Kato, Kurokawa, Saito - Number Theory I. Fermat's Dream S

Translations of
M&THEMATICAL
MONOGRAPHS
Volume 186
Number Theory 1
Fermat’s Dream
Kazuya Kato
Nobushige Kurokawa
Takeshi Saito
Translated by
Masato Kuwata
lallalllllllllllllllllllllllllllllllllllllllllll
FUDAN BOO12090492443 B '!$
American Mathematical Society

Providence, Rhode Ilsand
Contents
Preface ix
Preface to the English Edition xi

. ..
Objectives and Outline of these Books x111
Notation xv
Chapter 0. Introduction
- Fermat and Number Theory ~
0.1. Before Fermat
0.2. Prime numbers and the sum of two squares
0.3. p = x2 + 2y2, p = x2 + 3y2,. . .
0.4. Pell’s equations
0.5. Triangular numbers, quadrangular numbers, pentagonal
numbers 8
0.6. Triangular numbers, squares, cubes 10
0.7. Right triangles and elliptic curves 11
0.8. Fermat’s Last Theorem 12
Exercises 14
Chapter 1. Rational Points on Elliptic Curves 17

1.1. Fermat and elliptic curves 17
1.2. Group structure of an elliptic curve 25
1.3. Mordell’s theorem 30
Summary 43
Exercises 43
Chapter 2. Conies and padic Numbers 45

2.1. Conies 45
2.2. Congruence 49
2.3. Conies and quadratic residue symbols 53
2.4. p-adic number fields 58
vii
“Ill CONTENTS
2.5. Multiplicative structure of the p-adic number field 69

2.6. Rational points on tonics 74
Summary 78
Exercises 78
Chapter 3. < 81
3.1. Three wonders of the values of the < function 81
3.2. Values at positive integers 84
3.3. Values at negative integers 89
Summary 99
Exercises 100
Chapter 4. Algebraic Number Theory 103

4.1. Method of algebraic number theory 104
4.2. The heart of algebraic number theory 113
4.3. The class number formula
for imaginary quadratic fields 124
4.4. Fermat’s Last Theorem and Kummer 127
Summary 132
Exercises 132
Appendix A. Rudiments on Dedekind domains 135

A.l. Definition of a Dedekind domain 135
A.2. Fractional ideal 136
Answers to Questions 139
Answers to Exercises 145
Index 153
Preface
This book was written in 1996, two hundred years after 1796,
which was a very fruitful year for the great Gauss, who made many
fundamental contributions to modern number theory. Gauss was in
his late teens at the time. On March 30 he discovered a method of
construction of a regular 17-gon. On April 8 he proved the quadratic
reciprocity law (see $2.2 in this volume), which he himself called a
gem. On May 31 he conjectured what would later be called “the prime
number theorem” concerning the distribution of prime numbers. On
July 10 he proved that any natural number can be expressed as a
sum of at most three triangular numbers (see 50.5). On October 1
he obtained a result on the number of solutions for an equation with
coefficients in a finite field, which had a great impact on mathematics
in later eras. All these contributions are discussed in these volumes,
Number Theory 1, 2, 3.
One, two, three, four.. . as naive as it is, the world of numbers
encompasses many wonders that fascinated young Gauss. A discov-
ery in one epoch induces a more profound discovery by the following
generation. A hundred years later, in 1896, the prime number theo-
rem was proved. After some 120 years, the quadratic reciprocity law
had grown into the class field theory. After 150 years, Andre Weil,
who had examined Gauss’s result of October 1, proposed the so-called
Weil conjectures. These conjectures influenced a great deal of alge-
braic geometry in the twentieth century. The brilliance of the gems
polished by Gauss has increased through the efforts of the mathemati-
cians of following generations. It is said that there is no unexplored
place on the earth any longer, but the world of numbers is still full of
mysteries. That makes us think of the profoundness and richness of
nature.
Wandering naively in the wonderland of numbers, we would like
to describe in this book the intricate world of numbers that modern
x PREFACE
number theory has discoverd. We will be very happy if the reader

discovers the wonders of numbers and the grandeur of nature.
Kazuya Kato, Nobushige Kurokawa, Takeshi Saito

Preface to the English Edition
The authors hope that the readers enjoy the wonderful world of
modern number theory through the book.
Our special thanks are due to Dr. Masato Kuwata, who not only
translated the Japanese edition into English but also suggested many
improvements on the text so that the present English edition is more
readable than the original Japanese edition.
xi
Objectives and Outline of these Books
In thses books, Number Theory 1, 2, 3, we introduce core theories

in modern number theory, such as class field theory, Iwasawa theory,
the theory of modular forms, etc. The structure of this book is as
follows.
The starting point of number theory is astonishment at the won-
ders of numbers. The work of Fermat, who is considered to be a
founding father of modern number theory, illustrates very well the
wonder of numbers. We first discuss the work of Fermat on number
theory in the introduction to Number Theory 1. The reader will learn
how mathematicians of later eras little by little found a fascinating
world behind each fact discovered by Fermat. In Number Theory 1
we study some important topics in modern number theory, such as el-
liptic curves (Chapter l), p-adic numbers (Chapter 2), the C-function
(Chapter 3)) and number fields (Chapter 4). These chapters are more
or less independent; the material in the earlier chapters is not neces-
sary to understand each succeeding chapter. Chapters 2 and 3 may
be easier to read than Chapter 1. The reader should not hesitate to
skip parts that are difficult to understand.
Number Theory 2 is devoted to class field theory. We also study
the <-function once again. In Number Theory 3 we explain Iwasawa
theory and the theory of modular forms, before coming back to elliptic
curves once again.
These books are part of the series Fundamentals of Modern Math-
ematics, but we were not satisfied with the introduction of fundamen-
tals. We tried to include today’s developments in number theory. For
example, we included some important theories developed in recent
years, such as the arithemetic theory of elliptic curves, which is part
of arithmetic algebraic geometry, and Iwasawa theory, to which we
did not find an introduction elsewhere. We hope that we convey the
best of modern number theory.
Xl,,
xiv OBJECTIVES AND OUTLINE OF THESE BOOKS
We wanted to include more topics, but we had to omit many of

them due to the limitation on the number of pages. We regret that we
could not mention Diophantine approximations and transcendental
number theory, both of which are seeing new developments in recent
years.
Prerequisites to Number Theory 1 are the fundamentals of groups,
rings and fields. In Number Theory 2 we recommend that the reader
be familiar with Galois theory.
The reader is advised to write down simple and easy examples on
scratch paper. Just as astronomical observations are indispensable
to the study of astronomy, it is indispensable to observe the numbers
in order to study number theory. The wonders are there to be dis-
covered. Also, number theory has a long history, which teaches us
interesting lessons. We advise you to take an interest in the history
of mathematics.
Notation
Throughout the book we use the following symbols:
Z the set of all integers

Q the set of all rational numbers
lR the set of all real numbers
C the set of all complex numbers
A ring is always assumed to have an identity element (written l),

and a homomorphism of rings is assumed to send 1 to 1.
If A is a ring, AX denotes the group of invertible elements of A.
In particular, if A is a field, AX is the multiplicative group consisting
of all the nonzero elements of A.
CHAPTER 0
Introduction
-- Fermat and Number Theory
In September 1994 Andrew Wiles proved Fermat’s Last Theorem,

which states:
“For n greater than or equal to 3, there exist no
natural numbers x, y, z satisfying the equation
xn + yn = Zn.”
Fermat’s Last Theorem had resisted a proof for more than 350 years.
Fermat (1601-65) wrote his “Last Theorem” around 1630 in the
margin of a book he owned. Fermat also left a phrase (‘1 found a
remarkable proof for this fact, but this margin is too narrow to write
it down.” In spite of the efforts of many people, the proof has not
been discovered.
In this chapter we focus on Fermat, who is considered to be a
“founder of modern number theory”. We review his work on number
theory, and see how his work has been developed and extended in
later eras. We introduce our treatment of Fermat’s work in this book
from a modern viewpoint.
0.1. Before Fermat

Fermat wrote down his “Last Theorem” in the margin of his copy
of Arithmetica by Diophantus, an ancient Greek mathematician. It
was on the page where the positive integral solutions of the equa-
tion x2 + y2 = z2 were discussed. Fermat replaced the power of the
equation by 3,4,5, . . . .
There are many positive integral solutions to x2 + y2 = ,z2, such
as
32 + 42 = 52, 52 + 122 = 132, 82 + 152 = 172

\D
2 0. INTRODUCTION
5 / 4
13
12
17
15
4Lll 3 5’
/
FIGURE 0.1. Pythagorean Theorem

a
(see92.1). By the Pythagorean Theorem, such a solution corresponds

to the three sides of a right triangle as we see in Figure 0.1. As a
result, this equation has been studied since ancient times. In the
middle of this century archaeologists succeeded in deciphering the
writings on a plate found at an ancient Babylonian site of 4000 years
ago. On it were inscribed many solutions to z2 + y2 = z2, such as
11g2 + 1202 = 16g2.
The author of this plate apparently knew how to find such x, y and
Z.
In ancient Greece many superb mathematicians emerged, and
Pythagoras (572-492 B.C.) is among them. The theorem is named for
Pythagoras because he is considered to be the first to prove it. Some
people consider Pythagoras to be the originator of number theory. He
was fascinated by the mystery of numbers, and he said “Everything
is a number.” Pythagoras found that two chords whose length have
an integer ratio give a beautiful harmony, and he invented a musi-
cal scale. He attached great importance to integer ratios, but he is
considered to be the first one to find the existence of irrational num-
bers, namely numbers which cannot be expressed as the ratio of two
integers.
Rational numbers, which can be expressed as the ratio of two
integers, seemto be tightly packed in the line formed by real numbers,
but there are numbers such as & which are not rational numbers.
This fact cannot be seen by the naked eye. We are capable of seeing
it through the method known as “proof”, which was invented by the
ancient Greeks. Pythagoras was astonished by the proved existence
of an irrational number. He proved it by himself, but he agonized over
the interpretation of this fact. (Pythagoras thought that the existence
0.1. BEFORE FERMAT 3
of an irrational number was an error of the gods. So, he prohibited

his disciples from telling this fact to anyone else. Legend has it that
a disciple broke the ban, and then lost his life in a shipwreck because
of the anger of the gods.)
Euclid’s Elements, which was written in the third century B.C.,
is a compilation of ancient Greek mathematics. It includes a proof
of the existence of infinitely many prime numbers, and it discusses
greatest common divisors and least common multiples (volumes 7
and 9 in the thirteen volumes of Elements). Knowing the existence
of irrational numbers, Elements treats the question “How can we give
a foundation for real numbers based on rational numbers?“, and it
develops an excellent theory of real numbers (Elements, volume 5).
Pythagoras agonized over this question, and Elements discusses it a
great deal. It was only in the nineteenth century that a complete
answer was given (see $2.4 in this volume).
However, the theory of real numbers developed in the nineteenth
century did not put to rest the question posed by the ancient Greeks:
“What are the numbers?” Around a hundred years ago, using a
method similar to the construction of real numbers out of rational
numbers, a world of numbers called “$-adic numbers” was established
for each prime number p out of rational numbers. They form a quite
different world from the world of real numbers, but they turn out to
be as natural and as important as the world of real numbers.
{padic numbers} > {rational numbers} c {real numbers)
Diophantus was a mathematician of the third century, and he

was a descendant of the ancient Greek school of mathematicians. He
wrote the book Arithmetica, which discusses rational solutions to alge-
braic equations. After Diophantus, the development of number theory
slowed down until Fermat. The Renaissance revived the free spirits
of the ancient Greece, and Arithmetica was republished. Fermat was
stimulated by Arithmetica and began to study number theory.
Fermat was a lawyer in Toulouse in France. He founded a method
of describing a geometric figure by an equation (for example, express-
ing an ellipse by the equation $ + $ = 1) independent of Descartes.
He obtained maxima and minima of a function using a method sim-
ilar to calculus. Later this work served as a clue to the discovery of
calculus. He also did some important work on number theory. He
was the greatest mathematician of the first half of the seventeenth
century.
4 0. INTRODUCTION
In the following sections we introduce some propositions Fermat

claimed to have proved. Each of them surpassed the level of ancient
mathematics, and they began the epoch of modern number theory.
Fermat himself seldom wrote down a proof, but mathematicians of
later eras made efforts to give a proof to each of these propositions.
These propositions concern integral or rational solutions to algebraic
equations. It appears as if they are just a compilation of bits of facts
on different equations. Indeed, his contemporaries had a tendency to
think that way.
However, we believe that Fermat, who had a deep affection for
these propositions, understood intuitively that the study of integral
or rational solutions to equations leads us to a profound part of math-
ematics. As it turned out, these theorems are the tip of the iceberg
of deep mathematics.
0.2. Prime numbers and the sum of two squares

Fermat left forty-eight comments in the margin of his copy of
Arithmetica about his work related to the text. These comments were
published after the death of Fermat by his son. The so-called “Last
Theorem” is the second among these comments. (See, for example,
Number Theory by A. Weil.)
The seventh comment is related the following propositions ob-
tained by Fermat.
PROPOSITION 0.1. Let p be a prime number congruent to 1 mod-

ulo 4 (e.g., 5,13,17). Then there exists a right triangle with integer
sides such that the length of tile hypotenuse is p. Conversely, no such
right triangle exists for any prime number congruent to 3 modulo 4
(e.g., 3,7,11).
Notice that in Figure 0.1 the prime numbers 5,13,17 are hy-
potenuses of right triangles. It can be shown, however, that there is
no right triangle having 21 (which is not a prime) as its hypotenuse,
even though 21 is congruent to 1 modulo 4. As we mentioned earlier,
right triangles whose sides are integers have been studied since an-
cient times. However, Fermat was the first to discover such relations
between prime numbers and right triangles.
PROPOSITION 0.2. If p is a prime number congruent to 1 module

4, then there exist natural numbers x and y satisfying
p=x2+y2.
0.2. PRIME NUMBERS AND THE SUM OF TWO SQUARES 5
For example, we have
Conversely, for a prime number p congruent to 3 module 4 there do

not exist rational numbers x and y satisfying p = x2 + y2.
Propositions 0.1 and 0.2 were “preludes” to class field theory,

which is one of the greatest theories of twentieth century mathematics.
We will discuss class field theory in Volume 2. Using the complex
number i = a, we can interpret Proposition 0.2 as follows. A
prime number p congruent to 1 modulo 4 loses its irreducibility as a
prime number in the ring
Z[i]={a+bi/ a,bEZ} (Z is the ring of all integers)
and it factors into the product of two numbers, such as
5 = 22 + l2 = (2 + i)(2 - i),
13 = 32 + 22 = (3 + 2i)(3 - 2i),
17 = 42 + l2 = (4 + i)(4 - i).
The numbers such as 2 + i, 2 - i a.nd 3 + 2i that appear in the above

factorizations are “prime elements” in Z[i] which correspond to prime
numbers in Z. Just as any nonzero integer can be uniquely factored
into the product of prime numbers up to a multiple of fl, any nonzero
element of Z[i] can be factored into the product of prime elements up
to a multiple of fl or fi. A prime number congruent to 1 modulo 4
is the product of two prime elements in Z[i], while a prime number
congruent to 3 modulo 4 is a prime element in Z[i]. This is the idea
behind Proposition 0.2.
We can also prove Proposition 0.1 using the idea of “prime fac-
torization in Z[i]“, as we see
52 = (2 + i)2(2 - i)2 = (3 + 4i)(3 - 4i) = 32 + 42,

132 = (3 + 2i)2(3 - 2i)2 = (5 + 12i)(5 - 12i) = 52 + 122,
172 = (4 + i)2(4 - iy = (15 + 8i)(15 - 8i) = 152 + 82.
Therefore, Propositions 0.1 and 0.2 are reflections of the fact that
as we extend the notion of numbers from Z to Zbi], the factorization
of a prime number in Z[i] is determined by its residue modulo 4.
One of the main themes of class field theory is the factorization of
prime numbers when we extend the world of numbers, and Fermat’s
6 0. INTRODUCTION
Propositions 0.1 and 0.2 may be called the “prelude to class field
theory”. We will come back to class field theory once again in $0.3.
0.3. p = x2 + 2y2, p = x2 + 3y2,. . .

Fermat also discovered the following fact.
PROPOSITION 0.3. If p is a prime number congruent to 1 or 3
modulo 8, then there exist natural numbers x and y satisfying
p=x2+2y?
3=12+2x12, 11=32+2x12, 17=32+2x22.
Conversely, for a prime number p congruent to 5 or 7 module 8 there
do not exist rational numbers x and y satisfying p = x2 + 2y2.
PROPOSITION 0.4. If p is a prime number congruent to 1 mod-
ulo 3, then there exist natural numbers x and y satisfying
p=x2+3y?
7=22+3x12, 13=12+3x22, 19=42+3x12.
Conversely, for a prime number p congruent to 2 module 3 there do
not exist rational numbers x and y satisfying p = x2 + 3y2.
PROPOSITION 0.5. If p is a prime number congruent to 1 or 7
module 8, then there exist natural numbers x and y satisfying
p=xa-2y2.
7 = 32 - 2 x 12, 17 = 52 - 2 x 22, 23 = 52 - 2 x 12.
Conversely, for a prime number p congruent to 3 or 5 modulo 8 there
do not exist rational numbers x and y satisfying p = x2 - 2y2.
We will give a proof of these propositions in Chapter 4, together
with a proof of Propositions 0.1 and 0.2. Through the eyes of modern
mathematics, all these propositions may be regarded as preludes to
class field theory. Consider the identities
3 = l2 + 2 x l2 = (1+ G)(l - J-2),
7 = 22 + 3 x l2 = (2 + Q)(2 - a),
7 = 32 - 2 x l2 = (3 + Jz)(3 - Jz).
0.4. PELL'S EQUATIONS 7
TABLE 0.1
~
primes congruent to 1 or 3 modulo 8
acm I primes congruent to 1 or 7 modulo 8
We see that Propositions 0.3, 0.4 and 0.5 are reflections of how prime
numbers are factorized in Q(n) = {u + b&2 1 a, b E Q} (where
Q is the set of all rational numbers), Q(a), and Q(d), respec-
tively. Together with Proposition 0.2, we summarize the factorization
of prime numbers in Table 0.1.
Class field theory tells us the correspondence between the exten-
sions of the rational number field Q and the factorization of prime
numbers. Furthermore, it tells us the correspondence between the
extensions Q( J--r) and Q(a) and the factorization of prime ele-
ments of Q(&i) and Q(a). See Chapter 4 for details.
Class field theory is one of the summits attained by Teiji Takagi
around 1920 after contributions by Fermat, Gauss, Kummer, Weber,
Hilbert , and others.
Also, there is an interesting theory on the existence of rational
solutions to equations of the type a~’ + by2 = c (a, b, c are rational
numbers), such as x2 + y2 = 5, x2 + 2y2 = 7. We will discuss it in
Chapter 2.
0.4. Pell’s equations

Fermat also declared that he proved the following.
PROPOSITION 0.6. Let N be a natural number which is not a
square of another natural number. Then the equation
x2 - Ny’ = 1
has injinitely many natural number solutions.
For example, the equation x2 - 2y2 = 1 has infinitely many nat-

ural number solutions such as
32 - 2 x 22 = 1, 172 - 2 x 122 = 1, 9g2 - 2 x 702 = 1.
An equation cf the form x2 - Ny2 = 1 is called a Pell’s equation.
8 0. INTRODUCTION
Through the eyes of modern mathematics Proposition 0.6 may be

regarded as a statement about the ring Z[&V] = {a+bfl ( a, b E Z}.
If integers z and y satisfy 2’ - Ny2 = 1, then x + yfl is a unit of
the ring Z[&V] ( an element that has an inverse in %[&I), since we
have the relation (x + yv%)(z - yfi) = 1. For example, it can be
seen that the set of units of Z[Jz] is the set {f(l + a)” j n E Z},
and the fact that iZ[fi] h as infinitely many units is the reason why
the equation x2 - 2y2 = 1 has infinitely many solutions in natural
numbers. The situation is significantly different with the ring Z[i],
whose set of units is the finite set (51, rti}. We will study such sets
of units in Chapter 4, where we introduce “Dirichlet’s unit theorem”
(see 54.2; the proof will be given in 56.2). In $4.2 we will prove
Proposition 0.6 using Dirichlet’s unit theorem.
0.5. Triangular numbers, quadrangular numbers,

pentagonal numbers
The eighteenth comment of Fermat in the margin of Arithmetica
is the following proposition.
PROPOSITION 0.7. If n > 3, any natural number can be expressed

as the sum of less than or equal to n n-gonal numbers.
Here, an n-gonal number is the number of dots when you draw

a regular n-gon in such a way as in Figure 0.2. Pythagoras and
his disciples showed great interest in these numbers. For exam-
ple, 1,3,6,10 ,... are triangular numbers, which can be expressed
as iz(x + 1) with a natural number z. Quadrangular numbers are
nothing but squares.
In the place where he wrote down Proposition 0.7, Fermat said
that Proposition 0.7 was related to many profound mysteries in num-
ber theory and that he intended to write a book about them. Unfor-
tunately, however, the book was never written.
If we extract the part about the quadrangular numbers from
Proposition 0.7, we have the following.
PROPOSITION 0.8. Let n be a natural number. Then, there exist

integers x, y, z and u satisfying
n=x2+y2+z2+u2.
0.5. TRIANGULAR, QUADRANGULAR.. PENTAGONAL NUMBERS 9
. OQtsl
FIGURE 0.2. n-gonal numbers
5=22+12+02+02, 7=22+12+12+12,
15 = 32 + 22 + 12 + 12.
Euler, the greatest mathematician of the eighteenth century, was

quite impressed by Fermat’s Proposition 0.7, and was disappointed
that Fermat had not written the proof. He became the successor
to Fermat in number theory by giving proofs to many of the state-
ments Fermat made. It is said that Euler struggled greatly when he
attempted to prove Proposition 0.8. A proof of Proposition 0.8 was
given in 1772 by Lagrange, who took over Euler’s effort.
In 1882 Jacobi gave a new proof of Proposition 0.8 using automor-
phic forms. We will present Jacobi’s proof in Chapter 9 on automor-
phic forms in Volume 3 (Theorem 9.22). Jacobi’s method of proof is
so strong that it gives the number a(n) of quadruples (5, y, z, U) that
10 0. INTRODUCTION
satisfy
n = x2 + y2 + z2 + u2
for each integer n > 0. Jacobi’s method uses the fact that the series
-g a(n)Fnz
n=O
is an automorphic form, and it is a typical example of applications of
automorphic forms to the arithmetic of quadratic forms.
Propositons 0.1-0.8 solve some of the problems of representing
integers or rational numbers by quadratic forms such as x2 + y2 and
x2 + y2 + z2 + u2. The arithmetic of quadratic forms grew out of these
questions.
0.6. Triangular numbers, squares, cubes

Until now, all the work of Fermat we introduced concerns squares
of numbers. We now consider cubes of numbers. A natural number
that is the cube of another natural number is called a cubic number.
Fermat compared cubic numbers to triangular numbers, and cubic
numbers to square numbers. He stated the following.
PROPOSITION 0.9. A triangular number dinerent from 1 is not a
cubic number.
PROPOSITION 0.10. The only case where a square number added

to 2 becomes a cubic number is 52 + 2 = 33.
PROPOSITION 0.11. The only caseswhere a square number added

to 4 becomes a cubic number are 22 + 4 = 23 and 112 + 4 = 53.
Propositions 0.9, 0.10 and 0.11 concern natural number solutions

to
iY(Y + 1) = x3, y2+2=x3, y2+4=23.

