : r → (r, 1) is an injective ring homomorphism. The field K is called the quotient field of R, and we may regard R as a subring of K via the embedding ι.

4. 4.4.

   Let R ⊆ S be domains, and let a, b, m ∈ R. Does a ≡ b mod m in R imply the same congruence in S? Is the converse true?

5. 4.5.

   Each fraction in \(\mathbb {Q}\) can be reduced to lowest terms in a unique way; in \(\mathbb {Z}[\sqrt {-5}\,]\), on the other hand, \( \frac {1 + \sqrt {-5}}{2} = \frac {3}{1 - \sqrt {-5}}, \) and both fractions are reduced to lowest terms. Find more such examples.

6. 4.6.

   Let \(\alpha , \beta \in \mathcal O_k\); show that α∣Nα. If moreover α∣β, then Nα∣Nβ (even in \(\mathbb {Z}\)).

7. 4.7.

   Show that if \(\sqrt {-2} \mid y\) in \(\mathbb {Z}[\sqrt {-2}]\) for some \(y \in \mathbb {Z}\), then 2∣y.

   Show more generally that \(\sqrt {m} \mid y\), where m is squarefree, always implies that m∣y.

   Find a counterexample to the claim that α∣y always implies Nα∣y.

8. 4.8.

   Show that a + bi ≡ a + b mod (1 + i) in \(\mathbb {Z}[i]\).

9. 4.9.

   Prove Proposition 4.1.

10. 4.10.

    Prove Proposition 4.3.

11. 4.11.

    Show that a∣b in \(\mathbb {Z}\) implies a∣b in the ring of integers \(\mathcal O_k\) in a quadratic number field k.

12. 4.12.

    Show that the set of units R ^× in some ring R is a group with respect to multiplication.

13. 4.13.

    Show that if R = K is a field, then K ^× = K ∖{0}.

14. 4.14.

    If R is a domain and R[X] the ring of polynomials in one variable X with coefficients from R, then R[X]^× = R ^×, that is, the units in this polynomial ring are all constant.

    Show, on the other hand, that the polynomial 2X + 1 in \((\mathbb { Z}/4\mathbb {Z})[X]\) is a unit.

15. 4.15.

    Show that the unit groups of the domains \(R = \mathbb { Z}[\sqrt {m}\,]\) for m < −1 are given by R ^× = {−1, +1}.

16. 4.16.

    Let \(\mathcal O_k\) be the ring of integers in a quadratic number field k, and let \(E_k = \mathcal O_k^\times \) be its unit group. Show that E _k is a \(\mbox{Gal}\,(k/\mathbb {Q})\)-module (see Exercise 2.16).

17. 4.17.

    Show: If R is a domain containing \(\mathbb {Z}\), and if π is prime in R, then the smallest natural number divisible by π in R is a prime number.

18. 4.18.

    Show that Nα = 1 for \(\alpha = \frac {1+2i}{1-2i} \in \mathbb {Q}(i)\), but that α is not a unit in \(\mathbb {Z}[i]\). Construct infinitely many such examples.

19. 4.19.

    Show that \(\mathbb {Z}\) is Euclidean with respect to the absolute value.

20. 4.20.

    Show that the polynomial ring K[x], where K is a field, is Euclidean with respect to f(a) = 2^{deg a}, where deg a denotes the degree of a ∈ K[x], and where we have set deg 0 = −∞ in order to have 2^{deg 0} = 2^−∞ = 0.

21. 4.21.

    Discuss the examples \(2 \cdot 3 = - \sqrt {-6} \cdot \sqrt {-6}\) in \(\mathbb { Z}[\sqrt {-6}\,]\), \(2 \cdot 3 = \sqrt {6} \cdot \sqrt {6}\) in \(\mathbb {Z}[\sqrt {6}\,]\), and \(2 \cdot 7 = (2 + \sqrt {-10})(2 - \sqrt {-10})\) in \(\mathbb { Z}[\sqrt {10}\,]\) as in (1.12).

22. 4.22.

    Consider the quadratic number field \(k = \mathbb { Q}(\sqrt {m})\); which of the rational prime numbers p ∈{2, 3, 5} in \(\mathcal O_k\) with m ∈{−5, −3, −2, −1, 2, 3, 5} are irreducible and which are not?

23. 4.23.

    Show that elements \(\pi \in \mathcal O_k\) are irreducible if Nπ is a rational prime.

24. 4.24.

    Let R be a unique factorization domain. Show:

    1. a.

