Chapter IV: Constructing number fields

4.1 Preliminaries

LetKandK⁰be relative number fields over a number fieldK0. We say an embedding (resp. isomorphism)τ :K →K⁰is an embedding (resp. isomorphism)overK₀ if τ isK₀-linear, i.e.,τ(ax) = aτ(x)for alla ∈K₀ andx∈K. By choosingx = 1, we see that this is equivalent toτ(a) = afor alla ∈ K₀. We writeK ∼=K0 K⁰ for the statement thatKis isomorphic toK⁰ overK₀.

(K₀, g)-subfield systems and the associated subgroup systems. We generalize the notion of(Q, g)-subfield systems (Definition 3.3) and the associated subgroup systems (Definition 3.4) as follows:

Definition 4.1 ((K₀, g)-subfield system). Let K₀ be a number field. Let g(X) be a polynomial in K₀[X] with the splitting field L over K₀. LetF be a collection of relative number fields over K₀ such that (1) the fields in F are mutually non- isomorphic overK₀, and (2) each fieldK⁰ ∈ F is isomorphic to a subfield ofLover K₀. We sayF is a(K₀, g)-subfield system.

Definition 4.2. Letg(X)be a polynomial inK₀[X]with the splitting field Lover K₀. LetF be a(K₀, g)-subfield system. DefineP^]to be the poset of subfields ofL that includes all the fields isomorphic to those inF overK₀:

P^] :={K⁰ ⊆L:K⁰ ∼=K0 K for someK ∈ F }.

By Galois theory, it corresponds to a posetP of subgroups ofGal(g/K₀), given by P :=

H ⊆Gal(g/K₀) :L^H ∈ P^] ,

which is closed under conjugation in Gal(g/K0), and hence is a subgroup system overGal(g/K₀). We sayP andP^]areassociated withF.

The complexity of a subgroup system. The size of a(K₀, g)-subfield systemF is primarily controlled by the total degree of the fields inF overK₀, which is the number of coefficients in K₀ we need to maintain. We relate this quantity to the complexityof a subgroup system, defined as follows.

Definition 4.3(complexity of a subgroup system). SupposeP is a subgroup system over a finite groupG. ThenGacts onP by conjugation, i.e.,g ∈ GsendsH ∈ P togHg⁻¹ ∈ P. Let P₀ ⊆ P be a complete set of representatives of the G-orbits under this action. Define thecomplexityofP to be

c(P) := X

H∈P₀

[G:H].

As conjugate subgroups have the same order, the complexityc(P)is well defined.

And we have

Lemma 4.1. For a(K₀, g)-subfield systemF, the total degree of the fields inFover K₀ equalsc(P), whereP is the subgroup system associated withF.

Proof. Conjugate subgroups correspond to conjugate subfields under the Galois correspondence. So forK ∈ F there exists a unique subgroupH ∈ P₀ satisfying L^H ∼=K0 K. And the mapK 7→H is a one-to-one correspondence betweenF and P₀. Finally note that[K :K₀] = [G:H]forHcorresponding toK.

The following lemma bounds the complexity of a system of stabilizers.

Lemma 4.2. Let G be a finite group acting on a finite set S. Let m ∈ N⁺ and m⁰ = min{|S|, m}. LetP be the system of stabilizers of depth m⁰ with respect to the action ofGonS. Then

c(P)≤

m⁰

X

k=1 k

Y

i=1

(|S| −i) = O

|S|^m0 .

Proof. Replacingmwithm⁰does not changeP. So we may assumem =m⁰ ≤ |S|. When|S| ≥2, we have

m

X

k=1 k−1

Y

i=0

(|S| −i)≤

m

X

k=1

|S|^k =O(|S|^m).

The same holds trivially when|S|= 1. Next we provec(P)≤Pm

k=1

Qk

i=1(|S| −i). LetP0 ⊆ P be as in Definition 4.3. It suffices to find an injective map

τ : a

H∈P₀

H\G ,→

m

a

k=1

S^(k),

since the cardinality of`

H∈P0H\Gisc(P), whereas the cardinality of`m k=1S^(k) isPm

k=1

Qk

i=1(|S| −i).