It is very difficult to prove these propositions (as well as Propo-
sitions 0.1-0.8) by hand without using any significant tools. In at-
tempting to prove these propositions we are naturally led to profound
mathematics.
In $4.1 we will prove Propositions 0.10 and 0.11 by methods of
algebraic number theory. Rewriting the equations y2 + 2 = x3 and
y2 + 4 = x3 as
(y + d=)(y - J-2) = x3 and (y + 2a)(y - 2&i) = x3,
0.7. RIGHT TRIANGLES AND ELLIPTIC CURVES 11
FIGURE 0.3. The elliptic curve y2 = x3 - 2
respectively, we can prove Propositions 0.10 and 0.11 using the arith-
metic of iZ[J-“i] and Z[&i], respectively.
We can view Propositions 0.9-0.11 as solving the equations of the
form
(0.1) y2 = (polynomial of degree 3),

where the cubic polynomial on the right-hand side has no multiple
root. (In Proposition 0.9 we can rewrite iy(y+ 1) = x3 as (2y+ 1)2 =
(2~)~ + 1, and we obtain an equation of the form (0.1) by replacing
2~ + 1 by Y.)
A curve defined by an equation of the form (0.1) is called an
elliptic curme (see Figure 0.3). An elliptic curve is not an ellipse;
it is so named due to the fact that it is related to the length of
the perimeter of an ellipse. From here on all the work of Fermat
we discuss will be related to elliptic curves. Fermat studied elliptic
curves a great deal, although he did not realize it consciously. Elliptic
curves are rich mathematical objects. We will discuss elliptic curves
in Chapter 1 and in Volume 3.
0.7. Right triangles and elliptic curves

Fermat’s twenty-third comment in the margin of Arithmetica is
Proposition 0.12, and his forty-fifth comment is Proposition 0.13. He
also mentions Proposition 0.14.
12 0. INTRODUCTION
PROPOSITION 0.12. Given a triangle whose sides have rational

length, there exist infinitely many triangles with rational sides that
have the same area as the given triangle.
For example, the area of the triangle whose sides are 3,4,5 is 6,
and Fermat explained a method to obtain the triangle (&, y, w)
that has the same area 6.
PROPOSITION 0.13. The area of a right triangle whose sides are
integers is not a square.
PROPOSITION 0.14. The area of a right triangle whose sides are
integers is not twice a square.
Propositions 0.13 and 0.14 say that there does not exist a tri-
angle whose sides are rational numbers and whose area is 1 or 2,
respectively. If such a triangle existed, we would be able to obtain,
by multiplying all three sides by a suitable integer, a triangle whose
sides are integers and whose area is a square or twice a square.
As we will show in §l. 1, finding a right triangle whose sides are
rational numbers and whose area is a positive rational number d is
essentially the sameas finding a rational solution to the equation y2 =
x3 - d2x other than (x, y) = (O,O), (fd, 0). Thus, Proposition 0.13
and 0.14 state that the equation y2 = x3 - d2x for d = 1,2 does not
have a rational solution except for (x, y) = (O,O), (fd,O) (which we
will show in the case d = 1 in §1.3), whereas Proposition 0.12 states
that if y2 = x3 - d2x has a rational solution other than (O,O), (fd, 0),
then it has infinitely many rational solutions.
A very important conjecture, called the Birch and Swinnerton-
Dyer conjecture, has been proposed to provide a method of deter-
mining whether or not an equation of an elliptic curve with rational
coefficients has a rational solution (see $12.1(e) in Volume 3); this is
currently an active field of research. Wiles, who proved Fermat’s Last
Theorem, started his career by studying the Birch and Swinnerton-
Dyer conjecture (3. Coats and A. Wiles, On the conjecture of Birch
and Swinnerton-Dyer, Invent. Math. 39 (1977), 2233251).
0.8. Fermat’s Last Theorem
Statements made by Fermat have been proved by the efforts of

mathematicians of later eras; however, Fermat’s Last Theorem re-
mained unproved, and thus was called the “Last Theorem”.
It is known that Fermat had a complete proof for the case n = 4
(i.e., nonexistence of nontrivial solutions to the equation x4+y4 = z4).
0.8. FERMAT’S LAST THEOREM 13
Fermat seldom wrote a proof of his results, but he actually wrote

down a proof of Proposition 0.13 in the margin of Arithmetica. The
proof of Proposition 0.13 gives a proof of the Last Theorem for the
case n = 4 as a by-product (see 31.1). Fermat told his acquaintances
about the results mentioned in this chapter over and over again except
for the Last Theorem. Later in life, he also mentioned the case n = 3
of the Last Theorem as his important discovery. Considering what
he wrote about those results and the outline of the proofs in the
letters, we guess that Fermat had a proof or something closer to a
proof for those results. However, Fermat never discussed the Last
Theorem in the case where n is greater than or equal to 5 except in
t,he margin of Arithmetica. Considering how hard it was to prove the
Last Theorem for the mathematicians of later eras, it is believed that
Fermat thought wrongly that he had a proof for the Last Theorem.
Some attempts to prove Fermat’s Last Theorem by mathemati-
cians of later eras brought advancements in mathematics. Among
those are the work of Kummer and of Wiles. Kummer did the follow-
ing. Fermat ‘s equation
xn + y” = zn
can be rewritten in the product form
Xn = (2 - Y)(Z - GLY) . ‘. (2 - c,“-‘YL
where cn is the n-th primitive root of unity cos(27r/n) + isin(2r/n).

If the ring
q&l = (a0 + a1Cn + . . + a,(~ 1r 2 0, ~0,. . , a, E Z}
has the unique factorization property (i.e., the property that “any
nonzero element can be factored uniquely into the product of prime
elements” just as in Z), we can prove Fermat’s Last Theorem by
factoring z and z - <ky (Ic = 0, 1, . . , n - 1). Unfortunately, for most
n, Z[<J does not have a unique factorization property like Z or the
ring Z[i] that appeared in 30.2.
Kummer discovered that in Z[&] there is a law called the unique
factorization into prime ideals (see 34.2) which replaces the unique
factorization into prime numbers. His discovery pioneered algebraic
number theory (the study of rings such as Z[&]), and he managed to
prove Fermat’s Last Theorem for many n (94.4).
In the course of his work Kummer came close to discovering the
notion of p-adic numbers, and he discovered a mysterious relation
14 0. INTRODUCTION
among three objects: the arithmetic of Z[&], p-adic numbers, and

the < function
which was discovered by Euler in eighteenth century (see Chapter 3).

Kummer’s work grew into Iwasawa theory in the twentieth century.
We will discuss Iwasawa theory (see Chapter 10 in Volume 3). Wiles
extended Iwasawa theory, used the theory of automorphic forms (see
Chapter 9 in Volume 3), and studied the arithmetic of elliptic curves
very deeply in order to prove Fermat’s Last Theorem.
Details of the proof given by Wiles will be discussed in the book
Fermat’s Last Theorem in the Iwanami series The Development of
Modern Mathematics. We will also explain the highlights of his proof
in 512.2 in Volume 3.
We have seen the relation between the work of Fermat and mod-
ern mathematics. Fermat, who was the founder of modern number
theory, noticed the depth of the world of numbers. Recently, a deeper
part of number theory has been found to be tied up with a deeper
part of theoretical physics as if it makes a harmony with the philoso-
phy of Pythagoras that “everything is a number.” We think that the
reason for the depth of the world of numbers fascinated Pythagoras,
Fermat and many others is that it is a reflection of the depth of the
universe. As number theory has been developed during the 350 years
since Fermat’s era, we have discovered the enormous depth of the
world of numbers.
Exercises
0.1. Show that the n-th root of 5 is an irrational number for n

greater than 1.
0.2. Show that fi + fi is an irrational number.
0.3. Express 29, 37, 41, and 53 in the form x2 +y2 (x, y integers).
0.4. Diophantus states “65 = 5 x 13 is the product of 5 and
13, both of which can be the length of the hypotenuse of a right
triangle with rational sides. Therefore, 65 can be the length of the
hypotenuse of two different right triangles with rational sides as we
have 652 = 632 + 162 = 562 + 332.” Explain this fact using prime
factorization in Z[i] as in $0.2.
EXERCISES 15
0.5. If we form the fraction z/y from a natural number solution

to x2 - 2y2 = 1, such as 172 - 2 x 122 = 1 and 9g2 - 2 x 702 = 1,
we obtain a rational number very close to fi = 1.41421.. . as we
have 17
12
= 1416
. “‘> 99 = 1.41428.. . . Explain why.
70
0.6. Show that there are infinitely many integers which are si-
multaneously both a triangular number and a square.
CHAPTER 1
Rational Points on Elliptic Curves
The aim of this chapter is to introduce elliptic curves and the main
part of the proof of Mordell’s theorem, which plays an important role
in the arithmetic of elliptic curves.
1.1. Fermat and elliptic curves

(a) x4 + y4 = z4 and elliptic curves. As we explained in
$0.7, Fermat wrote down a proof of the fact that “there does not
exist a right triangle whose sides are integers and whose area is a
square”(Proposition 0.13) in the margin of his copy of Arithmetica.
His proof implies the following proposition.
PROPOSITION 1.1. There is no solution (cc, y, z) to x4 + y4 = z4
satisfying xyz # 0.
In modern language, Fermat’s proof of Proposition 0.13 can be
considered a study of the elliptic curve y2 = z3 - z. As we will see
later in (c), Proposition 0.13 is equivalent to Proposition 1.2 below.
Proposition 1.1 is also a consequence of Proposition 1.2.
PROPOSITION 1.2. The only rational solutions to y2 = x3 -x are

(z,y) = (0,O) and (kl,O).
We can see that Proposition 1.1 is a consequence of Proposi-

tion 1.2 as follows. If there exist natural numbers 5, y and z satisfying
x*+y4=z4,
we see (by moving y4 to the other side and then multiplying by z2/y”)
that they satisfy
(Ye),= ($)3Y;.
This implies that the equation y2 = x3 - x has a solution satisfy-

ing y # 0, which contradicts Proposition 1.2. Thus, we see that
17
18 1. RATIONAL POINTS ON ELLIPTIC CURVES
FIGURE 1.1. Elliptic curves
Proposition 1.1 follows from Proposition 1.2. We will give a proof of

Proposition 1.2 in (d). Our proof is a translation of Fermat’s proof
of Proposition 0.13 written in the margin of Arithmetica.
(b) Elliptic curves. In the Introduction we explained that Fer-
mat’s statement “No triangular number different from 1 is the cube
of a natural number” can be interpreted as a statement about the
integer solutions to the equation y ’ = z3 + 1. We also said that Fer-
mat stated that the only natural number solutions to y2 = x3 - 4 are
(z, y) = (2,2) and (5,ll). The graphs of the elliptic curves
y2 = x3 - 5, y2 = x3 + 1, y2 = 23 - 4
are shown in Figure 1.1.
An elliptic curve over Q is a curve given by an equation of the
following form:
(*I y2 = ax3 + bx2 + cx + d (a,b,c,d~Q!, a#O),

where the cubic polynomial of the right-hand side does not have a
multiple root.
If K is a field of characteristic different from 2, then we define an
elliptic curve over K by replacing a, b, c, d E Q by a, b, c, d E K in (*).
In this section we consider only elliptic curves over Q, and we omit
the definition of elliptic curves over a field of characteristic 2.
The curves defined by
y2 zz 53 and y2 = x2 (z + 1)
1.1. FERMAT AND ELLIPTIC CURVES 19
FIGURE 1.2. Curves that are not elliptic curves
are not elliptic curves since the cubic polynomials on the right-hand
side have a multiple root. This can be seen in Figure 1.2 as they are
graphically different from elliptic curves--each of them has a singular
point at (0,O).
In Figure 1.1 the points indicated by . are integral points (points
whose z- and y-coordinates are both integers) of each elliptic curve.
A point whose x- and y-coordinates are rational numbers is called
a rational point. Studying integral and rational points on a elliptic
curve was Fermat’s favorite theme, and as we will explain in the book,
it leads us to a profound part of mathematics.
The only integral points of elliptic curve in Figure 1.1 are the
points marked by the dots . . (For y2 = x3 + 1, this statement contains
Proposition 0.9. For y2 = x3 - 4, this statement corresponds to
Proposition 0.11. A proof of Proposition 0.11 will be given in $4.1.)
In general, it is known that an elliptic curve over Q has only a
finite number of integral points (Mordell, Siegel). Since y2 = x3 and
y2 = x2(x+1) are not elliptic curves, they may have infinitely integral
points. Indeed, (n3, n2) (n E Z) are integral points of y2 = z3, and
(n2 - 1, n(n2 - 1)) (n E Z) are integral points of y2 = x2(x + 1). This
suggests that the geometrical difference is related to the arithmetical
difference.
On the other hand, an elliptic curve over Q may have a finite or
infinite number of rational points. In Figure 1.1, all the rational points
of y2 = x3 -x are the points indicated by the dots . (Proposition 1.2),
and all the rational points of y2 = x3 + 1 are also the points indicated
by the dots . . However, there exit infinitely many rational points on

y2 = x3 - 4, such as (7, 9). In 51.3 we will introduce Mordell’s
theorem, which concerns rational points on elliptic curves. Studying
rational points on an elliptic curve is still an active area of research
where many studies are being done around the conjecture of Birch
and Swinnerton-Dyer and other conjectures.
(c) Right triangles and elliptic curves. Fermat’s Proposi-

tion 0.13 is equivalent to the statement “There is no triangle whose
sides are rational numbers and whose area is 1.” This statement
is equivalent to Proposition 1.2, which concerns the elliptic curve
Y 2 = x3 - z. This equivalence follows from the case d = 1 in
Lemma 1.3.
LEMMA 1.3. Let d be a positive rational number. The following

conditions (i) through (iii) are equivalent.
(i) There exists a triangle whose three sides are rational numbers
and whose area is d.
(ii) There exist three squares of rational numbers that form an
arithmetic progression of difference d.
(iii) There exists a rational solution to y2 = x3 - d2x other than
(x, y) = (0,O) and (fd, 0).
For example, the area of the right triangle having sides 3, 4, 5

is 6. The sequence (f)‘, (f)‘, (g)” is an arithmetic progression of
difference 6. The question “For which d does there exist a sequence of
three squares of rational numbers that forms an arithmetic progres-
sion of difference d?” (which is equivalent to the question “Which
numbers d can be the area of a right triangle whose sides are rational
numbers” by Lemma 1.3) has drawn a great deal of attention for long
time. In fact, we can find a reference in Arabian mathematics more
than one thousand years ago. (Around that time ancient Greek math-
ematics was forgotten in Europe, but it was imported to the Arabic
culture where it grew steadily. During the Renaissance, Europeans
reintroduced Arabic mathematics.)
Lemma 1.3 follows from Lemma 1.4 below, since conditions (i),
(ii) and (iii) in Lemma 1.3 imply that the sets Ad, Bd and cd in
Lemma 1.4, respectively, are not empty when K = Q.
LEMMA 1.4. Let K be a field of characteristic different from 2.

For d E K define the sets Ad, Bd and Cd as ~0110~s:
Ad = {(x, y, z) E K x K x K ) x2 + y2 = z2, ;xy = d),
Bd={(u,u,w)EKxKxKIu2+d=u2, v2+d=w2},
Cd = {(x, y) E K x K ) y2 = x3 - d2x, y # O}.
Then there exist bijections between any two of Ad, Bd, and Cd.
Indeed, between Ad and Bd we have two maps
Ad-+Bd; (x,y,z)++ y,;,+
Bd -+ Ad; (u, u, w) - (w - u, w + 21, au),

and these maps are inverse to each other. For example, (3,4,5) E A6
corresponds to (i,$,g) E BG, and (f)“,(%)‘,(g)’ is an arith-
metic progression with difference 6. (5,12,13) E A30 corresponds to
(S, y, 7) E B3o, and ($)’ , (y)’ , (q)” is an arithmetic progression
with difference 30.
The fact that there is a one-to-one correspondence between Bd
and Cd follows from the case a = d, b = 0, c = -d in Lemma 1.5.
LEMMA 1.5. Let K be a field of characteristic different from 2,

and let a, b, and c be distinct elements in K. Define B, C and C by
B={(u,v,w)~KxKxK(u~+a=v~+b=w~+c},
C?= {(x,y) E K x K 1 y2 = (x - a)(x - b)(x - c)},
C = {(x,y) E K x K / y2 = (x - a)(x - b)(x - c), y # 0)
= 6’ - {(a, 01, (b, 01, (c, 0)).

Then
(1) There exist mutually inverse maps f :B --+ C and g : C + B
given by
f(u, v, w) = (u2 + a + u21+ VW + wu, (u + v)(u + w)(w + u)),
dX,Yl) = $((x - a)2 - (b - a)(c- a)),
&((x - b)2 - (a - b)(c - b)), &(x - c)~ - (a - c)(b - c)))
(2) There is a map h : B --+ 6’ given by h(u, u, w) = (u2+a, uvw).

The proof of Lemma 1.5 is straightforward, and we leave it to the

reader.
REMARK 1.6. The composition of two maps in Lemma 1.5, hog :

C + C, is a map called the multiplication-by-2 map of the elliptic
curve y2 = (x - a)(x - b)(x - c) (see 51.2). From the definition of h
we see that the image of h o g (which coincides with the image of h
since g is surjective) is
{(x,y) E K x K 1 y2 = (x - u)(x - b)(x - c),

x-a, x-b, 5 -c are squares in K}
We will use this fact later.
We now have seen that Proposition 0.13 and Proposition 1.2 are
equivalent.
(d) Proof of Proposition 1.2. We will now prove that the

only rational solutions to y2 = x3 - x are (0,O) and (kl,O).
Let a be a rational number and write a = z as a fraction in lowest
terms. Define the height H(a) to be max(lm), In/), where max(a, b)
indicates the greater of a and b. (If a = b, we define max(u, b) = a =
b.) Also, min(u, b) i.s defined as the smaller of a and b, and if a = b,
min(u, b) is defined as a (and thus b). For example, we have
H(-g) ~8, H(S) =7, H(O)=1 since O=i.
Suppose there is a rational solution to y2 = x3 - x other than

(0, (0, (fl, 0). Ch oose one of the solutions such that the height of
the x-coordinate is the smallest possible, and denote it by (xo, ye).
The strategy of the proof is to show that we can construct another
rational solution to y 2 = x3 - x different from (0,O) and (fl, 0) such
that the height of x-coordinate is smaller than that of xc. Fermat
often used this method of construction of a “smaller solution” to the
same equation. He called it the method of “infinite descent”.
The proof consists of the following three steps.
(i) Show that we may assumexc > 1.
(ii) Letxe>l. Sincewehave(xc-l)xc(xe+l)=x$xe=yg,
(x0 - 1)X0(X0 + 1) is a square of a rational number. We show
that each of xc - 1, xc and x0 + 1 is the square of a rational
number.
(iii) Consider the case K = Q, a = 1, b = 0, c = -1 in Lemma 1.5

and consider the map in that lemma
h 0 g : c = {(XT, y) E Q x Q 1 y2 = x3 - 2, y # 0)
+ c = { (2, y) E Q x Q ) y2 = x3 - 22).
Since ze - 1, 20 and 50 + 1 are all squares, it follows from
Remark 1.6 that there exists a point (zi,yl) E C such that
h o g(zi, yi) = (ze, ye). We then show H(zi) < H(Q).
Let us show first that we may assumezo > 1. If (z, y) is a rational
solution to y2 = x3 - II: different from (0, 0), then (-i, 3) is another
solution, and we have H(z) = H (-i). Thus, we may assumex0 > 0.
If ~0 > 0, then we have (20 - l)zo(ze + 1) = yi > 0, and thus 50 > 1.
Let us move on to the step (ii). Suppose ~0 > 1, and write
20 = z, m > n > 0, as a fraction in lowest terms. We first show that
one of m and n is an even number. Suppose both m and n are odd
numbers, and let
xb = * = cm + n)P
20 - 1 (m-n)/2
Then (zb, 2yo/(sc - 1)2) is another solution to y2 = x3 - 5. Since
both y and “2” are positive integers, we have
m+n m-n
< max(m,n) = H(Q).
This contradicts the minimality of H(Q). Thus one of m and n is

even, and the other is odd since m and n are relatively prime. Since
we have
mn(m - n)(m + n)
(20 - l)so(zo + 1) =
n4
is the square of a rational number, it follows that mn(m - n) (m + n)
is the square of an integer.
QUESTION 1. Here we used the fact, “If an integer a is the square of a
rational number, a is the square of an integer.” Prove this fact.
Next we show that any two of m, n, m-n and m+n are relatively
prime. The only thing we worry is that m - n and m + n may not
be relatively prime. But a common factor of these two divides both
2m = (m - n) + (m + n) and 2n = (m + n) - (m - n), and thus it
must be 2. Since m - n and m + n are both odd, 2 is not a common
factor either.
It now follows from the case Ic = 2 in Lemma 1.7 below that all
ofm,n,m-nandm+naresquares. Thus,ze=z,sc-l=y
and 20 + 1 = 9 are all squares of rational numbers.
LEMMA 1.7. Let k be a natural number and let al, . . , a, be pair-

wise relatively prime natural numbers such that the product al . . . a,
is the k-th power of a natural number. Then ai is the k-th power of
a natural number for each i = 1,. . . , r.
QUESTION 2. Prove Lemma 1.7. (Hint: Factor each a, into the product of
prime numbers).
Next we move on to step (iii). Let (si, yi) be the solution to

y2 = 23 - x that is described in the outline of the proof. We show
H(zi) < H(sc). By the definition of h o g we have
(XT + 1)”
x” = 4(X? - Xl).
Writing xi = i as a fraction in lowest terms, we have
(r2 + s2)2
xo = 4rs(r2 - s2) '
Here the greatest common divisor of the numerator and the denom-
inator is at most 4. (Reason: It is easy to show that the common
prime factor of the numerator and the denominator is at most 2, and
thus the greatest common divisor is a power of 2. If r2 + s2 is even,
both r and s must be odd. Thus, both r2 and s2 are congruent to 1
modulo 4, and r2 + s2 is congruent to 2 modulo 4. This implies that
(r” + s2)2 is not divisible by 8.) Hence, we have
23(x0) 2 a(r2 + s2)2 2: a max(lrl, 1~1)~ > m=4rl, IsI) = ff(zl).

Here the last > follows from the fact H(xi) 2 2 since xi # 0, &l.
This completes the proof of Proposition 1.2.
This proof uses the group structure of an elliptic curve (which
will be defined in $1.2) and the notion of “height”. In fact, as we
see from Remark 1.6, we used the multiplication-by-2 map in step
(iii). In steps (i) and (ii), given a point P(z, y) in y2 = x3 - 5, we
considered two points Q (- $, 3) and R 3, A). In terms of
(
the group structure, they correspond to
Q=P+(O,O) and R=-P+(l,O).
1.2. GROUP STRUCTURE OF AN ELLIPTIC CURVE 25
1.2. Group structure of an elliptic curve

Given a rational point in an elliptic curve, there is a way to
obtain another rational point. Consider the elliptic curve y2 = z3 - 4
in Figure 1.1. If we draw a tangent line to this elliptic curve at the
rational point (2,2), we obtain the point (5,ll) as the other point of
intersection between the elliptic curve and the tangent line. The third
point of intersection between the elliptic curve and the line passing
through (2,2) and (5, -11) is the rational point (y, - y).
This process is possible because an elliptic curve has a group
structure. The theme of 51.2 is this group structure on an elliptic
curve.
(a) Definition of the group structure on an elliptic curve.

Let K be a field of characteristic different from 2. Consider the equa-
tion
y2 = ax3 + bz2 + cx + d
of an elliptic curve E over K. (Here, we assume a, b, c, d E K, a #

0, and the cubic polynomial of the right-hand side does not have a
multiple root.) Let E(K) be the set of points in E defined over K
together with a point 0, i.e.,
E(K) = {(x,y) E K x K / y2 = ax3 + bz2 + cz + d} u (0).
Note that 0 is not the point (0, 0), but it is an added point outside the
plane. (The precise meaning of 0 will be discussed later.) We define
a group structure on E(K) (wri tt en additively) using the following
principles (i)-(iii)
(i) 0 is the identity element.
(ii) If P,Q E E(K), P # 0, Q # 0, and R(z, y) is the third
point of intersection between the elliptic curve and the line
passing through P and Q, then the point (2, -y) E E(K) is
P + Q (see Figure 1.3).
(iii) If P E E(K), P # 0, and the coordinates of P are (5, y),
then the inverse element of P is (5, -y).
For example, consider K = Qp and the elliptic curve y2 = x3 - 4.
If P = (2,2), Q = (5,-ll), then P + Q = (y, 9). The above
principle does not define P + Q when P and Q coincide. Let us define
the sum of P + Q in E(K) more precisely.
IfP=O,thendefineO+Q=Q;ifQ=O,thendefineP+O=
P. Suppose P # 0, Q # 0 and the coordinates of P are (xi, yi) and
p+Y
<
FIGURE 1.3
the coordinates of Q are (52, ~2). First we assume 51 # x2. Then the
line passing through P and Q is given by the equation
(1.1) y = S(x - Xl) + y1.
In order to find the intersection points, substitute (1.1) in y2 = ax3 +

bx2 + cx + d, and we have a cubic equation of the form
4x3 + TX2 + sx + t = 0 (4, r, s, t E K, 9 # 0).
Since x = x1 and x = x2 are solutions to this equation, qx3 + rx2 +
sx + t is divisible by (x - x1)(2 - x2) and it factors as
qx3 +rx2 + sx+t = q(x-x1)(x -x2)(x -x3) (x3 E w.
Substitute x = x3 in (1.1) and solve for y. Denote the solution by

y4 and set ya = -y4. Then (xs,y4) is the third point of intersection,
and (x3, ys) is P + Q. Explicitly, we have
1 ~2 - YI 2 b
(14 x3 = - ~ ---x1-22,
a ( x2 - Xl > a
y3 = _ 92 - Yl
-53 +
Y2Xl - 511x2
-x1 x2-51 52.