       \(\gcd (a^2,b^2) = (\gcd (a,b))^2\) for all a, b ∈ R.

    2. b.

       If \(\gcd (a,b) = 1\), then \(\gcd (a^2,b) = 1\).

    3. c.

       \(\gcd (a+b,b) = \gcd (a,b)\).

    4. d.

       \(\gcd (ra,rb) = r\gcd (a,b)\).

25. 4.25.

    Show that the elements \(a = 1+\sqrt {-5}\) and \(b = 1 - \sqrt {-5}\) do not have a common divisor except ± 1, but that 2 is a common divisor of a ² and b ².

26. 4.26.

    Let S be the domain you obtain by adjoining the element \(\omega = \frac 12(1+\sqrt {-5})\) to \(R = \mathbb {Z}[\sqrt {-5}\,]\). Show that \(S = R[\frac 12]\) and \(S \cap \mathbb {Q} = \mathbb { Z}[\frac 12]\).

    Show moreover that the decomposition (1.12) is not an example for nonunique factorization into irreducible elements because \( 3 = \frac 12 (1-\sqrt {-5})(1+\sqrt {-5}) \) is a factorization of 3 into the unit \(\frac 12\) and the two irreducible (and even prime) elements \(1 \pm \sqrt {-5}\). Explain the equation \(3 \cdot 3 = (2-\sqrt {-5})(2+\sqrt {-5})\) by giving a factorization into irreducible elements.

27. 4.27.

    Solve the Diophantine equation x ² + 5y ² = z ² by setting \(x + y\sqrt {-5} = (r + s \sqrt {-5})^2\) as Euler did, and show that the resulting parametrization x = r ² − 5s ², y = 2rs does not yield all integral solutions of the equation.

    Use the domain \(S = \mathbb {Z}[\sqrt {-5}, \frac 12]\) from the preceding exercise for obtaining a complete parametrization of the solutions.

28. 4.28.

    Prove Corollary 4.13. Hint: Try to obtain a = pa ₁ and b = p ⁿ⁻¹ b ₁, and then apply Proposition 4.12 to a ₁ and b ₁.

29. 4.29.

    Determine all integral points on the elliptic curve 4y ² = x ³ + 1, i.e., all pairs \((x,y) \in \mathbb {Z} \times \mathbb { Z}\) satisfying this equation.

30. 4.30.

    Find all ring homomorphisms κ from \(\mathbb {Z}[\sqrt {-5}\,]\) to \(\mathbb {Z}/2\mathbb {Z}\), \(\mathbb {Z}/3\mathbb {Z}\) and \(\mathbb { Z}/5\mathbb {Z}\), and determine their kernels.

31. 4.31.

    Show that the even integers \(2\mathbb {Z}\) form an ideal in \(\mathbb {Z}\). More generally, the sets \(m\mathbb {Z}\) for arbitrary \(m \in \mathbb {Z}\) are ideals in \(\mathbb {Z}\).

32. 4.32.

    Let (a) and (b) be principal ideals in some domain R. Show that a∣b if and only if (a) ⊇ (b). Show moreover that this implies the equivalence of the following assertions:

    1. a.

       (a) = (b);

    2. b.

       a∣b and b∣a;

    3. c.

       a = be for some unit e ∈ R ^×.

33. 4.33.

    Show that the set

    

    is a subring of \(R = M_2(\mathbb {Z})\), the ring of all 2 × 2-matrices with entries from \(\mathbb {Z}\) (this ring is neither commutative nor a domain since it contains zero divisors), but that T is not an ideal in R. Hint: Consider the product of the identity matrix with a lower triangular matrix such as .

34. 4.34.

    Let R ⊆ S be domains. Show that I ∩ R is an ideal in R if I is an ideal in S.

35. 4.35.

    If I is a nonzero ideal in the ring of integers \(\mathcal O_k\) of a quadratic number field k, then I contains a natural number ≠0. (Hint: Take the norm). Show that, on the other hand, the ideal (X) in the polynomial rings \(\mathbb {Z}[X]\) and \(\mathbb { Q}[X]\) does not contain any natural number ≠0.

36. 4.36.

    Show that the polynomial ring \(\mathbb {Z}[x]\) admits a lot more homomorphisms into simpler rings than the rings of integers \(\mathcal O_k\); show in particular that the reductions π _p modulo p and π _x modulo x yield the following commutative diagram:

    
37. 4.37.

    Let k be a quadratic number field. Show that \(\mathbb {Z}\) is a subring of \(\mathcal O_k\), but not an ideal in \(\mathcal O_k\).