For each k ∈ [m], the group G acts diagonally on S^(k). For each H ∈ P₀, we pickk = k(H)≤ m andx =x(H) ∈ S^(k) such thatH = G_x with respect to the diagonal action. By Lemma 2.1, we have an injective map H\G → S^(k) whose image is the G-orbit of x. These maps altogether give the map τ. To show τ is injective, it suffices to show that for different H, H⁰ ∈ P₀, the coset spacesH\G andH⁰\G are mapped to differentG-orbits. Assume to the contrary that they are mapped to the the sameG-orbitO. Sox(H), x(H⁰)∈O. Thenk(H) =k(H⁰)and x(H⁰) =^g(x(H))for someg ∈G. But then we have

H⁰ =G_x(H⁰₎=G^g_x(H)=gG_x(H)g⁻¹ =gHg⁻¹, which is a contradiction to the choice ofP₀. Soτ is injective.

Algebraic numbers. The fields in a (K₀, g)-subfield system F are encoded by polynomials in K₀[X]. So to bound the size of F, we also need to bound the size of the coefficients of these polynomials, which are algebraic numbers inK₀. This is closely related to the following definition, introduced in [WR76].

Definition 4.4. For an algebraic numberα, definekαkto be the greatest absolute value ofi(α)∈Cwhereiranges over the embeddings ofQ(α)inC.2

For algebraic numbersα, β, we clearly havekα+βk ≤ kαk+kβkandkα·βk ≤ kαk · kβk.

The following lemma relates the size of an algebraic number α ∈ K₀ (i.e., the number of bits used to encodeαinK₀) tokαk.

Lemma 4.3. SupposeK₀is a number field encoded by a polynomialh(X)∈Q[X]

irreducible overQof degreenand sizes₀. Let αbe an algebraic number inK₀ of sizes. LetDbe the smallest positive integer such thatDα is an algebraic integer.

Thensis polynomial inlogkαk, logDands₀. Conversely,logkαkandlogDare polynomial insands₀.

Proof. Suppose h(X) = Pn

i=0ciXi where n = deg(h) and ci ∈ Q for all i. By substituting X with X/k for some large enough k ∈ N⁺ and clearing the denominators, we may assumeh(X) ∈Z[X]andc_n = 1. Both the encoding ofh and that ofαuse at leastncoefficients inQ. So we haves, s₀ ≥n.

The algebraic number α ∈ K₀ is encoded by the constants d₀, . . . , dn−1 ∈ Q satisfying

α=

n−1

X

i=0

d_iβⁱ, (4.1)

whereβ is a root of hinK₀. So we havekαk ≤ Pn−1

i=0 |d_i|kβkⁱ. It was shown in [WR76] thatkβk ≤Pn−1

i=0 |c_i|. And we clearly havelog|c_i| ≤ s₀ andlog|d_i| ≤ s for0≤i≤n−1. It follows thatlogkαkis polynomial insands₀.

LetD⁰ ∈ N⁺be the least common multiple of the denominators ofd_i. Ash(X)∈ Z[X]andc_n = 1, we knowβis an algebraic integer. ThenD⁰αis also an algebraic integer by (4.1). So Dis bounded byD⁰. It follows thatlogDis polynomial in s ands0. Then the second claim of the lemma is proved.

For the first claim, it suffices to show that the size of eachd_iis polynomial inlogkαk, logDands₀. This follows from [WR76, Section 7 and Lemma 8.3].

The following lemma relates the size of the minimal polynomial of an algebraic numberαover a number fieldK₀ tokαk.

2kαkis called the size ofαin [WR76]. We reserve the termsize(of an object) for the number of bits used to encode an object in an algorithm.

Lemma 4.4. Suppose K₀ is a number field encoded by a rational polynomial irreducible overQof sizes₀ (lets₀ = 1ifK₀ =Q). Letαbe an algebraic number, and letDbe the smallest positive integer such thatDαis an algebraic integer. Let h(X) ∈ K₀[X]be the minimal polynomial of α whose size iss and degree is n.

Thens is polynomial in logkαk, logD, s₀ andn. Conversely, logkαkandlogD are polynomial insands₀.

Proof. We clearly have n ≤ s. Supposeh(X) = Pn

i=0c_iXⁱ, wherec_i ∈ K₀ and c_n = 1. It was as shown in [WR76] that kαk ≤ Pn−1

i=0 kc_ik. It follows from Lemma 4.3 thatlogkαkis polynomial insands₀.

Note that for sufficiently largek ∈N⁺that is polynomial insands₀, the coefficients of the polynomial kⁿh(X/k) are all algebraic integers. It follows that kα is an algebraic integer (cf. [AM69, Corollary 5.4]). SoDis bounded bykand hence is polynomial insands₀. Then the second claim of the lemma is proved.