Next, consider the case xi = x2. If yi = -y2, define P + Q = 0.
Suppose x1 = x2, and yi # -y/2. Then we have P = Q, and yi # 0.
In this case the line joining P and Q in (ii) must be interpreted as
the tangent line to the elliptic curve at P, which is given by
3ax; + 2bxl + c
(1.3) Y= (x - Xl) + Yl.
2Yl
In order to find the points of intersection, substitute (1.3) in y2 =

ax3 + bx2 + cx + d, and we have a cubic equation of the form
4x3 + ?-x2 + sx + t = 0 (q,T,S,t E K, 4 # 0).
Since (1.3) is a tangent line, x = x1 is a double root of this equation,
and thus the cubic factors to
9x3 + TX2 + sx + t = q(x - x1)2(x - 53) (23 E K).
Substitute x = x3 in (1.3) and solve for y. Denote the solution by

~4, and set y3 = -y4. We define P + Q(= P + P = 2P) as (x3, ~3).
Explicitly, we have
(1.4) L(a2xf - 2acxf - 8adxl + c2 - 4bd),

x3 =4ayf
4 a3xy + 2a2bxT + 5a2cxt

y3 =8ayf
+ 20a2dxT + (20abd - 5ac2)xT
+ (8b2d - 2bc2 - 4acd)xl + (4bcd - 8ad2 - c”)).
For example, consider K = Q and the elliptic curve y2 = x3 - 4.
If P = (2,2), then we have 2P = (5, -11).
We have defined P + Q. It is possible to prove that E(K) is an
abelian group under this addition. (The associative law is difficult
to prove. We can prove the associativity elegantly using algebraic
geometry, but we do not discuss it here.)
QUESTION 3. Show that the set {P E E(K) 1 2P = 0) consists of 0 and

nonzero elements of E(K) whose y-coordinates are 0. Show that if K is an
algebraically closed field, we have an isomorphism of groups
{P E E(K) 1 2P = 0) E Z/22 @ Z/22.
Let K be a field of characteristic different from 2, and a, b, c

distinct elements in K. Consider the elliptic curve defined by
y2 = (x - a)(x - b)(x - c).
We have {P E E(K) 1 2P = 0) = (0, (a,O), (b,O), (c,O)} (see Ques-
tion 3). The map in Lemma 1.5
h o g: C = E(K) - (0, (a, 0), (b, 0), (c, 0)) -+ c = E(K) - (0)
is nothing but the multiplication-by-2 map. This can be seen by
comparing the definition of h o g and the formula (1.4), which gives
the multiplication-by-2 map.
lllllllllllllllllllllllllllllllllllllll
F(,lDAN
11111
lllll
lllll
l~llllll~lllll
BOO12090492443 B km
(b) The meaning of 0. We now consider the meaning of 0. If

K is the field Iw of real numbers, then 0 is geometrically interpreted
as the point at infinity. This can be seen as follows. If K = iw, then
{ (2, y) E R x lR 1 y2 = ax3 + bx2 + cx + d}
is the graph of the elliptic curve. 0 can be thought of as the limit

point as we go higher and higher. It is also considered to be the limit
as we go lower and lower.
This is consistent with the definition of P + Q. As an example,
consider the elliptic curve y2 = x3 - 4 (see Figure 1.1). The sum of
the points (2,2) and (2, -2) is 0 by definition. Let P be the point
(2,2) and Q a point on the curve very close to but different from
the point (2, -2). If Q approaches to (2, -2) from below, the sum
P + Q goes higher and higher to infinity. If Q approaches to (2, -2)
from above, then P + Q goes lower and lower. Therefore, it is natural
to think that the limit to the upper direction and the limit to the
lower direction should coincide, and the elliptic curve is connected
at the point 0. Also, this interpretation is consistent with the fact
P + 0 = P. When a point Q on the elliptic curve goes up or down
to infinity, P + Q approaches P.
Let K be any field of characteristic different from 2. Let us
consider the meaning of 0 in this case. Identify E(K) with the set
X = {ratio(x : y : Z) 1 z,y, z E K, (5, y, Z) # (O,O,O)

y2z = ax3 + bx2z + cxz2 + dz3}
as follows. Identify (2, y) E K x K that satisfies y2 = az”+bx2+cx+d

with the ratio (CC : y : 1) E X, and identify 0 E E(K) with (0 :
1 : 0) E X. Here, we consider the ratio (x : y : 2) and the ratio
(2’ : y’ : z’) to be the same if and only if there is a nonzero element c
in K such that x’ = cx, y’ = cy, Z’ = cz. In X the point 0 acquires
the same legitimacy as the points in E(K). (X is a subset of the
projective plane consisting of all the ratios (x : y : z). For more detail
on projective spaces, see, for example, J. H. Silverman and J. Tate,
Rational Points on Elliptic Curves, Appendix A, and the references
listed therein.)
If K = Iw, we give a natural topology to X. When the point (x, y)
on the elliptic curve goes higher and higher, or goes lower and lower,
the point (x, y) = ratio(x : y : 1) = ratio (f : 1 : $) converges to the
point 0 = (0 : 1 : 0).
FIGURE 1.4. y2 =x3 +1
(c) Examples. Let us see some examples of the group structure

of E(Q) of an elliptic curve over Q.
EXAMPLE 1.8. If E is y2 = zr3 - 5, then each element of the set
E(a) = (0, (O,O), (&l,O)} satisfies 2P = 0 (see Question 3). Thus,
as a group we have
E(Q) = z/az a? z/az.
EXAMPLE 1.9. If E is y2 = x3 + 1, let P = (2,3) and we see that
2P = (0, I), 3P = (-l,O), 4P = (0, -l), 5P = (2, -3), 6P = 0 (see
Figure 1.4). It can be proven that E(Q) consists of only these points,
and thus
E(Q) g Z/6Z.
EXAMPLE 1.10. If E is y2 = 5s - 4, let P = (2,2) and we see

that 2P = (5, -ll), 3P = (7, v). We do not prove it in this
book, but it can be proved that we have
Z%E(Q);w-mP.
EXAMPLE 1.11. If E is y2 = IC’ - 2, let P = (3,5) and we have
2P = (#,-$$). W e d o not prove it in this book, but it can be
proved that we have
zrE(Q);nHnP.
(d) Fermat’s method. As we mentioned in $0.7 (Proposi-

tion 0.12), Fermat wrote that he had found a method to construct
infinitely many right triangles whose sides are rational numbers and
whose area is the same as that of a given right triangle with rational
sides. He essentially found the fact that can be stated as follows using
the notation in Lemma 1.4. Let d be a positive rational number. If
(x, y, z) E Ad, then so is
2xy.z y2 - x2 z4 + 4xzyz
E Ad.
y2 -52’ 22 ’ 2(y2 - x2)z >
The map Ad + Ad that sends (x, y, z) E Ad to this point (for example,
it maps (3,4,5) to (y, &, +)) is nothing but the multiplication-
by-2 map of y2 = x3 -d2x passing through the identification Ad g cd
in Lemma 1.4.
As in the proof of Proposition 1.2 in $1.1, Fermat made the most
out of the multiplication-by-2 map, even though he did not realize
that an elliptic curve has a group structure.
The multiplication-by-2 map yielded very strong results for Fer-
mat because the height (H(x) in $1.1) of the x-coordinate of 2P is
usually much greater than that of P (see Example 1.11). For ex-
ample, consider the point P = (5,ll) on the curve y2 = x3 - 4.
The x-coordinate of 2P is $$, and its height is 785 since the nu-
merator and the denominator are relatively prime. This phenomenon
appeared in the proof of Proposition 1.2 at the end of 51.1, and it will
be the key point to the proof of Mordell’s theorem in the next section.
(The idea of the proof given by Mordell was probably influenced by
Fermat .)
1.3. Mordell’s theorem

(a) Statement of Mordell’s theorem. Mordell proved the
following theorem in 1922.
THEOREM 1.12 (Mordell’s theorem). Let E be an elliptic curve
over Q. Then the group E(Q) is a finitely generated abelian group.
By the fundamental theorem on abelian groups, a finitely gener-
ated abelian group is isomorphic to
(1.5) Z@’ @finite abelian group (r 2 01,

where Z@’ denotes the direct sum of r copies of Z. This number r is
called the rank of the elliptic curve. For example, the rank of elliptic
1.3. MORDELL’S THEOREM 31
curves
y2 = x3 - 2, y2 = x3 + 1, y2 = 53 - 4, g = x3 _ 2
are, respectively, O,O, 1,1 (see Examples 1.8-1.11 in $1.2). It is gener-

ally believed that the rank of an elliptic curve over Q can be arbitrarily
large, but this is an unsolved problem at present.
On the other hand, Mazur proved in 1977 that the finite abelian
group part of (1.5), that is, the subgroup of E(Q) consisting of all the
elements of finite order, must be one of the groups in the following
list:
(1) Z/n& where 1 5 n 5 10 or n = 12;
(2) Z/nZ @ Z/2& where n = 2,4,6,8.
(It is known that each of the groups in the above list occurs as the
subgroup of all the elements of finite order of some elliptic curve
over Q.)
In this section we give the main part of the proof of Mordell’s
theorem. The rest of the proof will be given in Volume 3.
(b) Outline of the proof of Mordell’s theorem. Mordell’s

theorem is proved using the following two facts.
(I) The weak Mordell theorem, which states that the quotient
group E(Q)/2E(Q) is finite.
(II) The properties of heights of the rational points on E(Q).
We will explain (I) later. Here we discuss (II). In $1.1 we defined
the height H(x) of x by max()ml, Inl) if we write z = E in lowest
terms. For a rational point P on an elliptic curve E over Q we define
the height H(P) as the height of the x-coordinate of P if P # 0, and
we define H (0) = 1. We use the following two facts about the height.
(IIA) For any positive real number C the set
{P E E(Q) I H(P) I C>

is a finite set.
This follows from the trivial fact that for any real number C, the
set {x E Q 1 H(x) 5 C} is finite.
(IIB) There exists a positive real number C satisfying the following
two conditions:
(1) For any P E E(Q),
C. H(2P) > H(P)4;
(2) For any P, Q E E(Q),

C. H(P)H(Q) L min(H(P + Q), H(P - Q)).
(1) formulates the phenomenon we mentioned at the end of 51.2,
namely, “H(2P) is much larger than H(P)".
Let us prove that Mordell’s theorem follows from (I), (IIA) and
(IIB). More precisely, we prove
PROPOSITION 1.13. Let Q1,. . . , Qn E E(Q) be representatives

of the elements of E(Q)/2E(Q). (That is, {Qz mod 2E(Q) 1i =
1 . . > n} equals E(Q)/2E(U3)). Suppose a positive number C sat-
iijies the properties (1) and (2) in (IIB). Let M be the largest of
H(Ql), . , H(Q,) and C. Th en E(a) is generated by the finite set
{P E E(Q) I H(P) 5 Ml.

PROOF. Suppose there exist elements of E(Q) outside the sub-
group of E(a) generated by the set {P E E(Q) 1 H(P) 5 M}. Let
PO be such an element whose height is the smallest. Clearly, we have
H(Po) > M. The image of PO in E(Q)/2E(Q) coincides with Qi for
some i. For this i, PO + Qi and PO - Qi belong to 2E(a). Let R be
the one of these whose height is smaller, and let PI E E(a) be an
element satisfying R = 2Pl. By (1) of (IIB) we have
Hi < C.H(R) < M.H(R)

By (2) of (IIB) we have
H(R) I C. ff(Po)ff(Qi) 5 M2WPo).

Thus, we have
ffpq4 I M3w%).
Since H(Po) > M, we obtain Hi < H(Po)4. Thus, we have
ff(Pl) < H(h). Th e minimality of H(Po) implies that PI belongs
to the subgroup generated by {P E E(Q) 1 H(P) < Ad}. Since PO
equals either 2Pl + Qz or 2Pl - Qi, PO also belongs to the subgroup
generated by {P E E(Q) 1 H(P) 5 hl}, which is a contradiction.
This proves Proposition 1.13. 0
QUESTION 4. Let A be an abelian group. Show that A/2A is a finite group if

A is finitely generated. On the other hand, show that A is not necessarily finitely
generated even if A/2A is a finite group. (Thus, Mordell’s theorem cannot be
derived solely from the weak Mordell theorem, but we need the notion of height.)
(c) Main part of the proof of Mordell’s theorem. The

remaining portion of this section is dedicated to the main part of the
proof of the weak Mordell theorem for elliptic curves of the form
y/“=(x-a)(x-b)(x-c) (a, b, c are distinct rational numbers),
and the proof of part (IIB). Thus, for elliptic curves given by the
above equation, the proof of Mordell’s theorem will be completed
in this section. The general case will be treated later in Volume 3.
The proof that follows is rather complicated; the first-time reader is
advised to skip it and go directly to Chapter 2.
PROPOSITION 1.14. Let a, b, and c be distinct rational numbers.
Consider the elliptic curve E defined by
y2 = (x-u)(x-b)(x-c).
If P # 0, we denote the x-coordinate of P simply by x. Define the

map
8: E(Q) -+ Q”/(Qx)2 x Q”/W)” x Qx/Wx)2
by
d(P) =
- - -
(x-a, x-b, x-c) ZfP # 0, (a, O>> (h 01, Cc, 01,
((u-b)(a-c), a-b, a-c) ifP=(a,O),
~-~__
(b - a, (b - a)(b - c), b - c) if P = (b,O),
(c-u, c-b, (c-a)(c-b)) ifP=(c,O),
ifP=O.
I (Ll, 1)
(Here - means mod(Qx)2.) Then we have

(1) The map i3 is a group homomorphism.
(2) The kernel ofa is 2E(Q).
(3) Let G be the subgroup of Qx/(Qx)” generated by the prime
factors of a - b, b - c, c - a and -1. Then the image of d is
contained in G x G x G.
For those elliptic curves treated in Proposition 1.14, the weak

Mordell theorem follows easily from Proposition 1.14. Indeed, Propo-
sition 1.14 shows that E(Q)/2E(Q) is embedded in the finite group
G x G x G by the homomorphism d.
Let us prove Proposition 1.14.
PROOF OF PROPOSITION 1.14( 1). We show that the first com-

ponent of d is a homomorphism from E(a) to Qx/(a”)2. (The
same argument holds for the second and third components.) Suppose
P,Q E E(Q) and P, Q, and P + Q are not 0 or (a, 0). (If one of
P, Q, P + Q equals 0 or (a, 0), the proof is simpler and it is left to
the reader.) Let (~1, yl) be the coordinates of P, (22,~~) those of Q,
and (~3, ~3) those of P + Q. It suffices to show
(a-a)(22 - a)(23 -a) E (@y2.
(For this implies that 23 - a and (51 - U)(XZ - u) represent the same
element in Cjx/(a”)2.) If y = AZ + /L is the equation of the line
passing through P and Q, then
(x-u)(x-b)(x-c)-(Xx+p)2=0
is the equation for the x-coordinates of the points of intersection be-
tween the line and the elliptic curve. Thus, we have
(x - u)(x - b)(x - c) - (Xx +p)2 = (x-x1)(x-x2)(x - 23).
Letting x = a, we have
(x1 - u)(m - u)(x3 - u) = (Au + p)2 E (uyy2.
This completes the proof. 0
Proposition 1.14(2) follows from Remark 1.6 in 51.1.

We need some preparation before proving Proposition 1.14(3).
DEFINITION 1.15. For a prime number p and a nonzero rational

number t, we define the p-adic valuation of t, denoted by ord,(t), as
the number m in the factorization t = pmu/v, m E Z, where u and v
are not divisible by p. Then the following properties (i) and (ii) hold.
(i) ord,(st) = ord,(s) + ord,(t).
(ii) For any nonzero rational numbers s and t
ord,(s - t) 2 min(ord,(s),ord,(t)).
If s and t satisfy ord,(s) # ord,(t), then
ord,(s - t) = min(ord,(s), ordp(t)).
PROOF OF PROPOSITION 1.14(3). Let p be a prime number that

does not divide either the denominator or the numerator of any of
a - b, b - c, and c - a. It suffices to show that for a rational solution
(x,y) of y2 = (z-u)(x-b)(z-c) satisfying y # 0, each of ord,(x-a),
ord,(x - b) , and ord, (x - c) is an even number. It follows from

y2 = (x - u)(x - b)(x - c) and (i) that
(*I ord,(x - a) + ord,(x - 6) +- ordP(x - c) is even.
Suppose one of ord,(x - a), ord,(x - b), or ord,(x - c) is negative.

Using property (ii), we see in this case that the fact that ord, of the
difference of any two of x - a, x - b, and x - c is 0 implies that
ord,(x - u) = ordP(x - b) = ord,(x - c). From this and (*) we see
that ord,(x - a), ord,(x - b) and ord,(x - c) are all even. Suppose
one of ord,(x - a), ord,(x - b) and ord,(x - c) is positive. In this case,
the fact that ord, of the difference of any two of x - a, x - b and x - c
is 0 implies that any two of ord, (x - u) , ord, (x - b) and ord, (x - c)
are 0. From (*) we see that ord,(x - a), ord,(x - b), ord,(x - c) are
all even. 0
Next we prove (IIB). Since the proof is complicated, we describe

the outline first.
Let E be an elliptic curve over Q with equation
y2 = ax3 + bz2 + cz + d.
Outline of proof of (IIB) (1). We may omit P E E(Q) such that

2P = 0. That is, it suffices to find a positive real number C satisfying
C.H(2P) 2 H(P)* for any P E E(Q) such that 2P # 0. For, if C’ is
a number greater than both C and H(P)4 for all P E E(Q) satisfying
2P = 0 (there are at most 4 such P’s), then C’ . H(2P) 2 H(P)4
holds for any P E E(Q). Define polynomials f(T) and g(T) by
f(T) = uT3 + bT2 f CT + d,
g(T) = &(a2T4 - 2acT2 - 8adT + c2 - 4bd).
If (x, y) are the coordinates of P E E(Q) such that 2P # 0, it follows

from (1.4) that the x-coordinate of 2P is given by #. As we will see
later, f(T) and g(T) are relatively prime as polynomials (i.e., there is
no polynomial of positive degree dividing both). Therefore, it suffices
to show Lemma 1.16 below, which has nothing to do with elliptic
curves.
LEMMA 1.16. Letf(T) and g(T) be relatively prime polynomials

with Q coeficients. Let d be the greater of the degrees of f(T) and
g(T). Then there is a positive real number C such that
holds for all x satisfying f(x) # 0.
We will prove this lemma later.

The outline of (IIB)(Z). It suffices to show that there is a positive
real number C such that H(P + Q) . H(P - Q) 5 C. H(P)‘H(Q)’
holds for P, Q in each of the following cases:
(i) P,QEE(Q), P=OorQ=O;
(ii) P, Q E E(Q), P + Q = 0 or P - Q = 0;
(iii) P, Q E E(Q), P # 0, Q # 0, P + Q # 0, P - Q # 0.
Case (i) is clear.
As for case (ii), we need to show that there exists a positive real
number C such that
H(2P) < c . H(P)4
for all P E E(Q). C onsidering the relation between the x-coordinate
of P and that of 2P, it suffices to show Lemma 1.17 below, which has
nothing to do with elliptic curves.
LEMMA 1.17. Let f(T) and g(T) be polynomials with Q coefi-

cients. Suppose that the degree off(T) and that of g(T) are both no
greater than a given natural number d. Then there is a positive real
number C such that
j-g& 5 c . Iqxy
(f(x) >
holds for any x satisfying f(x) # 0.
Finally, consider case (iii). Suppose P, Q E E(Q) , P # 0, Q # 0,

P + Q # 0, and P - Q # 0. Write the x-coordinate of P, Q, P + Q
and P - Q as xl, x2, x+, and x-, respectively. Define s = xi + x2,
t = x152, s’ = x+ +x-, and t’ = x+x-. Then we will later show that
s’ and t’ can be expressed as
sI _ ds, t) t’ = h(s,t)
f (% t) ’ f (% t) ’
where f (5 T), s(S, T) and h(S, T) are polynomials of two variables
with Q coefficients whose total degree with respect to S and T is 2.
For rational numbers u and u define the height H(u, V) of the pair
(u, u) as follows. Write u and ‘u as a fraction in lowest terms, respec-

tively, and let n be the greatest common divisor of the denominators.
Write u = z and v = r$ and define
H(wv) = max(l4, Id, 14)

Then the question is reduced to Lemma 1.18 below, which has nothing
to do with elliptic curves. For we have
H(z+)H(z-) 5 2H(s’, t’) (by Lemma 1.18(l))

I 2c. H(s, t)2 (by Lemma 1.18(2))
< 4c. H(x#H(Llg (by Lemma 1.18(l))
for the real number C appearing in Lemma 1.18(2). Thus, it suffices

to replace C by 4C to prove the case (iii).
LEMMA 1.18. (1) F or any rational numbers u and v we have
;H(U)f(v) < H(u + v, UV) 5 2H(u)H(v).
(2) Let f(S, T), s(S, T) and h(S, T) be polynomials in two vari-
ables with Q coeficients. Suppose that the total degree with
respect to S and T of each off (S, T), g(S, T) and h(S, T) is
no greater than a given natural number d. Then there is a
positive real number C such that
j-g ds,t) h(s,t) < c. H(s qd
( f(s,t)’ f(s,t) > - ’
holds for any rational numbers s and t satisfying f (s, t) # 0.
We will prove Lemmas 1.17 and 1.18 later.