38. 4.38.

    Show that the set \(2\mathbb {Z} + \sqrt {2}\,\mathbb {Z}\) is an ideal in \(\mathbb {Z}[\sqrt {2}\,]\) consisting of the multiples of \(\sqrt {2}\). Show moreover that \(\mathbb {Z} + 2\sqrt {2}\,\mathbb {Z}\) is a subring of \(\mathbb { Z}[\sqrt {2}\,]\), but not an ideal.

39. 4.39.

    An order \(\mathcal O\) in some quadratic number field is a subring of \(\mathcal O_k\) that properly contains \(\mathbb {Z}\). Consider the set \( \mathcal F = \{f \in \mathbb {Z}: f \omega \in \mathcal O \text{ for all } \omega \in \mathcal O_k\}. \) Show that \(\mathcal F\) is an ideal in \(\mathbb {Z}\); the generator f > 0 of this ideal \(\mathcal F = (f)\) is called the conductor of the order \(\mathcal O\). Show that the maximal order \(\mathcal O_k\) has conductor 1.

40. 4.40.

    Show that \(\gcd (2,x) = 1\) in the unique factorization domain \(\mathbb {Z}[x]\) and that there do not exist associated Bézout elements, i.e., that there do not exist polynomials \(p, q \in \mathbb {Z}[x]\) with 2p(x) + xq(x) = 1.

    Is (2, x) a principal ideal in \(\mathbb {Z}[x]\) or in \(\mathbb {Q}[x]\)?

41. 4.41.

    Find ideals in \(\mathbb {Z}[\sqrt {-6}\,]\), \(\mathbb { Z}[\sqrt {-10}\,]\), and \(\mathbb {Z}[\sqrt {10}\,]\) that are not principal.

42. 4.42.

    Let R be the domain of all algebraic integers. Show that 2 does not possess a factorization into irreducible elements. Also show that the ideal \((2,\sqrt {2},\sqrt [4]{2},\sqrt [8]{2}, \ldots )\) is not principal in R and that it is not even finitely generated (this means that it is not generated by finitely many elements, i.e., it does not have the form (a ₁, …, a _n) for suitable elements a _j ∈ R).

43. 4.43.

    Let R be a domain containing \(\mathbb {Z}\) (for example, \(R = \mathcal O_k\)). Show that if \(a,b \in \mathbb {Z}\) are coprime in \(\mathbb {Z}\), then they are also coprime in R. (Hint: Bézout).

44. 4.44.

    Compute the Bézout elements for \(\gcd (21, 15)\) in \(\mathbb { Z}\).

45. 4.45.

    For n ≥ 3, compute the greatest common divisor of the polynomials x ⁿ + x ² − 2 and x ² − 1 in \(\mathbb {Z}[x]\) (the result will depend on n). How can the result that x − 1 is always a common divisor be verified in advance?

46. 4.46.

    Let \(\alpha , \beta \in \mathcal O_k\) and (Nα, Nβ) = 1 in \(\mathbb {Z}\). Then \(\gcd (\alpha ,\beta ) \sim 1\) in \(\mathcal O_k\) even if \(\mathcal O_k\) is not a unique factorization domain.

47. 4.47.

    Bézout elements can be used for inverting residue classes. Assume for example that a and m are coprime integers; show how to find the inverse of the residue class a mod m in \((\mathbb {Z}/m\mathbb { Z})^\times \) (i.e., the element \(b \in \mathbb {Z}\) such that ab ≡ 1 mod m). Compute \(\frac 12 \bmod 21\) and \(\frac 15 \bmod 33\).

48. 4.48.

    Study the equation y ² = x ³ + 9 in integers.

49. 4.49.

    Use the factorization (y − k)(y + k) = x ³ to deduce results on the integral solutions of the Diophantine equation y ² = x ³ + k ² for a fixed integer k. This is more of an open problem than an exercise. Do not despair if you cannot find a complete solution (and look for an error if you do).

50. 4.50.

    For integers k, study the Diophantine equation y ² = x ³ − k ². You should be able to prove that this equation is solvable for k = b(3a ² − b ²) or k = 2(a ³ + 3a ² b − 3ab ² − b ³). For k = 88, there are two different representations k = b(3a ² − b ²), and hence there are at least two solutions of the equation also y ² = x ³ − k ² in this case. Can the number of solutions become arbitrarily large?

51. 4.51.

    Solve the Diophantine equation (1 + 8i)x + (5 + 4i)y = 1 in \(\mathbb {Z}[i]\).