For the first claim, we may assumeαis an algebraic integer by replacingαwithDα andc_i withDⁿ⁻ⁱc_i. Then any conjugateα⁰ ofαoverQis also an algebraic integer, andkα⁰k=kαk. For0≤i≤n−1, the coefficientciofhis (up to sign) given by theith elementary symmetric polynomial in a subset of conjugates ofα overQ. It follows from Lemma4.3that the size of eachc_i is polynomial inlogkαk,logD,s₀ andn. Sosis polynomial inlogkαk,logD,s₀ andnas well.

Finding a primitive element over Q. Suppose K₀ = Q(α) is a number field encoded by the minimal polynomial of a primitive elementαoverQ, andK =K₀(β) is a relative number field overK₀, encoded by the minimal polynomial of a primitive elementβoverK₀. We would like to representKdirectly in the formQ(γ), encoded by the minimal polynomial of a primitive element γ over Q. The first step is to find such an elementγ, which can be achieved using a constructive version of the primitive element theorem (see, e.g., [Wae91]). For completeness, we give the details as follows.

Lemma 4.5. SupposeK₀ is a number field and α, β are algebraic numbers. Let d = [K₀(α, β) : K₀]. Thenkα+β is a primitive element ofK₀(α, β)overK₀ for some integerk∈[1, d+ 1].

Proof. Consider a “bad” nonzero integerkfor whichK₀(kα+β)is a proper subfield ofK0(α, β). LetLbe the Galois closure ofK0(α, β)/K0. Then by the fundamental

theorem of Galois theory, there exists an automorphismφofLfixingK₀(kα+β) but not K₀(α, β). Then either φ(α) 6= α or φ(β) 6= β. As φ fixes kα+β, we have kφ(α) +φ(β) = φ(kα+β) = kα+β, from which we see that actually φ(α) 6= α and φ(β) 6= β both hold. Then k is determined by φ(α) andφ(β)via k = (φ(β)−β)/(α−φ(α)). So the number of bad choices of k is bounded by the number of(φ(α), φ(β))whereφranges over the automorphisms ofLfixingK₀. The later is the cardinality of the orbit of(α, β)under the action ofGal(L/K₀). By the orbit-stabilizer theorem, it equals

[Gal(L/K0) : Gal(L/K0(α, β))] = [K0(α, β) :K0] =d.

So there are at mostdbad choices ofk. The lemma follows since[1, d+ 1]contains more thandintegers.

This gives an efficient algorithm of finding a primitive element overQ:

Lemma 4.6. There exists a polynomial-time algorithm that given a number fieldK0

and a relative number fieldK overK0, find a primitive elementγ ofK overQand its minimal polynomialh(X)∈Q[X]overQ.

Proof. SupposeK₀ is encoded by a polynomialg(X)∈ Q[X]irreducible overQ, andK is encoded by a polynomialg⁰(X) ∈ K₀[X]irreducible overK₀. Then we are explicitly given a rootαofg(X)and a rootβofg⁰(X)inK, andK =Q(α, β). Enumerate the integersk ∈[1, d+ 1], whered= [K :Q]. For eachk, we compute γ =kα+β ∈K, and then compute its minimal polynomialh(X)∈Q[X]overQ by solving linear equations overQ. This step runs in polynomial time by Lemma 4.4.

Outputγandhwheneverdeg(h) = [K :Q]. By Lemma 4.5, a primitive elementγ is guaranteed to be found.

By computing a primitive element overQ, we can efficiently turn a relative number field into an ordinary number field:

Corollary 4.1. There exists a polynomial-time algorithm that given a number field K0 and a relative number fieldK overK0, computes an ordinary number fieldK⁰, a Q-basisB of K, and an isomorphismφ : K → K⁰ encoded by φ(x) ∈ K⁰ for x∈B.

Proof. Find a primitive element γ of K over Q and its minimal polynomial h(X) ∈ Q[X] over Q using Lemma 4.6. Compute K⁰ := Q[X]/(h(X)) and B = {1, γ, γ², . . . , γ^d−1}, where d = [K : Q]. Then compute the isomorphism φ:K →K⁰, which sendsγⁱ toXⁱ+ (h(X))fori= 0,1, . . . , d−1.

As an application, we generalize Lemma 3.10 to obtain an efficient algorithm that computes embeddings of relative number fields over a given number field.

Lemma 4.7. There exists a polynomial-time algorithm ComputeRelEmbeddings that given a number fieldK₀and relative number fieldsKandK⁰overK₀, computes all the embeddings ofK inK⁰overK₀.

Proof. IdentifyKandK⁰with ordinary number fields using Corollary 4.1. Run the algorithmComputeEmbeddingsin Lemma 3.10 to compute all the embeddings of K inK⁰, and ignore those not fixingK₀.