Now we discuss the details of the proof of (IIB). First, in the out-
line of the proof of (IIB)(l) the fact that f(T) and g(T) are relatively
prime follows from the fact that
g(T) = if’(T)” - 2T + $ f(T)

( 1
(where f’(T) = 3aT2 + 2bT + c is a derivative of f(T)) and the fact

that f(T) and f’(T) are relatively prime as polynomials, since f(T)
does not have a multiple root. In the outline of proof of (IIB)(2)
case (iii) it suffices to define f(S, T), g(S, T) and h(S, T) as follows:
f(S,T) = S2 - 4T;
g(S, T) = ;(2aST + 2cS + 4bT + 4d);
h(S, T) = $(a2T2 - 2acT - 4adS + c2 - 4bd).
This can be seen from the addition formula (1.2) for the points on an
elliptic curve.
In order to complete the proof of (IIB), it remains to prove Lem-
mas 1.16, 1.17 and 1.18. We prove them in order of increasing diffi-
culty. (The proof of Lemma 1.16 is the hardest, but the others are
relatively easy.)
PROOFOF LEMMA 1.18(l). Writeuandvasu= zandw = 5

in lowest terms, respectively. We have
mn’ + m’n mm’
u+w= lLw=-----.
nn’ ’ nn’
We show that the greatest common divisor of mn’ + m/n, mm’, and
7272’is 1. Suppose 1 is a common prime factor of mn’ + m’n, mm’,
and nn’. Then 1 divides mm’, and thus 1 divides either m or m’. If
1 divides m, then it divides m’n since it divides mn’ + m’n. Since m
and n are relatively prime, 1 divides m’. On the other hand, 1 divides
nn’, and thus it divides n’. This contradicts the fact that m’ and n’
are relatively prime. This shows that the greatest common divisor is
1. Consequently, we have
H(u + 21,UW) = max(lmn’ + m’nl, lmm’l, Inn’/)
by definition of the height. On the other hand, we have
H(u)H(v) = max()mm’l, lmn’l, Im’nl, (7272’1).
It follows easily from these that H(u + V,UV) 5 2H(u)H(v). To
show @?(u)H(v) 5 H(u + U, UZI), it suffices to show that i lmn’l
and ilrn’nl are less than or equal to max(lmn’ + m’nl, Imm’l, Inn’/).
Consider ilrnn’l (the proof for ilrn’nl is similar). We may assume
mn’ # 0. Dividing by mn’, and setting y = 2 and y = 5, we need
to show that
i I mdll + 4,bI, Ivl)

holds for all real numbers z and y.
This follows from the fact that the inequality 11+xyl 2 1 - (i) 2 >
i holds when 1x1 < $, and IyI < i. 0
PROOF OF LEMMA 1.17. By multiplying f(T) and g(T) by a

common nonzero integer if necessary, we may assume that the co-
efficients of f(T) and g(T) are integers. Let C be d + 1 times the
largest of the absolute value of all the coefficients of f(T) and g(T).
If we define
f(T) = g-aiTi, g(T) = k biTi,

i=o i=o
and write a rational number x satisfying f(x) # 0 as a fraction z in
lowest terms, then we have
g(x) i$obimi,d-i
- =
fCx) z$oaimind-i.
Therefore, we have
PROOFOF LEMMA 1.18(2). By multiplying f(S, T), g(S, T) and

h(S, T) by a common nonzero integer if necessary, we may assume
that the coefficients of these polynomials are integers. Let C be
i (d + 1) (d + 2) times the largest of the absolute value of the co-
efficients of these polynomials. Define
f (S, T) = C aijSiT’, g(S, T) = c bi,S”TJ,

Z>j id
h(S,T) = &SiT3,
i>j
where (i, j) runs through all the pairs satisfying i > 0, j 2 0, i+j < d.
For rational numbers s and t satisfying f(s, t) # 0, let n be the least
common multiple of the denominators of s and t when we write them
in lowest terms, and let s = T and t = $. Then we have
& b,jmz(mf)jnd-i-.i c Cymym’)~nd-z-~

d% t) =
___ h(s,t) .>’
f(S, t) fo = 5 u,.pn~(m')~?zd--i--J .
ZJ i.j
Hence we have
< max C aijrn’(n~‘)jn~-~-~ ,

i>j
I c . H(s, t)d.
PROOFOF LEMMA 1.16. By multiplying f(T) and g(T) by a

common nonzero integer if necessary, we may assume that the co-
efficients of these polynomials are integers. We will show that there
exist a nonzero integer R, a nonnegative integer e 2 0, and polynomi-
als cI(T) (j = 1,2,3,4) with integer coefficients such that the degree
of cl (T) is no greater than e for any j, and
cl (VP(T) + c2V)dT) = R
(1.6)
c3(T)f(T) + c4(T)g(T) = RTd+“.
Let C be 2(e + 1) times the largest of the absolute values of all the
coefficients of c3 (T) (j = 1,2,3,4). For any rational number II: satis-
fying f(x) # 0, we show that Hi 5 C. H . Write x = E in
lowest terms. Set
d d e
f(T) = c aiTi, g(T) = c biTi, ~1 (T) = C CijT’.
i=O i=O a=0
Then
d
f(x)nd = -jy aimind-z, g(z)nd = c bimzndei,
i=O z=o
cj (x)ne = 2 cijminee2
a=0
are all integers, and by (1.6) we have
(cl(x)ne)(f(x)nd) + (cz(x)n”)(g(x)nd) = Rndfe

(1.7)
i (c3(x)ne)(f(x)nd) + (c4(x)n”)(g(x)nd) = Rmdte.
From (1.7) we see that the greatest common divisor of f (x)nd and
g(x)nd divides both Rndte and Rmdte, and thus it divides R since
m and n are relatively prime. It follows from
(1.8)
that
(1.9) H# > R-‘max(lf(x)ndl, lg(x)ndl).

( >
(This is the key point of the proof; it showsthat the denominator and
the numerator of right-hand side of (1.8) will not cancel each other
very much, and thus H M stays large.)
( >
On the other hand, from the expression of cJ(x)ne in lowest terms
we have
lc3(x)nel < 2-I C. H(s)“.
Thus, by (1.7) we obtain the following inequality:
R. Hi+” = Rmax(lmld+e, Inld+e)
5 C. ~(xYm~(lf(xb4, ldx)ndl).
In other words, we have
(1.10) H(xjd I CR-l max(lf(x)ndl, ldx)d)
From (1.9) and (1.10) we have
Finally, we show the existence of e, R and q(T) (j = 1,2,3,4)

satisfying (1.6). Since f(T) and g(T) are relatively prime, there exist
polynomials ~1 (7’) and IQ(T) with Q coefficients satisfying
Also from the fact that f(T) and g(T) are relatively prime we see
easily that f ($) Td and g ($) Td are relatively prime polynomials
with Q coefficients. Therefore, there exist polynomials VI(T) and
212(T) with Q coefficients satisfying
Let e be an integer greater than the degrees of ~1 (T), uz(T), q(T),

and 212(T) , and let R be a nonzero integer such that all of Rui (T) ,
Rwi(T) (i = 1,2) have integer coefficients. Define
cl(T) = Rw(T), ~~(5‘3 = Ru2(T),
Then cI)(T) (j = 1,2,3,4) are polynomials with integer coefficients of

degree at least e, and they satisfy (1.6). 0
REMARK 1.19. For a point P in E(Q), it can be shown that

log(H(2nP))/4n converges when n tends to infinity. So, we define
h(P) = Jim & log(H(2”P)).
For any P,Q E E(tJ), define
(P, Q) = ; (W + Q) - h(P) - h(Q)).

We have h(P) = (P, P), and we can show that the pairing ( , ) has
properties of an “inner product”. Namely, for P, Q, R E E(Q) we
have
(9 (P, Q) = (Q, P),
(4 V’, Q + R) = P, Q) + (P, R),
(iii) (P, P) > 0, and (P, P) = 0 if and only if P is a point of finite
order.
EXERCISES 43
Summary
1.1. An elliptic curve is a curve given by an equation of the form:

y2 = (polynomial of degree 3 in z without a multiple root).
1.2. The set of points definied over K of an elliptic curve over K,
together with the point 0, forms an abelian group.
1.3. The set of rational points of an elliptic curve defined over Q,
together with 0, forms a finitely generated abelian group (Mordell’s
theorem).
1.4. In order to study rational points on an elliptic curve, it is
important to use properties of the height of a rational point.
Exercises
1.1. Let E be the elliptic curve y2 = x3 + 1. Find the set

{P E E(C) I3P = 0).
1.2. If the z-coordinate of a rational point P of y2 = x3 - 4 is
given by E, the x-coordinate of 2P is given by $>~~$))~. Using
this fact, show that
144. H(z-coordinate of 2P) 2 H(z-coordinate of P)4.
Using this fact, show that there exist infinitely many rational points
in y 2=x3-4.
1.3. Let K be a field of characteristic different from 2 and 3.
Take k E KX, and set
X = {(x, y) E K x K ) x3 + y3 = k},
Y = {(x,y) E K x K 1 y’ = 7x3 - f, z # 01.
Show that there is a map from X to Y given by
and that it is a bijection.

1. RATIONAL POINTS ON ELLIPTIC CURVES
1.4. Let K be a field of characteristic different from 2. Take

kEKX,andset
X={(x,y)~KxKIy~=x~+k},
Y = {(x, y) E K x K 1y2 = x3 - 4kx, (x, y) # (O,O)}.
Show that there is a map from X to Y given by
x -+ y; (X,Y) +x2 +y),4x(x2 -+Y)),
and that it is a bijection.
1.5. Let K be a field of characteristic different from 2. For k E
KX, let E be the elliptic curve over K defined by y2 = x3 + kx.
Let E’ be the elliptic curve over K defined by y2 = x3 - 4kx. Show
that there are two maps f : E(K) + E’(K) and g : E’(K) + E(K)
given by
(x+;,Y(l-$)) if P = (2, Y) # (O,O),

f(P) = o
i if P = (O,O), or P = 0.
2 - 2,; (1+ $)) if P = (x, y) # (O,O),

g(P) = (
{ 0 if P = (O,O), or P = 0.
Show that g of : E(K) --f E(K) and f o g: E’(K) + E’(K) are
the multiplication-by-2 maps. Show that the map
X --+ Y c E’(K) 3 E(K)
obtained by the composition with the map in Exercise 1.4 sends
C&Y) to (X24Y).
1.6. Using Exercises 1.4 and 1.5 and Proposition 1.2, find all the
rational points on the following elliptic curves:
(i) y2 = x3 +4x, (ii) y2 = x4 - 1, (iii) y2 = x4 + 4
CHAPTER 2
Conies and p-adic Numbers
In the previous chapter we studied rational points on elliptic

curves. In this chapter we study rational points on tonics, which
are simpler objects than elliptic curves. The main goal of this chap-
ter is to determine whether or not a given conic has a rational point,
and if it does, to describe all the rational points. Even though they
are “simpler” than elliptic curves, some interesting theories, such as
quadratic residues and p-adic numbers, arise in order to answer the
question of the existence of a rational point on a conic. In addition,
another goal of this chapter is to introduce p-adic numbers.
2.1. Conies
(a) Rational points on tonics. An integral solution of the

equation
x2 + y2 = z2
with z # 0 determines a rational point on the circle x2 + y2 = 1, since

we have (z)’ + (y)” = 1. F or example, 3’ + 4’ = 5’ determines the
rational point (g, $) on t,he circle x2 + y2 = 1, and 5’ + 122 = 13’
determines the point (&, g).
Conversely, if a rational point on the circle x2 + y2 = 1 is given,
we obtain an integer solution of x2 + y2 = .z2 satisfying z # 0 by
clearing the denominators. Then, how many rational points does the
circle x2 + y2 = 1 have? It turns out that it has infinitely many
rational points, as we explain below.
Let us consider another circle x2 + y2 = 3. The fact is that
this circle does not have any rational point at all. Can you tell by
looking at Figures 2.1 and 2.2 that the right one does not have any
rational points while the left one has infinitely many? I suspect not.
Human vision cannot distinguish such a thing. In these figures ratio-
nal numbers are hidden completely by real numbers, and under this
45
46 2. CONICS AND P-ADIC NUMBERS
FIGURE 2.1. FIGURE 2.2.
circumstance it is very difficult to tell something about rational num-

bers. Rational numbers must be seen under different lights, namely,
under “the lights of prime numbers” (see Figure 2.3).
In this chapter we consider the conic
(2.1) ax2 + by2 = c
for nonzero rational numbers a, b and c. In s2.1 we prove that if the

conic (2.1) has one rational point (as is the case for x2 + y2 = l),
it has infinitely many of them. Moreover, we can write down all the
rational points explicitly. On the other hand, it requires a deeper
argument to determine whether or not the conic (2.1) has a rational
point (see Theorem 2.3 in 52.3). Theorem 2.3 implies that the true
feature about rational numbers emergesfrom obscurity if we seethem
under “the lights of prime numbers”, together with the light of real
numbers.
It turns out that, for any prime number p, there exists “a world
of p-adic numbers” analogous to the world of real numbers (see $2.4).
In short, we can understand rational points on a conic if we consider
it not only in the world of real numbers but also in the world of p-adic
numbers for each prime number p.
For example, we know that x2 + y2 = -1 does not have a rational
point since it does not have a solution in the world of real numbers.
The fact that x2 + y2 = 3 does not have a rational point cannot be
seen under the light of real numbers, but it can be seen by looking at
it under the light of the prime number 2 or 3 since it has a solution
2.1. CONICS 47
A the lights of 2
T/prime numbers+
1” t.,
,,” n:‘” s the light &
5 thz/Zght $ + of 3 T-
2~ the light of fr (supplements -‘/ ,/ 2 the light 3

7, real numbers V each other)
a the light 5 / of 5
3 of 7 C’. ’ ‘”
3” .(
)..“3
2 thelight 2 _.nj
4 of 11 =? ._.
9
FIGURE 2.3. The light of real numbers and the lights

of prime numbers
neither in the world of 2-adic numbers nor in the world of 3-adic

numbers. We will discuss this in $2.5.
(b) The case of x2 + y 2 = 1. Let us consider rational points

on x2 + y2 = 1 (see Figure 2.4).
If (x, y) is a rational point on the circle x2 -t- y2 = 1 and if (x, y) #
(-l,O), the slope of the line joining (x, y) and (-1,O) is the rational
number $. Conversely, for a given rational number t, the points of
intersection between the circle and the line of slope t passing through
(-1,O) are (-1,O) and (&-$, &). The latter is of course a rational
point.
FIGURE 2.4. Rational points of x2 + y” = 1

For example, if we replace t by i, i, i, i, $ successively, we obtain
If we let t = A, we obtain (#, z) Clearing the denominators of

(E)’ + (s)’ = 1, we obtain the identity 11g2 + 1202 = 16g2 of the
ancient Babylonian plate mentioned in the introduction. To sum up,
we have the following one-to-one correspondence:
rational points on x2 + y2 = 1
r {rational numbers},
different from (- 1,O)
(GY) - &?
1 - t2 2t
t.
1+ t2 ’ 1+ t2 > -
(c) Conies that have a rational point. Let a, b and c be
nonzero rational numbers. If the conic
ax2 + by2 = c
has at least one rational point, we can obtain all the rational points
by the same method as above. If Q(xe, ye) is its rational point, we
have the correspondence
{(x,Y) I X,Y E Q, ax2 + by2 = cl

r Q U {co} - {at most 2 elements)
by associating a rational point P on ax2 + by2 = c to the slope of the

line joining Q and P (called the line QP). When P = Q, we interpret
the line QP as the tangent line to the conic at Q. Further, if the
line QP is parallel to the y-axis, we interpret the slope as 00. The
meaning of “at most 2 elements” is that we remove km from
Q U {co} if -a/b is th e sq uare of a rational number, and we do not
remove anything from Q U {oo} otherwise. When -a/b is the square
of a rational number, the curve ax2 + by2 = c is a hyperbola, and
km are the slopes of its asymptotes.
The reason for the existence of the one-to-one correspondence is
the same as in the case x2 + y 2 = 1. If the slope of a line passing
through Q is in (IJ U {co}, and it is different from *J-alb, the line
intersects the conic in another point P, and P is a rational point.
The problem of finding the points of intersection amounts to solving
a quadratic equation in rational coefficients, and Q gives one of the
2.2. CONGRUENCE 49
two roots. Since it is a rational root, we see that the other root is also
rational in view of the relations between the roots and the coefficients
of the equation. That is why P is a rational point.
We can avoid the exceptions, i.e., the part “at most 2 elements”,
in the above one-to-one correspondence in the following way. We put
X = { ratio (3~ : y : z) ( 5, y, z E Q,
(2, y, z) # (O,O, O), ax2 + by2 = cz2}.
As we did in $1.2 (b), we identify a solution (z, y) E Q x Q to ax2 +

by2 = c with the ratio (z : y : 1) E X. Then the above one-to-one
correspondence can be extended to the correspondence
If -u/b is the square of a rational number T, we associate r E Q to

the element (1 : T : 0) in X.
The fact that we can describe all the rational points on a conic
as soon as it has one point can be generalized to the case where the
conic is defined over any field K of characteristic different from 2. Let
a, b, c E KX and suppose there is an (z, y) E K x K satisfying ax2 +
by2 = c. Then we obtain similarly the one-to-one correspondence
X = { ratio (x : y : 75) ( z,y, z E K, (5, y, z) # (O,O, 0),
ax2 + by2 = cz”}
‘;T’“Ub+
QUESTION 1. Find a rational point on x2 + y2 = 5 other than (3~1, k2), and

(k2, ztl).
QUESTION 2. In the ancient Babylonian identity 119’ + 120’ = 169’, which

we mentioned in the Introduction, the ratio s of two sides of the corresponding
right triangle is very close to 1. (The Babylonian who wrote the plate sorted the
solutions of x2 + y2 = *2 according to the ratio of I and y, and thus the above
solution is found at the top of the list.) Find a solution whose ratio of z and y is
closer to 1.
2.2. Congruence
If a conic ax2 + by2 = c with ra,tional coefficients has one rational

point, we can find all the rational points, as we have seen in the
previous section. On the contrary, it is a deeper question to determine
whether or not a conic has a rational point. This question is related
to congruence equations and quadratic residues. In this section we

explain congruence.
(a) Congruence and its fundamental properties. Let m be

a natural number and a, b two integers. The notation
a-b modm
means that a - b is a multiple of m. (We say “a is congruent to b
modulo m” .) For example,
28 ~3 mod 5, 35-O mod5.
We review here briefly the basic properties of the congruence.
The quadratic reciprocity law will be introduced here and proved in
Chapter 5 in Volume 2.
First, we immediately see the following:
(2.2) a E a mod m.
(2.3) a E b mod m implies b E a mod m.
(2.4) a E b mod m and b z c mod m imply a E c mod m.
(2.5) arbmodmandcrdmodmimplya+c~b+dmodm
and ac E bd mod m.
In order to explain why congruences are useful when we study
integral or rational solutions to an equation, we present a simple
example. The equation x2 + y2 = a does not have an integral solution
(z, y) if a is an integer satisfying a E 3 mod 4. Suppose there exist
such integers x and y. Then we have x2 + y2 E 3 mod 4. On the
other hand, we have 0’ = 0, l2 E 1, 22 E 0, and 32 E 1 mod 4, and
thus x2 + y2 = 3 mod 4 cannot be satisfied no matter how we choose
x and y.
The properties (2.2), (2.3) and (2.4) show that the relation “ =
mod m” is an equivalence relation. Taking (2.5) into account, we
obtain a ring Z/mZ by identifying integers a and b satisfying a E b
mod m. We assume that the reader is familiar with this fact. For
a E Z we write a mod pm to indicate the class of a in Z/p-Z. Often,
we abuse the notation to simply write a instead of a mod pm. For
example, Z/6Z consists of six elements 0, 1, 2, 3, 4 and 5, and it is a
ring by the operations such as 3 + 4 = 7 = 1 and 2 x 3 = 6 = 0.
The proof of the following proposition will be left to the reader.
PROPOSITION 2.1. Let m be a natural number.

(1) Z/mZ is a field if and only if m is a prime number.
2.2. CONGRUENCE 51
(2) Let p be a prime number. (In this case we often use the
notation F, instead of iZ/pZ.) The group IF: consisting of
the nonzero elements of F, is a cyclic group of order p - 1.
(3) Let a be an integer. The image of a in Z/mZ is an invertible
element in Z?/mZ if and only if a is relatively prime to m.
(4) (Chinese Remainder Theorem) Let m = pyl . . .p:r be the
prime factorization of m. ( We assumepl, . . . ,p, are distinct
prime numbers.) Then there is a natural isomorphism
Z/miZ-+Z/p~‘Z x . . . x Z/pFrZ.
(The map from left to right is given by regarding an integer
mod m as an integer modpz” for each i.) In other words, if
an integer ai is given for each i = 1,. . . , r, there exists an
integer b satisfying
b E ai mod p&’ (i= l,...,r)
(the surjectivity of the map from left to right); and if b’ is
another integer satisfying the same equations, we have b E b’
mod m (the injectivity of the map).
(b) Quadratic reciprocity law. The field iF5 has a square root
of -1. Indeed, since we have 22 = 4 z -1 mod 5, 2 is a square root of
-1 in Fs. By contrast, we can verify that iF7 does not have a square
root of -1. In fact, if p is an odd prime number, F, has a square root
of -1 if and only if p z 1 mod 4. For which prime numbers does there
exist a square root of 5 in IF,? How about a square root of 3? The
answers to these questions are given by the quadratic reciprocity law
proved by Gauss in 1796. We introduce first the quadratic residue
symbols.
Let p be an odd prime and a an integer prime to p. The quadratic
residue symbol (%) E {f 1) is defined as follows. If there exists a
square root of a in IF, (i.e., there exists an integer x satisfying z2 E a
mod p), define (E) = 1, and if there is no such x, define (E) = -1.
For example, since we have O2E 0, l2 = 42 E 1, 22 s 32 E 4 mod 5,
we see that
(k) = (f!) = 1, (g) = (X) = -1.
From Proposition 2.1(2), the quotient group H,X/(F,X)2 is iso-

morphic to the multiplicative group {&l} of order 2. The symbol
(E) E {fl} is nothing but the image of the class of a under the iso-
morphism of groups F,X/(!F,X)2 2 {fl}. Hence, for any integers a and
b prime to p, we have
THEOREM 2.2. Let p be an odd prime number.

(1) (Quadratic reciprocity law) If q is an odd prime number dif-
ferent from p, we have
(2) (First supplementary law)
-1 1 Zfp=l mod4,
= (-p
(-1 P -1 ifpz3 mod4.
(3) (Second supplementary law)
The proof using a cyclotomic field will be given in Chapter 5 in

Volume 2.
The law (2) tells us the existence or nonexistence of a square root
of -1 inIF,. As an example of (l), let us consider a prime number p
different from 2 and 5. Then we see from
(F) = (-l,+y) = (g)
that a square root of 5 exists in IF, if and only if p E 1 or 4 mod 5
(we have already determined (T)). If p is a prime number different
from 2 and 3, a square root of 3 exists in F, if and only if p G 1 or
11 mod 12. We can see this from
(;) = (-l)w+ (i) = (-$+ (5)
and the facts (i) = I, (2) = -1.
QUESTION 3. Let p be a prime number different from 2 and 3. Show that a

square root of -3 exists in FP if and only if p = 1 mod 3.
QUESTION 4. Let m be an integer and p a prime number that does not

divide 2m. Show that the existence of a square root of m in lFP can be determined
only by p mod 41ml (i.e., if p’ is a prime number which does not divide 2m and
which satisfies p z p’ mod 41ml, then we have the equivalence “there exists a
square root of m in FP H there exists a square root of m in F+“).
2.3. CONICS AND QUADRATIC RESIDUE SYMBOLS 53
2.3. Conies and quadratic residue symbols
(a) Existence of a rational point on a conic. In this section

we state Theorem 2.3, which gives a criterion for the existence of a
rational point on the conic ax2 + by2 = c (a, b, c E Q”). The proof
of this theorem will be given in 52.6. Note first that it suffices to
consider the case c = 1 since we can divide both sides of the equation
by c.
Let a,b E Q”. We will define (a, b), E {fl} for each prime
number p and (a, b)= E {kl}. The symbol (a,b)v (ZJ is a prime or
co) is called the Hilbert symbol. (a, b), will be defined later using the
quadratic residue symbol (p). We define
if a > 0 or b > 0,
(a,bb= if a < 0 and b < 0.
We see immediately that
there exist real numbers II: and y such that ax2 + by2 = 1.
If there exist rational numbers x and y satisfying ax2 + by2 = 1, that

means there exist real numbers satisfying ax2 + by2 = 1. The symbol
(a, b)co tells us if this is the case. Of course, that is not sufficient to
determine the existence of a rational solution. Not only “the light of
reals” ( , )(x1 but also “the light of a prime number” ( , ), for every
p is necessary to determine whether or not there exists a rational
solution. To be precise, we will prove the following theorem after we
finish defining ( , )P.
THEOREM 2.3. Let a, b E Q”. There exist rational numbers x

and y satisfying ax2 + by2 = 1 if and only if we have (a, b)m = 1 and
(a, b), = 1 for all prime numbers p.
(b) Definition and properties of the Hilbert symbol. Be-

fore stating the definition of the Hilbert symbol (a, b), for a prime
number p, we need some preliminaries. For a prime number p we
define a subring Zc,) of Q by
z
(PI = { f / a, b E Z, b is not divisible by p}
For n 2 1, the natural homomorphism Z --+ Z/pnZ (obtained by con-

sidering an integer modulo p”) is extended to the ring homomorphism
a a mod pn
(a, b E Z, b is not divisible by p).
b H bmodp”
Here we used the fact that b mod pn is invertible in Z/pniZ. This
homomorphism can also be understood in the following way. The
natural homomorphism Z/p% + Z(,) /pnZc,) is an isomorphism, and
the above homomorphism is nothing but the composition
%) ---) zb)lp”zb) 5 Z/p”Z.
For an element 2 in Zc,), its image in Z/pnZ will be written 2 mod pn.
The set of all the units in iZ(,), denoted by (77,~~))x, is the set
{ % 1 a, b E Z, a, b are not divisible by p }. Any nonzero rational
number can be written uniquely as pmzl (m E Z, u E (Zc,)) “).
For a prime number p and a, b E Q” , we define the Hilbert symbol
(a, b)P as follows. Write
a = piu, b =pjv (i,j E z, %V E (q,,Y),
and put
r = (-l)i3a3b-” = (-1)‘ju3Ci E (ZC~))~.
If p # 2, we define
(a,b), = (T),
where the right-hand side is the quadratic residue symbol. If p = 2,

we define
(a,b)2 = (-I)+ . (-l)q.w,
Here, the exponents of -1 in the right-hand side are elements of
Z(z), but we regard them as elements of iZ/2iZ via the homomorphism
ZC2) + z/22.
PROPOSITION 2.4. Let v be a prime number or 0~7. For a, b E Q”

we have the following.
(1) (a, bL = (ha),.
(2) (a,bc), = (a, b),(a,c),.
(3) (a, -a), = 1. Ifa # 1, then (a, 1 - a), = 1.
(4) If p is an odd prime number and a, b E (Zt,))x, then we have

the following.
(4-l) (a, b), = 1,
(4-2) (a,pb), = (T)
(5) If a, b E Z?y2,, then
ifa-lmod4orbElmod4,
(5-l) (a,b)2 = i,
ifaEb=-1mod4.
{
(5-2) (a, 2b)z
1 ifa~1mod8ora~1-2bmod8,
- 1 otherwise.
={
~ The proof of this proposition follows easily from the definition of
the Hilbert symbols, and we leave it to the reader.
(c) Product formula for Hilbert symbols. The following

theorem is a translation of the quadratic reciprocity law and the sup-
plementary laws using Hilbert symbols.
THEOREM 2.5. Let a, b E Q”. Then (a, b)V is equal to 1 except

for a finite number of ‘vu, and we have
where v runs through all the prime numbers and oo.
REMARK 2.6. By this theorem we only have to check the condi-

tion (a, b)V = 1 for all but one v in order to use Theorem 2.3, which
requires that we verify the condition (a, b)V = 1 for all ZI.
PROOF OF THEOREM 2.5. The fact that (a, b)V is equal to 1 ex-
cept for a finite number of v follows from the fact that a, b E (FE(,))’
for all but a finite number of primes p and Proposition 2.4(4-l). In
order to show that the product for all the V’S is 1, it suffices to show
it in the following cases (i)-(iii), since we have to prove it only for
each prime factor of a and b and for -1 thanks to Proposition 2.4(l),
(2) and (3).
(i) a and b are two distinct odd prime numbers.
(ii) a is an odd prime number, and b = -1 or 2.
(iii) a = -1, and b = -1 or 2.
2. CONICS AND P-ADIC NUMBERS
In case (i),
0 -b
a
a
ifv=a,
if v = b,
(a, b)v = 0b
(q+k$
ifw=2,
1 for other U.
Thus, the fact n,(a, b)v = 1 is in this case nothing but the quadratic
reciprocity law (Theorem 2.2(l)).
In case (ii), it follows from Proposition 2.4 that
-1 ifv=a,
(-1
(a, -l)v = (-r)+ if u = 2,
i
for other v;
2-
if ‘u = a,
0
(a, 2), = (Q1)+ ifv=2,
1 for other v.
Thus, the fact n, (a, b)v = 1 is in this case nothing but the supple-
mentary laws (Theorem 2.2(2) and (3)).
As for case (iii), a calculation shows that
if z1 is 2 or 03,
(-1, -l)v = ,’
otherwise;
(-1,2), = 1 for all v.
REMARK 2.7. Once we translate the quadratic reciprocity law

into the form of Theorem 2.5 (which was done first by Hilbert), we
realize that the quadratic reciprocity law expresses the harmony of
“the light of real numbers” and “the lights of prime numbers”.
(d) Examples. Let us determine the existence of a rational

point for some explicit examples using Theorem 2.3.
As a preliminary, we note the following. If a, b, c E Q”, the
following conditions are equivalent.
(a) There exist 2, y E Q satisfying ax2 + by2 = c.
(b) There exist 5, y, z E Q, (x, y, z) # (O,O, 0), satisfying ax2 +
by2 = cz2.
(a) + (b) is trivial. It suffices to put z = 1. Conversely, suppose
ax2 + by2 = cz2, X,Y,Z E Q, (X,Y,Z) # (O,O,O).
IfzfO, we have a (z)” + b (z)’ = c. If z = 0, then x # 0, and we

have a = c ($)’ - b(z)‘. Using th e results of 31.1, we see that the
conic a = cu2 - bv2 has infinitely many rational points, and thus it has
a rational point satisfying 21# 0. Hence we have a (i) 2 + b ($) 2 = c.
PROPOSITION 2.8. Let p be a prime number.
(1) There exist x, y E Q satisfying p = x2 +y2 if and only if p E 1
mod4 orp=2.
(2) There exist x, y E Q satisfying p = x2 + 5y2 if and only if
pal or9mod20, orp=5.
(3) There exist x, y E Q satisfying p = x2 + 26y2 if and only if
pal or3mod8, andp=1,3,4,9,10 or12mod13.
PROOF. Let a E Q”. Rewriting pz” = x2 + ay2 as x2 = pz2 -
ay2 and using the equivalence of (a) and (b) above, we see that the
existence of x, y E Q satisfying p = x2+ay2 is equivalent to (p, -a), =
1 for all prime numbers v = p and co. By Remark 2.6, we do not
have to check the case v = p.
Proof of (1). A s we have already calculated in the proof of The-
orem 2.5, we have (p, -l)V = 1 if v # 2,p, and (p, -1)~ = (-l)q if
p # 2. Then (1) follows from these facts.
Proof of (2). By Proposition 2.4(4-l), (p, -5), = 1 if v # 2,5,p.
We also have (p, -5)~ = (-l)q if p # 2, and (p, -5)s = (E) if
p # 5. Now (2) follows from these.
Proof of (3). By Proposition 2.4(4-l) we have (p, -26), = 1
if v # 2,13,p. Also, we have (p, -26)~ = 1 if p E 1 or 3 mod 8,
and (p, -26)2 = -1 if p E 5 or 7mod 8. If p # 13, we have
(p, -13)13 = (6). c a1cu 1at ing the square of each element of Z/132,
we see that (fi) = 1 if a s 1,3,4,9,10,12 mod 13 and (&) = -1 if
a E 2,5,6,7,8,11 mod 13. Now (3) follows from these. cl
In Proposition 2.8 we looked for rational solutions to a quadratic

equation. How about integral solutions? As Fermat says (see Chap-
ter 0, §0.2), there exist 5, y E Z satisfying p = x2 + y2 if and only
if p E 1 mod 4 or p = 2. This is the same as the condition for the
existence of a rational solution. For the equation p = x2 + 5y2, the
conditions for the existence of a rational solution and that of an in-
tegral solution are the same. As for p = x2 + 26y2, there exists a
rational solution to 3 = x2 + 26y2 by Proposition 2.8(3). (For ex-
ample, 3 = ($) 2 + 26 (i)“.) Clearly, however, there is no integral
solution to 3 = x2 + 26~~. The difference between the existence of a
rational solution and an integral solution is related to the class field
theory, and we will discuss it in Chapter 5, §5.3(b) in Volume 2.
QUESTION 5. In Arithmetzca Diophantus says that the equation 15x2-36 =

y2 does not have a rational solution. Verify this using Theorem 2.3.
2.4. padic number fields
The meaning of the Hilbert symbol ( , )oo is that for a, b E Q”

we have
(a, b)co = 1 ++ th ere exist x, y E Iw satisfying ax2 + by2 = 1.
For each prime number p we can interpret (a, b)P in the same manner.
Namely, for each p there is an extension field Qp of Q, and for a, b E
Q” we have
(a, b)P = 1 _ th ere exist x, y E U& satisfying ax2 + by2 = 1.
Qp is called the p-udic number field, and its elements are called p-adic
numbers. In this section we introduce the p-adic number fields, which
are very important objects in number theory.
The p-adic numbers were originally introduced by Hensel around
1900. In the long history of mathematics a number meant a real
number, and it is only relatively recently that we realized that there is
a world of p-adic numbers. It is as if those who had seen the sky only
during the day are marvelling at the night sky. The mathematical
scenery is completely different. Q, emits “the light of prime number
p” in the night sky as if it were a star that we could not see because
of the sun, or the real number field R, which emits “the light of real
numbers” during the day. Just as there are countless stars in the
night sky, there is one U&, for each p. What each star is to the sun
is what each Q, is to W. Just as we can see space objects better at
2.4. p-ADIC NUMBER FIELDS 59
1 26
51 .
a00 31
@(zj
FIGURE 2.5. Classification by mod 5”
night, we began to see the profound mathematical universe through

the p-adic numbers.
We introduce the p-adic number fields in three different ways in
(b), Cc) and (d). W e would like you to get acquainted with it according
to your taste.
(a) padic sense of distance. The sense of distance in the

world of U&, is completely different from that of R. In Q,, p is close to
0 and the sequence p2 p” p4 . . approaches 0 rapidly. We explain
here this “feeling” of d&&e.’ The distance in Q, comes from the
congruence modulo p in the following sense.
For example, classifying the integers into the classes module 5 is
analogous to putting them in five different rooms, one for the num-
bers congruent to 0 modulo 5, one for the numbers congruent to 1
modulo 5, and so on. We feel that the integers that enter the same
room are close. We then divide the members of each room into the
classes modulo 25; the room for the numbers congruent to 1 modulo
5, for example, is divided into five smaller rooms, one for the num-
bers congruent to 1 modulo 25, one for the numbers congruent to 6
modulo 25, one for the numbers congruent to 11 modulo 25, and so
on. The numbers 1, 6 and 51 are all in the same room modulo 5.
While 6 and 1 enter different small rooms, 51 and 1 still share the
same small room. We thus think that 6 is closer to 1 than 4 is to 1,
but 51 is even closer to 1 (see Figure 2.5).
Pushing this analogy further, we feel two integers a, b are very

close to each other when we have a = b mod pn for a large number
R. We call this sense of distance the p-adic sense of distance. If we
push this to the limit, the p-adic number field emerges.
At present we know two different senses of distance in numbers:
the sense coming from the real line and the sense coming from con-
gruence. Both of them are compatible with addition and multipli-
cation. In the case of congruence, the compatibility is nothing but
the property (2.5). Among the distances coming from congruences,
we consider only the congruence mod pn (p prime) for the following
reason.
Let m be a natural number and m = py’ . . p:r (pi, . , p, dis-
tinct) be its prime factorization. For integers a, b, the congruence
a s b mod m is equivalent to a E b mod p:’ for all i = 1,. . . , r.
This is a consequence of the Chinese Remainder Theorem (Proposi-
tion 2.1(4)). Th us, the sense of distance “mod m” is a composition
of the distances “mod pn”, and the sense of distance mod pn is fun-
damental.
Let p be a prime number. For a rational number a we define the
p-adic valuation ord,(a) in the following way. As in Definition 1.15,
for a # 0 we write
a=p “2 (m E Z, U, ‘u are not divisible by p),

u
and we define ord,(a) = m. In other words, ord,(a) indicates exactly
which power of p divides a. We also set ord,(O) = co. We have the
following:
(2.6) ord,(ab) = ord,(a) + ordp(b);
(2.7) ord,(a + b) > min(ord,(a), ord,(b));
(2.8) ord,(a) # ord,(b) implies ord,(a+b) = min(ord,(a), ord,(b)).

Here we used the conventions oo+cc = co, 03 2 00, cx+n = n+cc =
co, and 03 2 n for any integer n.
We generalize the p-adic distance to the rational numbers, and
we consider two rational numbers a and b to be “p-adically close” if
ord,(a - b) is large.
We say that a sequence of rational numbers (z~)~~I converges to
a rational number a p-adically if we have
ord,(z, - u) + cc as n ---f 00.

For example, if we let
2 n = 1 - 5 + 52 - 53 +. . . + (-5)“,
the sequence (x~)~>I diverges in the ordinary sense in the world of
real numbers, but we can show that it converges 5-adically to i. In
general, for a rational number a # 1, we have
an+l
1+a+a”+...+al’-A=--
l-a’
Replacing a by -5, we have
1 (-l)n5n+l
X71 6 6 .
Thus, as n + 00, we have
ordg(x,,-i) =ordi((-l)i’“+‘) =n+l+m.
As this example shows, convergence in the p-adic sense is quite dif-

ferent from convergence in ordinary sense. If we express the fact that
(xn)+l converges to i by
(2.9) 2(-B)” = f (5-adically),

i=o
it is as if we mistakenly put x = -5 in the ordinary formula
2x’=& if-l<x<l
z=o
in the world of real numbers, but formula (2.9) is correct in the sense
of 5-adic convergence.
QUESTION 6. Let p be a prime number, c a rational number, and ordp(c) 2

1. Show that
g c’ = & (padically);
i.e., if we put zrL = CFzo cz, the sequence (z,),> 1 converges padically to &
Formula (2.9) can be interpreted in the following way. For each

n 2 1, it says that 1 - 5 + 52 - ... + (-5)“-l is the inverse of 6
in Z/5nZ. For example, in Z/252, 1 - 5 = -4 is the inverse of 6,
while in Z/1252, 1 - 5 + 5’ = 21 is the inverse of 6. Indeed, we have
6 x 21 = 126 EE 1 mod 125.
QUESTION 7. Using (2.9), explain why 1 - 5 + 5’ - ‘.. + (-5)n-1 is the

inverse of 6 in Z/5nZ.
QUESTION 8. Find the inverse of 4 in Z/34jz.
The p-adic convergence defined above can be considered to be

convergence in a metric space. For a rational number a we define the
p-adic absolute value /alp by
if a # 0 and 101, = 0. Thus lalp is the size of a in the p-adic sense.

For example,
Ii,.=;> IP21p=$.
The p-adic absolute value expresses well that the sequence p, p2, p3, . . .
converges to 0. (All the arguments in this section work well if we
replace the definition of Ialp by lalp = T”‘~P(~) for any T satisfying
0 < T < 1. However, it turns out that T = b is the most natural
choice, as we will explain at the end of subsection (c).)
From properties (2.6) and (2.7) of ord, we see that
(2.10) I4 = MP . I%
(2.11) la+ bl, 5 max(lal,, lblP) (In particular, (a+ bl, i Ialp + IblP).
If we define the p-adic metric d,(a, b) by
&(a, b) = la - bl,,
then d, satisfies
(2.12) d,(a, b) 2 0, d,(a, 6) = 0 if and only if a = b;
(2.13) d,(a, b) = d,(b, a);
(2.14) &,(a, 4 5 &(a, b) + d,(b, 4.

Thus Q is a metric space with respect to d, (see Introduction to Geom-
etry 2 in the series Introduction to Modern Mathematics). A sequence
(x~)Q~ of rational numbers converges p-adically to a if and only if
&(Zn,a) --+ 0 (n -+ oo), but this is the same as saying that (~~)+l
converges to a with respect to the p-adic metric d,.
(b) QP as a completion of Q. In the world of real numbers a

sequence of rational numbers may converge to a number which is not
a rational number, as the following example shows:
1.4,1.41,1.414,1.4142,. + fi @ Q.
The world of rational numbers is an incomplete world where sequences
such as the one above may not have a limit even if it “should con-
verge”. From this point of view lR is an extension of Q where all the
sequences that “should converge” in the ordinary sense do converge.
(We will lat,er define the meaning of “should converge” precisely.)
With respect to padic convergence, the world of rational numbers
is also incomplete, where some sequences that “should converge” may
not have a limit. Q, is an extension of Q constructed so that all the
sequences that “should converge” do converge with respect to p-adic
convergence. In this regard both Iw and Q, are extensions introduced
with the same motivation. We first review the precise definition of R,
and then we introduce the definition of Q,.
As we stated in the Introduction, 50.1, ancient Greek mathemati-
cians agonized over the problem “What are the real numbers with
respect to the rational numbers?” (“How should we define the real
numbers precisely based on the rational numbers?“), and it is only in
the nineteenth century that this problem was finally solved. Here, we
introduce the definition of the real numbers as the limits of sequences
that “should converge”. This definition is due to Cantor at the end
of the nineteenth century.
A sequence of rational numbers (xn)+i that “should converge”
is defined to be a sequence satisfying condition (C) below. Such a
sequence is called a Cauchy sequence.
(C) For any given rational number E, we can choose a natural
number N such that
m,n 2 N implies IX, - 2,1 < E.
In the world of rational numbers, a sequence that converges to
a rational number (in the ordinary sense) is a Cauchy sequence, but
there are Cauchy sequences such as 1.4,1.41,1.414,1.4142,. . . that
do not converge to a rational number. In the world of real numbers,
however, a sequence is a Cauchy sequence if and only if it converges.
Cantor’s idea is to reverse the direction and define a real number to be
“the Cauchy sequences that converge to that number”. To be precise,
let S be the set of all the Cauchy sequences of rational numbers,
and define an equivalence relation on S by saying that (x,),21 and

(~~)~>i are equivalent if “for any rational number E, we can choose
a natural number N such that
n>N implies Ix, - ynl < 2’.
We define R to be the quotient of S by this equivalence relation.
(That two sequences are equivalent means that they converge to the
same real number.) We can define addition and multiplication in lR
by
class of (x~)~z~ + class of (yn)n>i = class of (2, + yn)+i,
class of (z,),>i . class of (yn)+r = class of (z,y/,),>i,
and we can prove that lR is a field with respect to these operations.
We now define Q,. We call a sequence of rational numbers
(x~)~z~ a p-adic Cauchy sequence (a sequence that “should converge”
with respect to p-adic convergence) if it satisfies the following condi-
tion (C,):
(C,) For any given rational number E, we can choose a natural
number N accordingly such that
m,n>N implies 15, - Ic& < E.
Let S, be the set of all p-adic Cauchy sequences, and define an
equivalence relation on S, by saying that (x~)~z~ and (yn)+i are
equivalent if “for any rational number E, we can choose a natural
number N such that
n>N implies 15, - ylnlp < E”.
We define Q, as the quotient of S, by this equivalence relation. As
in the case of R, we can define addition and multiplication in Q,, and
QP becomes a field with respect to these operations.
The method of obtaining lR or QP from Q is known in general as
completion of a metric space. IR is the completion of the metric space
Q under the ordinary metric, and QP is the completion of Q under
the p-adic metric.
We identify a rational number a with the element of Q, given
by “the sequence identically equal to a” (which is a p-adic Cauchy
sequence). This identification gives us an embedding of Q in QP.
We extend the p-adic valuation ordp, p-adic absolute value I IP,
and p-adic metric dp to Q,. For an element a in QP we define
ord,(a) E zU{m} in the following way. If a = 0, we put ord,(a) = co.
Suppose a # 0. If we choose a p-adic Cauchy sequence of rational
numbers (z,),>r whose class is a, we can prove that ord,(z,) is con-

stant for sufficiently large n using (2.6)-(2.8) (readers should check
this). We define ord,(a) to be this constant. We can prove that
ord,(a) defined in this way depends only on a and not on the choice
of the p-adic Cauchy sequence (x~)~>I.
For an element a in U& we define /alp = 0 if a = 0, and lalp =
pP or’1p(a) if a # 0. We define &(a, b) = (a - bj, for a, b E QP. Then
ordp, I lP, and d, defined this way in Q, satisfy (2.6)-(2.8), (2.10)-
(2.14) for all a, b E Q,. We regard QP as a metric space with respect
to d,.
A sequence (z,),>i of Q, converges if and only if (z,),>i satisfies
condition (C,). Q is dense in Qip (i.e., each element of U&, is the limit
of a certain sequence in Q). Indeed, if (x,),21 is a sequence of rational
numbers and a is an element in Q,, then (%,),>I converges to a if
and only if (zr,),>i is a Cauchy sequence and its class is a.
In QP the condition for the convergence of an infinite series is
somewhat easier than in R.
LEMMA 2.9. Let alL E Q, (n 2 1). The series Cr=, a, converges

in Qp (i.e., if we put s, = Cz=“=, ai, the sequence (s,),>l converges)
if and only if lulLIp tends to 0 in Iw as n tends to 03 (i.e., ordr,(a,)
tends to cc as n tends to CQ).
In R, x:=1 i does not converge even though 1; / --t 0 when

n -+ 03, and thus the situation is more complicated. The difference
comes from the fact that we have Iz+y[, 5 max(lzl,, IyIP) in QP, but
we do not have Ix + y// 5 max(lzl, lyl) in R.
PROOF OF LEMMA 2.9. As we have already seen, (s~).,~>~ con-

verges if and only if (s,,),>i satisfies the condition (C,). The latter
can be seen equivalent to the condition (u~~(~ + 0 using the properties
(2.10) and (2.11). I7
(c) Qp as an inverse limit. Define
Z, = {a E QP / ord,(a) > O}.
Z, is a subring of QP. (This follows from the fact that ord, : Qp +

ZU {oo} satisfies (2.6) and (2.7).) An element of Z, is called a p-adic
integer.
In this subsection (c) we explain that we can think of Z, as an
“inverse limit” and that we can introduce Q, in a different manner.
DEFINITION 2.10. If a sequence of sets X, (n = 1,2,3,. . . ) and

maps fn : Xn+i -+ X, (n = 1,2,3,. . . )
are given, the subset of n,,, - X, defined by
{(G)QI E &Xn I .fn(an+l) = a, for all n L 1)

-
is called the inverse limit and is denoted l&,X,.
In Definition 2.10 we let X, = Z/pnZ and fn the natural pro-

jection from Z/p n+lZ to Z/p”& and we consider the inverse limit
@,Z/p”Z of the sequence
. . . -+ z/p4z + z/p3z 3 z/p% * z/pz.
An element (un)+i of l@,Z/p”Z has the following meaning.

When we divide the set of all integers and put them into p rooms
following their values modulo p, al E Z/pZ is in one of the rooms.
us is an element of Z/p2Z satisfying fi (us) = al. When we divide
the room of al into p small rooms mod p2, us corresponds to one of
them.
us is an element of Z/p”Z satisfying f2 (~3) = ~2. When we divide
the room of u2 into p tiny rooms mod p3, u3 corresponds to one of
them.
To give an element of l@,Z/p”Z is to choose one of the small
rooms in a room, then one of the tiny rooms in the small room, and
so on.
As a matter of fact, l@,Z/p”Z is isomorphic to Z,. First we
give the map l@,Z/p”Z + Z,. Let (a,),21 E l&,Z/p”Z. For
each n > 1 we choose an integer x, such that the image of x, in
Z/p”Z is a,. Then all x,, belong to the room al, they belong to u2
if n > 2, they belong to us if n > 3, and so on. This makes us feei
that “(xn)n>i converges to something”. Indeed, we have x, = x,
mod pN (i.e, /x, - x,1 < $) if m, n 2 A;. Thus (x~)~Z~ is a p-adic
Cauchy sequence, and it converges in Q,. Since ord,(x,) 2 0 for all
n, the limit belongs to Z,.
We thus obtain a map l@,Z/p”Z + Z, by sending the element
(un)~21 E l@,Z/pnZ to the limit of the p-adic Cauchy sequence
(GLQI in z,.
LEMMA 2.11. The map
defined as above is a bijection.
We will prove this lemma later.

We now explain the definition of Q, using the inverse limit. We
first define Z, as l@ JZ/p”Z. In Definition 2.10, if all the X, (n > 1)
are rings and all the fn are homomorphisms of rings, we can define
a structure of ring on l&rnXn; we define addition and multiplication
of (GJ~~I and b&l by (a, + bn)+l and (anbnJnkl, respectively.
We can prove that Z, so defined is an integral domain. We define QP
as the quotient field of Z,.
In this definition we obtain Z, by letting n tend to infinity in
Z/P’~Z. This definition is based on the idea that looking at an integer
modulo pn for various n, we finally arrive at the world of Q,.
Before giving a proof of Lemma 2.11, we prove the following
lemma. In the statement, Qp is the one defined in (b) as the comple-
tion of Q, and Z, is the subset {u E Q 1 ord,(a) 2 0) in Qp defined
in (c).
LEMMA 2.12. (1) Z, is both open and closed in U&,.
(2) If m is an integer, then we have
pmZp = {u E Qp 1ord,(a) > m} .
(3) Z(,) c 27,. In U& we have Q n Z, = ?A(,).
(4) For all integers m 2 0
z/pmz : Z&p?& -% z,/pmz$.

(5) Z, is the closure of Z&J in Qp. It is also the closure of Z
in Qp.
The image of a E Z, in Z/p”Z 2 Z,/pmZ, is written a mod

PrnZ,
PROOF. The proofs of (l), (2), (3) and the first isomorphism
of (4) are easy, and we leave them to the reader.
Let us prove the second isomorphism of (4). It follows from (2)
and (3) that YE(,)np “z, = p"z(,). Hence, ~(,)/P”~(,) --) WP”%
is injective. Take a E Z,. There exists 5 E Q satisfying ord,(a: - a) >
m since Q is dense in Qp. Since x - a E pm&, m 2 0 and a E Z,,
weseethatsEQnZ,=Zc,). Thus,wehavea=z+(a-z)E
68 2. CONICS AND P-ADIC NURlBEKS
Z(,) + p”Z,, which shows that the map Z~,)/p’“Z&) --f Z,/p”Z,
sends z to a. Thus this map is surjective.
To show (5), it suffices to show that Z and Zc,) are dense in Z,.
But, this follows from (2) and (4). 0
PROOF OF LEMMA 2.11. For an element a in Z,, let a, be the

image of a under the map
Z, + Z,/p”Z, 2 Z/p”Z (Lemma 2.12(4)).
Thus we have a map
Z, + l&Z/p”“Z; a H (a,),>~.
It is easy to see that this map is the inverse of the map in Lemma 2.11.
We not,e in passing that the definition of the p-adic absolute value

/ lp is a “natural” one. In the real field R, the scaling factor of the
homothety R + R; 2 H az is the absolute value \a\. In other words, if
1 is an interval of length 1, the length of the interval al = {uz / 5 E I}
is (a(. 1. On the other hand, in Q, the scaling factor of the homothety
Q$ -+ Qp given by n: H us is the p-adic absolute value Ialp. For
example, pZ, is a subgroup of iz, of index p, and we should think of
the size of pZ, as $ the size of Z,. This means that the homothety of
scaling factor p reduces the size of Z, by $. In this way, the definition
of lplp = i has a natural meaning as the scaling factor of a homothety.
We will discuss this scaling factor, or “module”, in Volume 2.
(d) Definition of QP by padic expansion. In this section we

explain that Qp may be defined by
Q, = 2 GLPn mEZ,c,E{0,1,..., p-l}

{ 1L=VJ. 1 1
For example, we define an element of Qs to be something like
2~;+3~1+4~5+2~5”+4~5”+1x5”+~~~.
If m E Z and c, E Z (n = m, m+ 1, m+2,. ), the series c,“=,, c,pn

converges in Qp as defined in subsection (b) (Lemma 2.9)) and thus
the sum is an element of Q,. Conversely, we can prove that any
element of Qp can be expressed in the form c,“=, c,pTL (m E Z, c,, E
(0, 1, . . . ,p - 1)) in a unique way. (We call it the p-adic expansion of
an element of Qp.)
2.5. MULTIPI,ICATIVE STRUCTURE OF THE p-ADIC NUMBER FIELD 69
Take an integer m satisfying ord,(a) > m. Then pPrna is an

element of Z,, and there exists an integer c, E (0, 1, . ,p - l}
such that its image in Z,/pZ, coincides with that of p-nLa, since
the map Z/pZ 5 Z,/pZ, is an isomorphism. Since pema - c,,
belongs to pZ,, we have ord,(a -pmc,,) 2 m+ 1. The same argument
shows that there exists an integer c,+r E (0, 1, . . . ,p - l} such that
ord,(a - pmc,,, - pm+l~m+l) 2 m + 2. Repeating this process, we
obtain the expansion
Examining the argument given above carefully, we see that the p-adic
expansion is unique since each c, is uniquely determined.
REMARK 2.13. Let S be a subset of Z, such that the composition

5’ + Z, + i&/pZ, is a bijection. (The set (0, 1, ... ,p - 1) is an
example of such a subset.) Then the same argument shows that any
element of Q, can be written
2 cnpn (m E Z, c, E S)
71=?7l
in a unique manner.
QUESTION 9. A real number has a decimal expansion as we use it in every-

day life. Instead of 10, we can choose any natural number N > 2, and we can
have an N-ary expansion of a real number. In particular, we can choose a prime
number p. What is the difference between the pary expansion of a real number
in this sense and the padic expansion of a padic number?
2.5. Multiplicative structure of the p-adic number field
The real number field Iw has exponential and logarithmic func-

tions, and they give an isomorphism between the additive group Iw
and the multiplicative group formed by the positive real numbers
additive group Iw cz multiplicative group {t E R 1 t > 0},
x H ex, log(t) t--l t.
(Here, e is the base of the natural logarithm log.) Is there anything

similar in Q,? In this section we introduce the exponential and loga-
rithmic functions in Qp, and we determine the structure of the mul-
tiplicative group Q,” of nonzero p-adic numbers using these functions
(Propositions 2.16 and 2.17). An element a in Iwx is a square in IF?.’
70 2. CONIC3 AND P-ADIC NUMBERS
if and only if a > 0. Which elements in Q$ are squares? Propo-

sition 2.18 gives an answer to this question. For example, in Q)5”
numbers such as 6 and 11, which are 5-adically close to the square 1,
are squares, and -1, which is close to the square 4, is also a square.
Just as in Rx, elements close to squares are also squares. (In this
sense, the algebraic structure of lR or Qp is simpler than that of Q.)
(a) Exponential and logarithmic functions in Q,. In R or
@ we have
(also written exp(z))
(where the right-hand side always converges), and when It - 11 < 1,
log(t) = c ‘-Y-l (t - 1)“.

n=l
We consider an analog in Q,.

PROPOSITION 2.14. (1) Let IC E Q,. The series
2 5 (written exp(z))
n=O
converges if and only if x E pZ, in the case p # 2, and it
converges if and only if x E 422 in the case p = 2. (That
means the exponential function in Q, does not converge on
all of Q,, as compared to the case o.f Iw or C.)
2 (-1Y-1
n=l
n (t - 1)” (written log(t))
converges if and only if t - 1 E pZ,.

(3) If x1 and 22 are in the domain of convergence of exp(z), and
if tl and t2 are in the domain of convergence of log(t), then
we have
exp(xl + x2) = exp(xl) ew(x2), log(tlt2) = log(tl) + log(t2).
(4) Weletm>lifp#2,andm>2ifp=2. Thenexpand

log are isomorphisms, and they are inverse to each other:
additive group pmZ,
% multiplicative group 1 + p”Z, = { 1 + pma 1 a E Z,}.
2.5. MULTIPLICATIVE STRUCTURE OF THE p-ADIC NUMBER FIELD 71
In order to prove Proposition 2.14 we need to show the following

lemma first.
LEMMA 2.15. (1) For any integer n > 0, we have
ord,(n!) = e
is1 [1
F ,
where [x] is the “Gauss symbol” of z, which signifies the

largest integer less than or equal to x.
(2) Let c be a real number. The condition nc - ord,(n!) --f co
as n ----f co is equivalent to c > &. The condition nc -
ord,(n) --f cc as n -+ m is equivalent to c > 0.
(3) If c > &, then for any n > 1 we have
nc - ord,(n!) 2 c.
PROOF. We leave the proof of (1) to the reader. Let us prove
(2). It follows from (1) that
n
nc - ord,(n!) 2 nc - 2 s 2 nc- -.
P-l
i=l
The right-hand side tends to m as n -+ 00 if c > &. Also, if we put

n=pm, it follows from (1) that
1 1
nc - ord,(n!) = pmc - epm-z = pm (c - ~ + ~.
P-l > P-l
i=l
The right-hand side tends to 00 if and only if c > &.

If log,(n) is the logarithm of n with base p in the real number
field, we have
nc - ord,(n) > nc - log,(n)
since ord,(n) 5 logp(n). The right-hand side tends to cc if c > 0.
Letting n = pm, we have
nc - ord,(n) = pmc - m.
The right-hand side tends to 03 if and only if c > 0.
Let us prove (3). Since ord,(n!) < C,“=, 5 = & and an integer
smaller than * is no greater than 2, we have ord,(n!) 5 3.
Hence,
nc - ord,(n!) - c 2 (n - l,(c- &) 20. 0

PROOF OF PROPOSITION 2.14. In order to show (1) and (2), it

suffices by Lemma 2.9 to find the conditions for the convergence of
the following:
= nerd,(x) - ord,(n!),
(-1)-1 k$t) = nord,(t - 1) - ord,(n).
But they are given by Lemma 2.15(2). (Note that & < 1 if p # 2,
and 5 = 1 if p = 2.) The proof of (3) is similar to the case of IR or
c.
Next we show (4). By Lemma 2.15(3), if x E pm&,, we have
exp(x) E l+p’“Z,, since ord, (5) > m for n > 1; and if t E l+p”Z$,,
we have log(t) E pm&,, since ord, (-l)+‘v _> m for 72 2 1.
( >
We can prove log(exp(x)) = x, t = exp(log(t)) for x and t in these
domains of convergence in just the same way as the case of Iw or @. q
(b) Structure of Q,“.
PROPOSITION 2.16. (1) 1fp # 2, Q,” E Z @Z/(p - 1)Z CEZ,.

(2) Ifp=2, Q,” “Z@Z/2Z@Z~.
This proposition follows from the following proposition and the
fact F; g Z/(p - 1)Z (Proposition 2.1).
PROPOSITION 2.17. (1) Any element of Q$ can be written pnu,
(n E Z, u E Z,“) in a unique manner. In other words,
zez; ‘Q;; (n,u) t-+pnu,

where ZF is the multiplicative group consisting of all the units
in Z,.
(2) Let G = {x E Zp” ( xp-r = l}, and let Zp” -+ Fp” be the
group homomorphism induced by the map Z, + Z,/pZ, =
IF,. Then the composition G + Zc + IF; is a bijection, and
Zc is the direct product of G and 1 + pZ,.
(3) UP # 2, th e multiplicative group 1 +pZ, is isomorphic to Z,.
If p = 2, the multiplicative group 1-t 222 is the direct product
of the subgroup {fl} and the subgroup 1 + 422. Moreover,
we have 1+4& EC&.
PROOF. First, from the fact that Z?i = Ker(ord, : Q,” -+ Z) and
ord,(p) = 1, (1) fo11ows easily. If p # 2, then (3) follows from the
2 5. MULI’IPLICATIVE STRUCTURE OF THE p-ADIC NUMBER FIELD 73
fact that 1 + pZ, E pZ, via exp and log, and the fact that the map
Z, + pZ, given by a H pa is an isomorphism. If p = 2, then (3)
follows from the fact that 1 + 4& ” 422 via exp and log, and the fact
that iz2 ” 422.
Let us prove (2). Since the kernel of izz -+ IF: is 1 + pZ,, it
suffices to show that the composition map G -+ IF: is a bijection.
For injectivity, it suffices to show that G n (1 + pZ,) = { 1). This
is trivial if p = 2, since G = (1). If p # 2, it follows from the fact
that 1 + pZ, E Z, does not have any element of finite order except
for the identity. We now prove that G + lFi is surjective. This is
trivial if p = 2, since IF,X = (1). If p # 2, let a E “p” and let u E Z,
be an element whose image in IF, is a. Since up-’ = 1, we have
up--l E 1 +pz,. Put
u = exp 5 log(uP-l)
( >
and w = uu-I. Then we have w E G, because we have up-’ =
exp(log(uP-I)) = up-l. Since v E 1 +pZ,, the image of w in ‘Fc is
equal to a. cl
(c) Squares in Qp.
PROPOSITION 2.18. If we express an element a in Q: aspnu (n E

Z, u E Zc ) (Proposition 8.17( I)), a is a square in 0,” if and only if
the following two conditions are satisfied.
(i) 72 is even.
(ii) If p # 2, u mod p;Z, is a square in ‘Ft.
If p = 2, u E 1 mod 822.
PROOF. By Proposition 2.17, a is a square in Q,” if and only if

n is even and u is a square in Z:. If p # 2, we have
1 + PZ, = exp(pZ,) = w$W,) = {exdp~p))2,
and thus an element of 1 + pZ, is a square in Et. Since we have

Zc/(l +pZ,) 2 “c, the case p # 2 is proved. If p = 2, we have
1 + 822 = exp(8Z2) = exp(2.42~) = {exp(4Z2)}2,
and thus an element of 1 + 822 is a square in Zc. Since we have

Zc /(l + 8Z2) E (Z/8Z)x E Z/2Z C$ Z/22, the case p = 2 is also
proved. 0
The following proposition follows from either Proposition 2.16 or

Proposition 2.18.
PROPOSITION 2.19. (1) Ifp # 2, Q,“/(Q,“)2 S! Z/2Z CBZ/2Z.

(2) Q2”/(Q,“)” E z/az @?
z/22 63z/22.
QUESTION 10. Let a be an integer satisfying a = zkl mod 5. Show that

there exists a square root of a in Qs
QUESTION 11. Show that there exists a square root of -1 in U& if and only
ifp=l mod4.
QUESTION 12. Show that if p # 2, there exist exactly three quadratic ex-
tensions of U& Determine all three quadratic extensions of Q5.
2.6. Rational points on tonics

We begin this section by proving the statement at the beginning
of 52.4:
If a, b E Q” and p is a prime number,
(a, b)p = 1 _ there exist II:, y E Qp such that ax2 + by2 = 1.
(This is contained in Proposition 2.20.) We then use it to prove
Theorem 2.3.
(a) Conies defined over Qp. The Hilbert symbol ( , )p : Q” x

Q” -+ (51) can b e extended naturally to Qt x Q: + {fl}. Indeed,
for a, b E 0; we write
a = p’u, b =p-h (i,j E z, u,u E Z,x),

and we put
T = (-1)qgb-i = (-1)i&321-2 E q
If p # 2, define
(a,b),= (yq,
and if p = 2, define
(a,b)2 = (-I)+ (-l)++.
For this symbol ( , )p : Q: x QG + { z!~l}, Proposition 2.4 holds if

we replace (Zc,) ) ’ by Zc.
2.6. RATIONAL POINTS ON CONICS 75
PROPOSITION 2.20. For a, b E Q,“, the following two conditions

are equivalent.
(i) (a, b)P = 1.
(ii) There exist x, y E QP such that ax2 + by2 = 1.
PROOF. First we suppose that there exist z,y E Q, satisfying
ax2 + by2 = 1, and we show (a, b), = 1. If z = 0, then b E (Q,X)“,
and if y = 0, then a E (Q,“)2. In both cases we have (a, b)P = 1.
Suppose II: # 0, y # 0. Then (a, b)P = (ax2, by2)p = (ax’, 1 - UZ~)~,
and we have (ax2, 1 - ax2 ), = 1, since Proposition 2.4(3) still holds
for ( , ), : Q$ x Q,” 4 (51).
Next we suppose (a, b)P = 1 and show the existence of 5, y E Qp
satisfying ax2 + by2 = 1. Conditions (i) and (ii) depend only on
the image of a, b E 0,” in Q,“/(Q):)“. Thus, we may assume, by
multiplying a and b by a suitable element in (Q,X)“, that a and b are
both elements of Zc U pZc. If both a and b are in pZF, we may
replace a by -ab-‘; indeed, for (i) we have
(-abK1, b)P = (a, b)P . (-b, b)P = (a, b)P (Proposition 2.4(3)),
and for (ii) we have
32, y E Q, such that -ab-‘x2 + by2 = 1
M 3 z, y, z E Qp such that -ab-‘x2 + by2 = z2
and (x,Y,z) # (0,&O)
w 3 x, y, z E Q, such that (by)2 = ax2 + bz2
and (2, Y, z) # (0,&O)
u 3x, y E U& such that ax2 + by2 = 1.
Hence, it suffices to consider the case a E Zt, b E p. Z$ and the case
a,bEZ,X.
(a) ThecaseaEZ,X, bEp.Z,X.
If P # 2, (a,b), = 1 means that a mod p E “c is a square. By
Proposition 2.18, there exists t E Q,” such that t2 = a, and we have
a (i)’ + b. O2= 1. If p = 2, (a, b)P = 1 means that “a E 1 mod 822
orazl-bmod822”. (This is because Proposition 2.4(5-2) holds
for the Hilbert symbol extended to Q$ x Qc .) If a E 1 mod 8&,
there exists t E Qc such that t2 = a (Proposition 2.18), and we have
a (i) 2 + b . O2 = 1. If a E 1 - b mod 822, there exists t E Q,” such
that t2 = e (Proposition 2.18), and we have at2 + b. l2 = 1.
(b) The case a, b E Zp”.

Suppose p # 2. Then the condition (a,b), = 1 always holds,
and thus we must show that ax2 + by2 = 1 has a solution in U&.
We denote by a,& the images of a, b in IF,. Each of the two subsets
{au2 / u E IF,} and {I - bv2 ( v E IF,) has cardinality q, and
thus t,heir intersection is nonempty. This implies that there exist
2, y E Z, such that ax2 z 1 - by2 mod pZ,. If x $ 0 mod pZ,, there
exists t E Q,” such that t 2 - e by Proposition 2.18, and we have
at2 + by2 = 1. If x = 0 mod pZ,, then 1 = by2 mod pZ,. Hence,
there exists t E Q,” such that t2 = b by Proposition 2.18, and we have
a. O2 + b ($)” = 1.
Now suppose p = 2. Since (a, b)2 = 1, we have a z 1 mod 422
or b = 1 mod 422. Suppose, say, a = 1 mod 422 (the case b G 1
mod 422 is similar). Then we have a = 1 mod 822 or a E 5 mod 822.
If a = 1 mod 822, there exists t E Q,” such that t2 = a by Proposi-
tion 2.18, and we have a (f)” + b. O2 = 1. If a = 5 mod 822, then
4b G 4 mod 822 and thus we have a F 1 - 46 mod 822. Hence, there
exists t E Qg such that t2 = e by Proposition 2.18, and we have
at2+b+22=1. 0
(b) Proof of Theorem 2.3. By Proposition 2.20, Theorem 2.3

can be rewritten in the following form. Here, we write Qoc for R.
“Let a, b E Q”. The following conditions (i) and (ii) are equiva-
lent.
(i) ux2 + by” = 1 has a solution in Q.
(ii) ax2 + by 2 = 1 has a solution QV in for all primes u and
21 = m.”
Clearly, (i) implies (ii). So, all we need to prove is that (ii) implies
(i).
Let u,b E QX, and suppose ax2 + by2 = 1 has a solution in Qv
for all primes u and u = co. We need to prove that it has a solution
in Q.
If we multiply a and b by the square of a rational number, it does
not affect the existence of a solution in Q to ax2 + by2 = 1. Thus,
we may assume that a and b are square-free integers. We prove the
statement by induction on max(lal, lb\).
If either a or b is 1, ux2 + by” = 1 clearly has a solution in Q.
2.6. EtA’I’IONAL POINTS ON CONICS 77
If max(luj, lbl) = 1, we have a > 0 or b > 0, since we assumed

that the equation has a solution in Iw. This means we have a = 1 or
b = 1, and it has a solution in Q.
Suppose max([al, lb]) > 1. The statement is symmetric with re-
spect to a, b, so we may assume Ial < lb/. Since b is square free, lb1 is
a product of distinct prime numbers.
Let us prove that a mod b is a square in Z/bZ. If not, a mod p
is not a square in F, for some prime factor p of b. (This follows
from the Chinese Remainder Theorem.) Then p # 2, and we have
(u,b), = (;) = - 1. This implies that uz2 + by2 = 1 does not have a
solution in Qp, which is a contradiction. Hence, a mod b is a square
in Z/biZ. We thus have an integer r such that r2 E a mod b. Since
any element of Z/bZ has a representative in --y 5 n 5 T, we may
assumeO<r< - -
@J.
2
Put
r‘J - a = bc, c E z.
If c = 0, we have a = r2 and a (b)” + b. O2 = 1, which means that

there is a solution in Q. Suppose c # 0. We have
(The last inequality is due to the fact that Ibl > 2.) By Lemma 2.21
below, all we need to consider is the case ax* + cy* = 1. If Ial < lbl,
we can use the inductive hypothesis (since ICI < lbl). If Ial = lbl, we
can reduce to the case Ial < lbl, since /c( < Ibl. 0
LEMMA 2.21. Let K be a field; a, b, c E KX; r E K; and r2 -a =

bc. Then there is a bijection between two sets
X = {(x, y, z) E K x K x K I ax2 + by* = z2, (2, y, z) # (O,O, 0)},

Y = {(x, y, z) E K x K x K I ax* + cy” = z2, (x, y, z) # (O,O, 0)).
PROOF. Define f : X -+ Y, g : Y -+ X by
f(x, y, z) = (rx + z, by, ax + rz),

dx, Y, ~1 = (rx - z, CY, --ax + rz),
and verify that g o f and f o g are the identities of X and Y, respec-
tively. 0
Summary
2.1. If a conic defined over the rational number field has a ra-
tional point, it has infinitely many rational points, and we can de-
scribe them explicitly. (However, the main theme of the chapter is
not this, but 2.2 and 2.3 below.)
2.2. For each prime number p there is an extension field of the
rational number field called the p-adic number field. Each p-adic
number field is considered to be as important as the real number
field. The p-adic number field has a notion of convergence as does
the real number field, but the properties of convergence are quite
different from those in the real number field.
2.3. A conic defined over the rational number field has a rational
point if and only if its equation has a solution in the real number
field and in the Q, for all prime numbers p. The existence of a
solution in Q, can be determined by the Hilbert symbol, which is
related to the quadratic residue symbol.
Exercises
2.1. Find an example of a sequence of rational numbers which

converges to 1 in Iw and which converges to 0 in Qz. Also find an
example of a sequence of rational numbers which converges to 1 in
Q3 and which converges to 0 in Qz.
2.2. Define
and define a ring structure on the set of all group homomorphisms

from Z [l/p] /Z to itself, denoted by Horn (Z [l/p] /Z, Z [l/p] /Z),
by defining the sum of f and g by (f + g)(z) = f(z) + g(z) for all
z E ;Z [l/p] /Z, and the product off and g by the composition fog.
Show that there is an isomorphism of rings
Z, “Horn (Z[i]/Z, z[~]/z) .
2.3. Find ords(4n - 1) (n E Z). (Hint: Use exp, log in the 3-adic
number field to get 4” - 1 = exp(nlog(4)) - 1, then use Proposi-
tion 2.14(4).
EXERCISES 79
2.4. Let p be a prime number. Show the following:

(1) x2 = -2 has a solution in QP w p E 1,3 mod 8.
(2) x2 +y2 = -2 has a solution in QP u p # 2.
(3) x2 + y2 + 22 = -2 has a solution in QP for any p.
CHAPTER. 3
In this chapter we introduce an important !illlction called < (the

zeta function).
3.1. Three wonders of the values of the < function
The formula
(3.1)
was discovered by Euler around 1735. 1Ie had attempted to determine

the infinite sum of the left-hand side for many years, and he was quit,e
pleased to find the mysterious fact that, the sum is related t,o t,he
number 7r.
The formula
is called Leibniz’s formula. He discovered it in 1673, and he felt that

he found t,he mystery of Nature. It is said t,hat he decided t,o quit
being a lawyer and diplomat, in order to pursue mat,hematics because
of this discovery. Leibniz’s formula, however, had been discovered by
Gregory shortly before Leibniz. and also by an Indian mat,hematician,
Madhava, around 1400.
These formulas t,ogether wit,h Euler’s formula
7r3
(3.4) 1-$+&$+&&+... =E’
1-;++-;+ . ..= “iT

(3.5) 3&’
Xl
82 3. c
and Dirichlet’s formula
(3.6) l-~-;+~+L~-iL+~
+... (k signs repeat every 8 terms)
= 5 log(1 + v5)
are the formulas on the values of a class of functions called < func-
tions. These formulas reveal their secrets as we study them more and
more. In this section we introduce < functions and three interesting
properties on the values of < functions. Define
This function c(s) is called the Riemann C function, named after Rie-
mann who made important contributions to the study of this function
in t,he 19th century. The formulas (3.1) and (3.3) may be expressed
as
c(2) = $ and C(4) = $,
respectively, and thus they may be regarded as formulas for the values
of the Riemann < function C(s). Let N be a natural number and
(Z/NZ)x be the multiplicative group of units in the ring Z/NZ. A
homomorphism from (Z/NZ) ’ to the multiplicative group of nonzero
complex numbers Cx
x : (Z/NZ)X + Cx
is called a Dirichlet character (modulo N). We define
L(s,x) = 2 9
n=l
This is called the Dirichlet L function (with respect to x). Here,

x(n) is defined as x(n mod N) if n and N are relatively prime, and 0
otherwise. The formulas (3.2) and (3.4) may be expressed respectively
using the Dirichlet L functions as
L(l, xc) = : and L(3, x) = g,

I 3.1. THREE WONDERS OF THE VALUES OF THE C FUNCTION 83
where the character x is given by

~:(2/42)~ ={1mod4,3mod4}--+@X,
x(1 mod 4) = 1, x(3 mod 4) = -1.
The formula (3.5) may be regarded as a formula for the value of
Dirichlet L function L(s, x)
L(l,x) = -!I-
3&i>
with the Dirichlet character x given by
x: (Z/SZ)’ ={1mod3,2mod3}+(GX,
x(1 mod 3) = 1, x(2 mod 3) = -1.
The formula (3.6) may be regarded as a formula for the value of
Dirichlet L function L(s, x)
L(l,x) = +2 log(1 + J2)
with the Dirichlet character x given by

x: (Z/8Z)x = (1 mod8,3mod8,5mod8,7mod8}+~X,
x(1 mod 8) = x(7 mod 8) = 1,
x(3 mod 8) = x(5 mod 8) = -1.
These c(s) and L(s, x) are examples of the class of functions called
< functions. c functions are so important in number theory that some
people even claim that number theory is the study of < functions.
The first mystery of the values of C functions is that there exist
unexpected formulas such as (3.1)-(3.6), where one side of the iden-
tities is quite different in nature from the other side. Many formulas
of the following type have been known:
the value of a C function at s = integer
= (rational number)
x (the power of 7r or something similar to log(1 + A)).
For example, if T is a positive even integer, Euler proved the formula
c(r) = (rational number) x 7rr ($3.2, Corollary 3.9).
The second mystery of < functions is that their values at s =
integers are related to the world of p-adic numbers in a quite unex-
pected way. For example, if T is a positive even integer, <(r)rPT is
a rational number as mentioned above, and this rational number has
x.2 3. c
some p-adic properties. It was first studied by Kummer in the nine-

teenth century, and Kubota and Leopoldt clarified it around 1964. It
seems as if the homeland where < functions originally come from is
an unknown world which governs both the world of real numbers and
the world of p-adic numbers.
The third mystery of < functions is that some values of < functions
have subtle arithmetic meanings. For example, Leibniz’s formula (3.2)
tells us that Z[i] is a principal ideal domain, as we will see in 54.3. This
can be explained by the class number formula (see $4.3, and Chapter 7
on < function in Volume 2), which was discovered by Dirichlet in
the nineteenth century. In the late twentieth century, an effort to
understand the meanings of values of < functions more deeply than the
class number formula turned into a theory called “Iwasawa theory”.
In $3.2 we discuss the first mystery about the values of c(s) and
L(s,x) at s = positive integers, and we prove (3.1)-(3.5). (For the
proof of (3.6), see Exercise 3.3.) In $3.3 we introduce the analytic
continuation of these < functions to the entire complex plane, and
we discuss the first mystery of the values of < functions at s =
negative integers. We mention the second and third mysteries at the
end of $3.3. We will further discuss these two mysteries in Chapter 10
in Volume 3.
We named this chapter “<” instead of “I functions”. We dropped
the word “functions” because we feel more and more as we study <
functions that C functions are something more than just functions.
3.2. Values at positive integers
(a) C(2). We first g’ive one of the proofs Euler gave to the fol-
lowing theorem of Euler.
THEOREM 3.1.
C(2) = g .
PROOF. We use the product formula for the sine function
(3.7) -=fi(l-$),
sin(7rz)
TX
n=l
which was also discovered by Euler (see N. Bourbaki, Fonctions dine

variable re’elle, Chapter VI $2, Theorem 2, or L. Ahlfors, Complex
Analysis, Chapter 5, $2.3). We compare the Taylor expansion of
3.2. VALUES AT POSITIVE INTEGERS 85
both sides of (3.7) a t z = 0. By the Taylor expansion of sin(z),

3 - 27 X9
sin(x) = z - 5 + $ - T + sr - ... )
we have
T2
left-hand side of (3.7) = 1 - 31x2 + terms of degree 4 or higher.
On the other hand, the Taylor expansion of the right-hand side of

(3.7) gives
right-hand side of (3.7)
x2 + terms of degree 4 or higher
Therefore, we have
&1
(b) Values at a general positive integer. Theorems 3.4 and

3.8 concern the values of c(s) and L(s, x) at positive integers.
DEFINITION 3.2. Define rational functions h,(t) (r = 1,2,3,. ..)

with rational coefficients by
hi(t) = JLiL
2(1 - t) ’
r-1
(hl (t)) (r > 1).
For example
t + t” t + 49 + t”
(3.8) b(t) = (1 ” t)2 > b(t) = (1 _ tj3> b(t) = (1 - ty .
For any integer T greater than or equal to 1 we have
h7.(t) E Q t, L
[ 1-t 1.
86 3. c
PROPOSITION 3.3. Let x E @, x $! Z and t = e2Tix.
(1)
w=-f&.(-&+-J-).
nEz
(2) If r 2 2, then
h,(t)
=(r-l)!.
(-&>T-c
nEZ
(x:c
PROOF. Take $& log( ) of both sides of (3.7), and we have
(3.9) cot(7rx) = &c -& + -J- .

x-n >
nEZ
Since cot(y) = a and we have
eYi - e-Yi eYi + e-Y2

sin(y) = COS(Y) = 2 7
2i ’
we see that
i(eXSi + e-~Zi)
cot(7rx) = = -2ihl(t) (t = e2rzs),
eTxi _ e-m2
which proves Proposition 3.3(l). Applying (t$)r-1 = (&)r-l to

both sides of the above formula, we obtain Proposition 3.3(2). 0
Prom Proposition 3.3 we deduce Theorems 3.4 and 3.8.
THEOREM 3.4. Let N be a natural number greater than 1, x a

Dirichlet character modulo N, and r a natural number. Suppose
x(-l) = (-1)‘. If we put CN = e2xi/N, then we have
Prom Theorem 3.4 we deduce the formulas (3.2), (3.4), and (3.5)
in 53.1.
3.2. VALUES AT POSITIVE INTEGERS 87
EXAMPLE 3.5.
l-;+;+-L+...
27G
=&. (-4 > . ; . (hi(i) - h&.3))
+$().;.(3&2L)
2?ri 1 lr
0
zz
4 ‘?=4.
EXAMPLE 3.6.
1-;+;+-i+...
EXAMPLE
=
3.7.
(--I.--27ri
3
1
2 A=-
i n-
3&’
=& ( >
-4
2Ti 3 1
. 5. (h&) - h3(i3))
=~.(-~)“+.(+-$) (from(3.8))
=-. 1 27ri 3 1
z. (-q = g.
2 (-3 4
THEOREM 3.8. Let r be a positive even integer. We have
c(r) = (r T l)! . 2’ \ 1 (a~ri)’ . ; . b-1).
COROLLARY 3.9. If r is a positive even integer, then rY<(r) is

a rational number.
This is because h,(t) is a rational function with rational coeffi-

cients, and thus its value h,( -1) at -1 is a rational number.
We deduce the formulas (3.1) and (3.3) from Theorem 3.8.
(from (3.8))
72
6
EXAMPLE 3.11
C(4) = &y ii, (&4J. ; . -l’,.? - l (from (3.8))
irJ
90 .
REMARK 3.12 Theorem 3.8 does not say anything about c(3),
C(5). C(7), 1‘(g), .: . Apkry proved that C(3) is an irrational number
in 1978. It is cori,jectured that c(5), c(7), c(9), are also irrational
numbers, and if r is an odd integer at least 3, C(r) cannot be expressed
as the product or sum of rational numbers and 7r unlike the case where
T is even. But these conjectures have not been proved.
PROOF OF THEOREM 3.4. Using Proposition 3.3, we rewrite the

sum C y(~)h,.((~~.) in th e right-hand side. If n 2 0, we have
at(Z/R;Z) x
If n < 0, we put n,’ = -n - 1 2 0 and we have
zzzN’ x(m)
c m’.’
By Proposition 3.3 we obtain
PROOF OF THEOREM 3.8. In Theorem 3.4 take N = 2 and let

x be the trivial homomorphism y : (Z/2Z)” --f Cx. Then. for a
3.3. V.L\LUES AT NEGATIVE INTEGERS
positive even integer r we have

27ri T 1
L(r,x) = (1: -2 . 2 h,.(-1).
( 1
I On the other hand, we have
Theorem 3.8 follows from this. 0
QUESTION 1. By letting z = i in Proposition 3.3, show the formula

2x + 1
,27T - 1
QUESTION 2. Using Proposition 3.3(2) with r = 2, I = i and the formula in

the previous question, show the formula
$e4T •t 2n2e2” - ;
(e 2n - 1)2
These formulas are not about thezvalues of ( functions, but they

belong to the same world as c(2) = $, and it has a flavor of <.
3.3. Values at negative integers

(a) Analytic continuation. If we consider s to be a complex
variable, C(s) and L(s,x) can be extended beyond the domain of
convergence of the original infinite series, and we can consider their
values at negative integers as we see in Proposition 3.15. In order to
study the properties of the values at negative integers, it is convenient
to introduce the partial Riemann < function and Hurwitz < function.
DEFINITION 3.13. For a natural number N and an integer a de-

fine
where t,he sum is taken over all natural numbers 72 satisfying n E

a mod N. This function is called partial Riemann < function with
respect to a mod N.
90 3. c
&(4)(S) = 1 + ,,: + ; + & + $ + ‘. .
DEFINITION 3.14. For a positive real number z define
C(s,x) =go (,:,,i
This is called the Hurwitz zeta function
We note that the notation &N)(S) is our own and it is not

generally used.
From the definitions we have the following properties.
(3.10) La(l)W = I(s), as> 1) = C(s).
For x a Dirichlet character mod N

N
(3.11)
a=1
(define x(a) = 0 for a that is not prime to N).

For a natural number N and an integer a satisfying 1 <- a 5 N
(3.12) < (s, ;> = N” . L(N)(S).
PROPOSITION 3.15. (1) The defining series of C(s), L(s,x) (x

is a Dirichlet character), C&~)(S) (N is a natural number
and a is an integer) and C(s, x) (x is a positive real number)
all converge absolutely for s satisfying Re(s) > 1, and they
are holomorphic in this domain.
(2) The functions c(s), L(s, x), &(N)(S) and <(s, CC)have ana-
lytic continuation to the entire complex plane, and they are
meromorphic functions. They are holomorphic in s # 1, and
we have
liil (s - l)C(s) = 1, ;il (s - l)&(N)(S) = ;>
liil (s - l)C(s,x) = 1.
(3) If the image of x : (Z/NZ)X -+ Cx is not {l}, the defining

series of L(s, x) converge (the sum is taken in the order n =
1, 2, 3,. . . ) for s satisfying Re(s) > 0, and it is a holomorphic
function in this domain. For such a x L(s, x) is holomorphic
in the entire complex plane.
3.3. VALUES AT NEGATIVE INTEGERS 91
We give a proof of Proposition 3.15 at the end of this section.
(b) Values at negative integers and Bernoulli nwnbers

and Bernoulli polynomials. Theorem 3.18 shows that the Rie-
mann < function has rational values at nonpositive integers, and they
can be expressed in terms of Bernoulli numbers and Bernoulli poly-
nomials.
DEFINITION 3.16. The Bernoulli number B, (n = 0, 1, 2, 3,. . . )
is defined by the formula
Prom the formula

2 2 1
~ =
ez - 1 x+$+$+-. = I+%+$+...
2
x x2
=I- ;+g+... + -...,
( . . > ( s+y+-* 1
we see that
(3.13) B. = 1, B1 = -;, B”=;, B4 = -&,

5 691 7
B8 = -$ BIO = -, Blz = -- ’ B14 = -,....
66 2730 6
In particular, B,‘s are all rational numbers. Since & - 1 + 5 is an
even function (i.e., invariant under J: H -x), we see that
(3.14) B, = 0 for n an integer greater than or equal to 3.
DEFINITION 3.17. The Bernoulli polynomial B,(z) (n = 0, 1, 2,
3,. . . ) is defined by
B,(z) = 2 (:) BiFi,

i=o
where (1) = &.
From (3.13) we have

1
(3.15) B,,(z) = 1, Bl(s) =x- ;, B2(2) =x2 -x+-, 6
3
B3(x) = x3 - p2 + $x, By = x4 -2x3+x2-$,....
92 3. c
In particular, R,(z) is a polynomial in rational coefficients, and we

have
B,(O) = B,.
THEOREM 3.18. (1) F or a natural number r and a positive real

number x we have
<(l - 7-,x) = -r&.(x)
(2) For natural numbers r and N, and an integer a satisfying

1 5 a 5 N we have
COROLLARY 3.19. Let N be a natural number, a an integer, and

m a nonpositive integer. Then, we have
CE,(iv)(m) E Q.
In particular, we have C(m) E Q for any nonpositive integer m.
This can be seen from Theorem 3.18(2)
EXAMPLE 3.20. From Theorem 3.18 (2) and (3.15) we see
L a(N)(O)= -; + ;,
<@+l) = -& + ; - ;,
&q-2) = -& + ; - Jp.
COROLLARY 3.21. Let N be a natural number. If the image of a

Dirichlet character x : (Z/NZ) ’ + Cx is diflerent from {l}, then we
have
L(0, x) = -kc ax(a).

a=1
This follows from Example 3.20 and the fact ~~=“=, x(a) = 0 (see
Question 3).
QUESTION 3. Let G be a finite group and x: G ---) Cx a homomorphism

whose image is different from (1). Show that CcAtc x(a) = 0.
3.3. VALIJES A’l’ NEGATIVE INTEGERS 93
Theorem 3.18(2) follows from Theorem 3.18(l) and the relation

(3.12) between the Hurwitz < function and partial Riemann < func-
tion.
Before giving a proof of Theorem 3.18( 1) at the end of this section,
we explain first why Theorem 3.18(l) is. a natural property in view of
the nature of the Hurwitz < function and Bernoulli polynomials.
The Bernoulli polynomials first appeared in the formula for the
sum of k-th power. For natural numbers T and 5, we have a formula
X-l
(3.16) c 72-l = g?(x) - 8.).
n=o
1+2+3+.. . + (x - 1) = :(X2
1+ 2” + 32 + . + (x - 1)2 = ; x3 - Es2 + ix
( >
On the other hand, the Hurwitz < function satisfies by definition
C(%X+ 1) - C(%X) = -;>

and therefore for any natural number x we have
X-1
1
(3.17) - = -<(.5,x) + C(s).
c ns
n=l
In other words, when we consider the formula of the sum of I;-th

powers when Ic is positive, Bernoulli polynomials appear, while we
consider it when k is negative, the Hurwitz < function appears. This
fact makes us feel that the formula ((1 - T, Z) = -f&(x) is very
natural.
We now explain briefly why (3.16) holds. Let us consider the
linear operator
D: Wd + @bl; f(x) H &XI

on the polynomial ring @[xl. W e see from the theory of Taylor ex-
pansion that the linear operator eD = c,“=,, $$ satisfies
eD(f(4) = f-(x + 1)
94 3. c
for all f(x) E @[xl . From the definition of B, we have
(3.18) D = (8 - 1) 2 $I-.
n=O
Operate (3.18) on zT and use the formula
F $D’“(x’) = 2 (r,) BnsFn = BT(x),

n=O n=O
and we obtain
(3.19) rx r-1 = B,.(z + 1) - BT(z)
The formula (3.16) follows easily from this.
QUESTION 4. If we tend s - 1 in (3.17), we have
for any natural number 2. Find the right-hand side when z = 5/2. (If we let
r
2 = f in this formula, the left-hand side does not make sense, but it seems like
the sum of i from 1 to ?j.)
COROLLARY 3.22. (1) C(0) = -$.

(2) If r is a natural number greater than or equal to 2, we have
<(l - r) = -fB,.
(3) If m is a negative even number, we have c(m) = 0.
PROOF. From Theorem 3.18(2) we have
((1 -r) = -iB,(l)
for a natural number r. Since B1 (x) = z - 5, we obtain c(O) = -$.

If r 2 2, it follows from (3.19) that B,(l) = BT(0) = B,. From (3.14)
we have B, = 0 for an odd integer r less than or equal to 3, and thus
we have ((1 - r) = 0. 0
3.3. VALUES AT NEGATIVE INTEGERS 95
EXAMPLE 3.23. Prom 3.22 and (3.13)
((0) = -;, ((-1) = -A, ((-3) = l

23X3X5’
((-5) = - l ((-7) = l
22 x 32 x 7’ 24X3X5)
691
<(-9)=- l <(-11) =
22 x 3 x 11’ 23X32X5X7X13’
C(-13) = -A,. “.
(c) Proof of Proposition 3.15 and Theorem 3.18.
PROOF OF PROPOSITION 3.15( 1). We prove this for the func-

tion L(s, x). (Similar proofs work for &N)(s) and <(s! z).) If we
let Re( s) = g > 1, we have
x(n) 5;.
l-l ns
If n > 2, we have
n
and thus
J 12-l
&dz,
~$,,.~=$dz=l+--&
n=l
This shows that the series C,“=, 9 converge absolutely, and, for
any c > 1, they converge uniformly in the domain Re(s) > c. Since
the limit of a uniformly convergent sequence of holomorphic functions
is again holomorphic, Proposition 3.15(l) is proved. 0
PROOF OF PROPOSITIONS 3.15(2) AND 3.18(l). To prove Pro-

position 3.15(2) it is sufficient to prove it for ((s, x). We prove it
together with Proposition 3.18(l).
As a preliminary, we introduce the I function. For a complex
number s satisfying Re(s) > 0 define
If s is a natural number,
r(s) =
IXe-“p
we hzve I’(s) = (s - l)!.
f.
l?(s) has an
analytic continuation to a meromorphic function on the entire plane.
We denote this extended function by I’(s) also. Then it is known
that I’(s) has the following properties. r(s) is holomorphic except for
s = 0, -1. -2, -3, . , where it has a pole of order 1. I’(s) does not
have a 0. For m > 0 we have
&Em(s + m)r(s) = (-1)“;.
Now, if Re(s) > 1, we have
x==e-(s+n)uUs
*u t
We let u = ~
=J’0 n=o
c L7C+n’ >
eCsu du
(, Gus;.
=r
In other words, we have
S-l
was, 4 = JX f(s, u)du, where p(s,u) = &u .
0
We divide the integral into two parts:
()_ f(s, u)du = /’ o f(s, u)du + lx f(s, u)du.

J’ J’
Since the function ePszL approaches 0 rapidly as u tends to infinity,
the integral s;” f( s , u )d u converges for any complex number s, and
it is holomorphic on s. Consider J, f(s,u)du. By the definition of
B, (z) we have
x Kc(s) 12. uexu

CTU =- e” - 1’
77=0
Therefore
3.3. VALUES AT NEGA'I'IVE INTEGERS 97
This has an analytic continuation to a meromorphic function s in the

entire complex plane. It is holomorphic except at s = 1, 0, - 1, -2,
-3,. . . ) where it has a pole of order 1.
Thus, r(s)(‘( s,x ) is extended to a meromorphic function on the
whole complex plane, and it is holomorphic except at s = 1, 0, - 1,
-2, -3,. . , where it has a pole of order 1. Therefore, C(s,z) has an
analytic continuation to the whole complex plane, and it is holomor-
phic except at, s = 1, where it has a pole of order 1.
For an integer n > 0 we have
sJ~n(s + 71- l)(r(s)((s, x)) = y . (-1)”
If we let 72 = 0 and take the fact l?(l) = 1 into account, we have
li-i (s - l)<(s,z) = &(z) = 1.
If R > 1, we have lim,,l-,(s + 12 - l)r(s) = (-l)“-’ . A, and

thus we have
{(l- n,.,5) = -~ Bn (xl

n
PROOF OF PROPOSITION 3.15(3). For s satisfying Re(s) > 0

and m 2 0, define
We have L( s, x) = fo (s) + Cz= 1 fr,, (s) . In the following we prove
(3.20) 5 I.fm(s)l I N. ISI . (1 + &)

es
77?=1
The inequality (3.20) shows that the series X:=1 fnL(s) converge uni-
formly in the domain {s E @ 1 IsI < C, Re( s) > C’}, for any real
numbers C and C’, and thus the sum is holomorphic when Re(s) > 0.
Let us prove (3.20). Since the image of x : (Z/NE) ’ + @’ is not
{l}, we have C,“=, x(n) = 0 ( see Question 3). Hence, we have
98 3. c
We write
mN+n
s
(@$+n)‘-&=-
smN -dx,
xs+l
and thus, if we write 0 for Re(s), we have
Therefore, we have
and thus we have
ii: I.fm(s)l5 N. ISI2 -& I N. ISI.(1 + ;) .

m=l m=l
(d) Functional equation. In Chapter 7, $7.2 in Volume 2 we

will explain the fact that, when x : (i%/NZ) x + cx is a Dirichlet
character and x-l : (Z/NZ)X --f cx is a Dirichlet character defined
by x-‘(a) = ~(a)-i, th ere is a relation between L(s,x) and L(1 -
s,x-‘) called th e f uric t’zonal equation. It follows from the functional
equation that we have the property that for an even number r no less
than 2, we have <(l - r) = 2 x (r - l)! x & for the Riemann <
function. For example, for r = 2 we have
7r2
X-=-- 1
<(-1) = 2 x 1x & x a4 = -2 x& 6 12
(see Example 3.23).
(e) The second and third mysteries. We now discuss the

second and third mysteries of the values of the < function.
The second mystery was proved by Kummer in the nineteenth
century and part (2) of the following proposition is called “Kummer’s
congruence”.
PROPOSITION 3.24. Let p be a prime number.

(1) If m is a nonpositive integer satisfying m $ 1 mod (p - l),
then me have
SUMMARY 99
(2) If m and m’ are negative integers satisfying m c m’ q.k 1

mod (p - l), then we have
C(m) = <Cm’) mod PZ(,).

EXAMPLE 3.25. For a prime number p different from 2 and 3 we
have - 1 $ 1 mod (p - 1). By Example 3.23 we have
<(-1) = -& E Z(,).

The above congruence relations mod p satisfied by the values
of the Riemann < function at negative integers are generalized to
congruence relations mod pn (n > l), and extended to the theory of
p-adic L functions, which takes its values in p-adic numbers (theory
of p-adic L functions of Kubota and Leopoldt).
QUESTION 5. Show by using Proposition 3.24 that if m is a nonpositive

integer, any prime factor of the denominator of C(m) when we express C(m) as
a quotient of relatively prime integers is no greater than 2 - m. (For example,
in Example 3.23 the prime factors of the denominator of c(-11) are 2,3,5,7,13,
and they are no greater than 2 - (-11) = 13.
As for the third mystery, we will discuss in 54.4 that some arith-
metic information of the field obtained by adjoining a 691st root of
unity to the field Q is related to the fact that in Example 3.23 the
numerator of <( -11) has the prime factor 691. In $4.3 we also dis-
cuss the arithmetic meaning of the values L(l,x) and L(0, x) for the
Dirichlet character satisfying x( -1) = -1.
For the second and third mysteries, see Chapter 10 in Volume 2.
The values of C functions appear in many areas of mathematics
in an unexpected way, and they do not ceaseto mystify us.
Summary
3.1. The value of the Riemann C function at a positive even inte-

ger r is of the form rational number x 7rT. The Riemann < function
has an analytic continuation to the entire complex plane, and its
value at a negative integer or 0 is a rational number.
3.2. The Dirichlet L function is a generalization of the Riemann
< function. It has similar (but not exactly the same) properties to
the Riemann C function.
100 3. c
3.3. The value at an integer of such a function called the < func-
tion has some mysterious arithmetical properties. (We will see later
that it is related to the p-adic numbers and the ideal class group
defined in Chapter 4.)
Exercises
3.1. Find the following sums:

(1) (l+~-~-+)+(~+&-~-~)+....
(2) (l-+~++)+(i51;1-+-~+&+-..
3.2. (1) Show that if Re(s) > 1, we have (1 - 2l-“)<(s) =
l-~+~-&t-~-&+....
(2) Using log(2) = 1 - i + f - i + i - i + . . , show
lili,(” - l)<(s) = 1.
Here lim,,r+e means s approaches 1 from the right on the

real line.
3.3. Let
For a = 1,3,5,7 define
S a=
c33ET=-log(l
71=1
n
- c‘“) 8 .
Prove formula (3.6) by calculation sr - ss - sg + ~7.

3.4. Let x,cr,. . . , ck be positive real numbers and define
(This is called the multiple Hurwitz < function.) Comparing to the

proofs of Proposition 3.15(2) and Theorem 3.18, prove the following
more general situation.
1
(1) The series c 7x1,” ,%>O converges whenever
(z+clnl+...+cknk)”
Re(s) > k. As a function on s, it has an analytic continuation
to a meromorphic function on the entire complex plane, and
it is holomorphic except at 1,2,. . , k.
EXERCISES 101
(2) Let m be a negative integer or 0. By multiplying by the

product cl . . . ck, <(m, 2; cl,. . . , ck) becomes a polynomial in
Z,Cl,..., ck in ($ coefficients.
CHAPTER 4
Algebraic Number Theory
Algebraic number theory was founded by Kummer in the middle

of the nineteenth century, and it was later developed by Dedekind
and Kronecker.
Kummer had hoped that, by using his new theory, he could prove
Fermat’s Last Theorem: If n is no less than 3, the equation x7%+ yn =
zn does not have an integral solution x, y, z satisfying xyz # 0. We
can rewrite the equation x” + y* = zn as
(4.1)
k=O
where & is the primitive n-th root of unity cos (%) + isin (s), and
(k is the Ic-th power of &. Both sides of (4.1) are in a product form,
and we are tempted to apply the law of unique factorization to both
sides of the equation. However, the formulas contain the number &,
which is not a rational number, and thus Kummer was obliged to
examine whether or not the law of unique factorization holds in the
world of numbers containing such numbers as Cn.
A finite extension of the rational number field Q is called an alge-
braic number field. For example, Q(<,) is an algebraic number field.
Algebraic number theory is a subject which studies how the unique
factorization property for the natural numbers can be generalized (in
a modified way, if necessary).
Even if a question is posed within the rational number field, it
may not be answered within the rational number field, and it is often
necessary to go to the world of algebraic number fields in order to
answer the question. As a matter of fact, Kummer obtained a signif-
icant results to Fermat’s Last Theorem (see §4.4), which is originally
a question within the rational number field.
In this chapter we will discuss the method and important results
of algebraic number theory.
103
104 4. ALGEBRAIC NUMBER ‘THEORY
4.1. Method of algebraic number theory
In this section we will prove some of Fermat’s statements which we

mentioned in the introduct,ion using the method of algebraic number
theory, i.e., the method that enlarges the world of numbers. We also
give a proof of Fermat’s Last Theorem in the case n = 3.
(a) Proof of Propositions 0.1-0.5, 0.10 and 0.11. We show

the propositions in the title by enlarging the world of numbers from
Z to the rings such as Z[i] = {a+& 1 a, b E Z}, Z[J-2] = {a+bn j
a,b~ Z},Z[&] = {u+b& 1u,b~ Z},Z[fi] = {u+b&I u,b~ Z}. In
the proofs below we will use the fact that these rings have the unique
prime factorization property. Namely, if A is one of the following
rings Z[i], Z[J--2], Z[&], Z[Jz], then A has the following property:
(*) If an element a in A is nonzero and not a unit, then a can be
factored into the form
a = a!1 “‘Q, (r 2 1, (~1, . . , (Y, are prime elements in A),
and this factorization is unique in the sense explained below.

The definition of a “prime element” is as follows. Rings such
as Z[i] and Z[J--2] are integral domains (see Appendix A, §A. 1 for
the definition of an integral domain). An element (Y in an integral
domain A is a prime element if the following conditions (i) and (ii)
are satisfied:
(i) Q is nonzero and not a unit.
(ii) If a, b E A and ub E aA, then a E cuA or b E aA, where
aA = {OX 1 x E A}. (Condition (ii) says that if ub is divisible
by CY,then a or b is divisible by CE.)
For example, a prime element in Z is a number of the form
&prime number.
The meaning of the uniqueness is that if we have another factor-
izationofu,u=~~...ab(s>l, c~~,...,~~~isaprimeelementofA),
then we have T = s, and if we renumber a!;, . , (-Y: suitably, we have
c(A = oiA (i.e., 0: = CQ x unit) for i = 1,. ,T.
An integral domain that has the property (*) is called a unique
factorization domain. In 54.3 we will verify by using < functions that
the rings Z[i], Z[J--2], and Z[&] are unique factorization domains.
PROOF OF PROPOSITION 0.2. The statement of Proposition 0.2

is the following:
4.1. METHOD OF ALGEBRAIC NUMBER THEORY 105
(1) If p is a prime number congruent to 1 modulo 4, then there

exist 2, y E Z satisfying p = x2 + y2.
(2) If p is a prime number congruent to 3 modulo 4, then there
do not exist x, y E Z satisfying p = x2 + y2.
We have already proved (2) as part of Proposition 2.8. Since we have
a~ = x2 + y2 for an element o = II: + yi (x, y E Z) of Z[i] (where cu
is the complex conjugate of a), the statement (1) follows from the
following Proposition 4.1(l), which expresses the law of unique prime
factorization.
PROPOSITION 4.1. (1) If p is a prime number congruent to 1

modulo 4, then there is a prime element Q in Z[i] such that
p = ~5 (5 is also a prime element ofZ[i]). Moreover, &[i] #
nZ[i].
(2)UP’ as a P’rzme number congruent to 3 modulo 4, then p is a
prime element in Z[i].
(3) 2 = (1 + i)2 x (-i), and 1 + z are prime elments in Z[i],
whereas -i is a unit in Z[i].
(4) Any prime element ofZ[i] is of the form (prime element up-
peared in (1) (2) and (3)) x (unit).
(5) The set of units of Z[i] is {fl, &}.
PROOF. (1) Let p be a prime number congruent to 1 modulo 4.

Since we have 3 = 1 (Theorem 2.2(2)), there exists an integer a
( P >
such that a2 E -1 mod p. Since we have
(a + i)(a - i) = a2 + 1 E pZ[i], a + i $! pZ[i], a - i $J pZ[i],
we see that p is not a prime element in Z[i]. On the other hand, since
p is not a unit in Z[i], it follows from the prime factorization of p
in Z[i] that there exists a prime element Q in Z[i] dividing p. Write
p = a!p, p E Z[i]. s ince p is not a prime element, p is not a unit. We
have
-
p2=a!yp.cYyp=cyG.pp,
and since both a~ and ,B,??are natural numbers, cvcv must be one of
the divisors of p2, namely 1, p, p2. If CVG = 1, (Y would be a unit, and it
is a contradiction. If a6 = p2, then ,B would be a unit since /3p = 1.
Thus, we have p = CUCU. Suppose &Z[i] = ZZ[i], and we deduce a
contradiction. Take an integer a E Z such that (u + i)(a - i) E pZ[i].
Since a is a prime element, we have either a + i E (-YZ[i] or a - i E
aZ[i]. Take the complex conjugates of these elements and use the fact
106 4. ALGEBRAIC NUMBER THEORY
oZ[i] = &Z[i], and we see that both a + i and a - i belong to crZ[i].

Since we have 2i = (a + i) - (u - i) E &Z[i], we have 2,p E aZ[i]. It
follows that 1 is in &Z[i] and a is a unit, a contradiction.
(2) Let p be a prime number congruent to 3 modulo 4, and let
(1~be a prime element in Z[i] dividing p. We set p = a$ (,b E Z[i]).
Then, as before, we have p2 = a~ ’ pp. Since we have a~ # 1 and
we cannot write p = x2 + y2 (x, y E Z), we see p # as. Therefore,
wehavec@%=p2, /3p=l, and p is a unit. Hence p = (Y/? is a prime
element.
(3) We show that 1 + i is a prime element. Let cy be a prime
element in Z[i] dividing 1 + i, and set 1 + i = ~$3. Then we have
2 = (1+ i)(l -i) = a3 . /3p. Since cucU# 1, we have a?%= 2, ,8p = 1,
and therefore /3 is a unit. Hence 1 + i = cup is a prime element.
(4) Let cr be a prime element in Z[i]. Considering the prime
factorization of the natural number a~, which is not equal to 1, we
see that (Y divides a prime number.
(5) If 0 is a unit in Z[i], we set /3r = 1 (y E Z[i]). Then 1 =
/3p. 77, and thus ,Dp = 1. If we write p = z + yi(z,y E Z), we
have x2 + y2 = 1. The integer solutions of this equation are (x, y) =
(fl,O), (0, *l). Hence, we have /3 E {fl, +A}. 0
PROOF OF PROPOSITION 0.1. Proposition 0.1 is about a prime
number that can be the hypotenuse of a right triangle with rational
sides.
Let p be a prime number congruent to 1 modulo 4. By Proposi-
tion 4.1( 1) p can be written as p = a~, where o is a prime element in
Z[i]. Ifweseto2=x+yi(x,yEZ),wehavep2=(r2~2=x2+y2. If
we show x # 0, y # 0, we see that p is the length of the hypotenuse of
the triangle whose three sides are 1x1, ]y], and p. If x = 0 or y = 0, the
argument of cr is a multiple of 7r/4, and thus there exists an integer
m such that
a=mp, wherep E (1, 1 + i, i, -1 + i}.
This contradicts the uniqueness of the prime factorization in Z[i].
Next, it is easy to see that the equation 22 = x2 + y2 does not
have a solution satisfying x # 0, y # 0.
Let p be a prime number congruent to 3 modulo 4, and let p2 =
x2 + y2 (IL.,y E Z). If we set a: = x + yyi, then we have p2 = a~%. By
Proposition 4.1(2), p is a prime element in Z[i]. It follows from the
uniqueness of factorization that Q = p x (kl, or * i ). This implies
x=Oory=O. 0
PROOF OF PROPOSITION 0.11. Proposition 0.11 states that the

only solutions to the equation y2 = x3 - 4 are (x, y) = (2,2), (5,ll).
We rewrite the equation as
x3 = y2 + 4 = (y + 2i)(y - 2i).
Notice that the product of y + 2i and y - 2i is a cube. We will later

show by using the unique factorization properties of Z[i] that each of
y + 2i and y - 2i is a cube in Z[i]. Thus we have r
(4.2) y + 2i = (a + bi)3 (a, b E Z).
I //’
Expanding the right-hand side and comparing both side& we have ,,/
\- _ /-
(4.3) 2 = 3a2b - b3 = (3a2 - b2)b.
Therefore, b is a divisor of 2, and thus b equals one of kl, 12. If we re-
place b = 1, -1,2, -2 in (4.3), we have 3a2 = 3, -1,5,3, respectively.
Thus
(a, b) = (fl, 1) or (fl, -2).
It follows from this and (4.2) that y = 2 or 5, and we obtain 2 by
substituting y in the equation y2 = x3 - 4.
We use the following Lemma 4.2 for the remaining part of the
proof.
LEMMA 4.2. Let A be one of Z[i], Z[a], Z[<a], and Z[v!?].
Let cq,.. , (Y,, p be nonzero elements of A, k a natural number, and
a1 “‘cl, = /3”. Furthermore, if i # j, suppose oi and a3 are prime
to each other. Then for each i, cq can be written as cq = u& with
an element ,0i in A and a unit ui.
This lemma can be proved by counting how many times each
prime element appears in the prime factorization of 01, . . , Q,, /3, just
as the proof of Lemma 1.7 in $1.1.
We now show that the equation x3 = (y + Zi)(y - 2i) (x, y E Z)
implies that y + 2i, y - 2i are cubes in Z[i].
Let y be a prime element of Z[i] dividing both y + 2i and y - 2i.
Since y divides (y + 2i) - (y - 2i) = 4i = -i( 1 + i)“, we have y =
(1 + i) x (unit). Writing y + 2i = (1 + i)e~, e 2 1, (Y element of iZ[i]
not dividing 1+ i, we have y - 2i = (1 - i)“??, 1 - i = (-i) x (1+ i),
and thus y - 2i = (unit) x (1 + i)%. Hence,
Ql(Y2Q3 =X3,
(~1 = (unit) x (1-t i)2e, ~2 = Q, 03 = Cr.

Any two of al, (~2, and a3 do not have a common prime factor. By
Lemma 4.2 all of al, CQ, and 0s are of the form (unit) x (cube in Z[i]).
It follows from this that e is a multiple of 3. Thus, y + 2i = (1 + i)“o
is of the form (unit) x (cube in Z[i]). But the units fl, fi in Z[i] are
all cubes. Hence y + 2i is a cube in Z[i]. 0
PROOF OF PROPOSITION 0.3. Proposition 0.3 is about the qua-
tion p = z2 + 2y2 (p is a prime number) and the residue of p dulo
8. If p f 5,7 mod 8, then (-2,~)s = -1. Thus, there do no exist
rational numbers 5 and y satisfying p = x2 + 2y2 (see the pr of of
Proposition 2.8). L
Next, let p = 1,3 mod 8. We prove that there exist z,y E Z
satisfying p = x2 + 2y2. For an element o = x + yfl (z, y E Z) in
Z[J--2] we have CG = x2 + 2y2. Therefore, it suffices to show the
existence of Q E Z[J-- satisfying p = CUZ. This can be done by
replacing Z[i] by Z[v’Z] in the proof of Proposition 0.2 and using
the fact 2 = 1. 0
( >
PROOF OF PROPOSITION 0.10. Proposition 0.10 states that the
only solution in natural numbers to the equation y2 = x3 - 2 is
(x, y) = (3,5). Rewriting the equation as
x3=(Y+J-2)(y-vq,
we can show that both y + &2 and y - n are cubes in Z[ J-- ,
as in the proof of Proposition 0.11. (Here we replace Z[i] by Z[J--.
Instead of the prime element 1+ i in Z[i], the prime element fl in
Z[J--2] appears in the proof. We also use the fact that the units of
Z[J-- are fl instead of the fact that the units of Z[i] are ztl, zti.)
We have
y+J--2=(a+bdq3 (a, b E Z).
Expanding both sides and comparing the imaginary parts, we have
1 = 3a2b - 2b3 = (3a2 - 2b2)b.
Therefore, b is a divisor of 1, and thus b = fl. It follows that
(a, b) = (fl, I),

and we obtain y = 55, x = 3. 0
PROOF OF PROPOSITION 0.4. Proposition 0.4 is about the equa-

tion p = x2 + 3y2 (p prime) and the residue of p modulo 3. If p s 2
mod 3, then we have (-3,~)s = -1, and thus there do not exist
rational numbers z, y satisfying p = z2 + 3y” (see the proof of Propo-

sition 2.8).
Next, let p = 1 mod 3. We show the existence of 2, y E Z sat-
isfying p = x2 + 3y2. For an element o = z + y&3 in Z[a] =
{a+bfl / a, b E Z}, we have 05 = x2 + 3y2. Therefore, it suffices to
show the existence of (Y E Z[&?] satisfying p = cr~r. Using the fa
-3 = 1 and replacing Z[i] by Z’[&] in the proof of Proposition 0. ,
( P >
we can show the existence of ,6 E ?!?[<a] satisfying p = pp. On the ?
other hand, it is easy to show that any element of Z[&] belongs to
Z[a] after multiplying one of 51, &<s, &<i (these are all of the
units of Z[&?]). If we set ck = up E Z[a], u E {*I, *<s, *@},
then we have p = pp = CUZ. 0
PROOF OF PROPOSITION 0.5. Proposition 0.5 is about the equa-

tion p = x2 - 2y2 (pprime number) and the residue of p congru-
ent modulo 8. The proof of Proposition 0.5 is similar to that of
Proposition 0.2. For an element o in Z[i] we considered the element
(Y. For an element (Y = x + yfi(x, y E Z) in Z[Jz] we consider
the element o’ = x - yfi. If p = 1,7 mod 8, then there exists
cy = x + yfi E Z[Jz] (x, y E Z) such that
p = 3xm’ = *(x2 - 2y2).
If p = --cyo’, we set /? = (1 + a)~: and obtain p = ,0@‘. 0
QUESTION 1. Show that (z, y) = (1,O) is the only integral solution to y2 =

x3 - 1.
QUESTION 2. Using the fact that Z [W] is a unique factorization do-

main, show that the only integral solutions of y2 = x3 - 11 are (x, y) = (3, f4)
and (15, &58).
(b) x3 + y3 = z’. We give a proof of Fermat’s Last Theorem

in the case 11 = 3. Our proof is essentially the same as the proof
given by Euler. First, we give an outline without giving any detail in
order to help understand the proof better. The strategy of the proof
is to use the method we used to find integer solutions to the equation
y2 = x3 - 4 and the method of “infinite descent”, which we used to
prove Proposition 1.2 in $1.1.
PROOF. Suppose we have integers x, y, z satisfying x3 + y” = z3

and x # 0, y # 0, z # 0. Among those we choose x, y, z such
that max(]z], ]y], ]z]) is the smallest. We then induce a contradic-

tion by showing that there is another solution x’, y’, z’ such that
madx’l, IY’I, Iz’l) < max(l4, Ivl, 14, 2’ # 0, Y’ # 0, z’ # 0. The
outline of the proof is as follows.
(i) First we show that we may assume that y, z are odd without
loss of generality.
(ii) Rewrite x3 + y3 = z3 as
x3 = (2 - Y)(Z - C3Y)(Z - 33Y).
(Notice that <,” = c3.) Use the same argument as the one we
used to show that x3 = (y + 2i)(y - 2i) implies both y + 2i
and y - 2i are cubes in Z[i], and we obtain the following.
(ii-l) If x is not divisible by 3, then there exist c E Z and
Q E Z[&] such that
(1) z - y = 9,
(2) z - 3Y = T3a3,
(3) z - <3y = <37x3.
(ii-2) If z is a multiple of 3, then there exist c E Z and
o E Z[&] such that
(1) z - y = 92,
(2) z - C3Y = (1 - C3)03>
(3) z - c3y = (1 - T3)$.
(iii) Seta=a+b&(a,bEZ).
(iii-l) If x is not divisible by 3, it follows from (ii-l)(2) that
y=u3-3ub2+b3, z = -u3 + 3a2b - b3.

Hence we have z-y = (a+b)(2u-b)(2b-a). Comparing
this with (ii-l)(l), we have
c3 = (a + b)(2u - b)(2b - a).
We can show that any two of a + b, 2u - b, and 2b - a
are relatively prime. Therefore, each of a + b, 2u - b,
and 2b - a is the cube of an integer. Setting a + b =
(z’)~, 2u - b = (x’)~, 2b - a = (Y’)~ (d, y’, z’ E Z),
we have (x’)” + (Y’)~ = (z’)~, x’ # 0, y’ # 0, z’ #
0, max(l4, IY’I, VI) < max(l4, 1~1,14).
(iii-2) If x is a multiple of 3, it follows from (ii-2) (2) that we
have
~=a”-6u2b+3ub2+b3, z=u3+3u2b-6ub2+b3.
Thus, we have z-y = 9ab(a - b). Comparing this with

(ii-2)(l), we have
c3 = ab(a - b).
We can show that any two of a, b, and a - b are rel-
atively prime. Hence, each of a, b, and a - h is the
cube of an integer. Setting a = (z’)“, b = ‘)3,
a - b = (1~‘)~(d, y’, z’ E Z), we obtain (z’)” + (Y’)~
(z’)3, 2’ # 0, Y’ # 0, z’ # 0, max(b’I, IY’I, “;14) /
max(l4, lyl, 14.
To complete the details of (i), (ii), (iii), we need the fo> / mg
preliminaries (a) through (d).
(a) 1 - (3 is a prime element in Z[&]. (We can prove this by the
same method as the proof of 1 + i being a prime element in
Z[i].) 3 = (1 - <3)2 x (-T3).
(b) IC, y, z are pairwise relatively prime. In fact, if a prime 1
divides two of x, y, z, it divides the third because of the re-
lation x3 + y3 = z3. Thus, (7, 7, f) is another integer solu-
tiontoz3+y3=z3, and it contradicts to the minimality of
max(lxl, IYI, 1~1).
(c) If a prime element (Y of Z[&] divides two of z - y, z - <a y, and
z - T3y, then o = (1 - (3) x ( unit). In fact, if CYdivides, say,
z-y and z-&y, then o divides (z-y)-(z--&y) = (1-&)y,
and thus cy divides y unless cy is of the form (1 - (3) x (unit).
Since 01 also divides z - y, o divides both y and z, which
contradicts the fact that y and z are relatively prime. The
cases where o divides z-y and z - <sy, or z - <3y and z - c3y
are similar.
(4 The ring ~[CY]/~Z[C 3 1consists of four elements 0, 1, C;, and
1 + <a. Thus any nonzero element in this ring is a third root
of unity. The set of units in Z[&] consists of 3~1, zt&, iC3.
The image of Ifrl in Z[&]/2Z[<3] is the class of 1, the image
of i<3 is the class of <3, and the image of ztc3 is the class of
1+<3.
About (i). It follows from (b) that only one of 2, y, z is even. Re-
placing (x, y, z) by (y, 2,~) or (z, -y, z) if necessary, we may assume
that both y and z are odd.
About (ii-l). By (a), (c) and the fact that z is not a multiple of
3 we see that any two of z - y, z - cay/, and z - c3y are not divisible
bv a common mime element in Zlt,~l. It follows from Lemma 4.2 that
each of 2 - y, z - &y, and z - c3y is the product of a cube and a unit

in Z[&]. Setting z-y = up3 (U is a unit in Z[&], p E Z[(s]), we have
(z - y)” = up”T$” = (L@)“.

Therefore (Z - y)” is the cube of an integer. By factoring into prime
elements, we see that z - y is the cube of an integer. Next, we set
_____j\___
z - &y = ucy3 (U is a unit in Z[&,] o E Z[(;]). It suffices to show
‘u = +c3. We consider it modulo 2Z[&]. Since y E z E 1 mod 2, we
have
wa3 E z - &y E 1 - (3 E <, mod 2Z[&].
From this and the fact that the cube of any nonzero eleme in
z[&]/2z[<3] becomes 1 (by (d)) we see that u = c3 mo 1 %I.
Hence, we conclude v = *t3.
About (ii-2). Since 5 is divisible by 3, 2 is divisible by 1 - &. We
have x3 = (z - y) (z - &y) (z - <,y) and
z - y G z - &y E z - t3y mod (1 - &)iZ[&].
Therefore, each of z-y, z -&y, and z - c3y is divisible by 1 - (3. We
have z - Cay $ 32[&] = (1 - &)‘Z[&], since if z - Cay E 32[&], both
z and y are divisible by 3, contradiction to (b). If we set orda(5) = m
and ords(z - y) = R, the equation x3 = (z - y)(z - &y)(z - <,y)
implies 6m = 2n + 1 + 1. Thus, we have n 2 2. Hence, we have
z - y = 9r, z - <3Y = (1 - C3)P, iJ -.3Y = (I- C3)P
(r E z, cp E W31). W e h ave (;)” = rcpq, and no two of r, cp, and

(p are divisible by a common factor in Z[&]. It follows from these
and Lemma 4.2 that each of r, cp, and $5 is the product of a unit
and a cube in Z[<s]. Therefore, we have z - y = 9c3 (c E Z) and
z - &y = w(l - &)(Y3 ( v is a unit in Z[<3], Q E Z[(3]). It suffices to
show that u = fl. By taking modulo 2Z[&], we have
Since the cube of any nonzero element in Z[C3]/2Z[&] equals 1, we

have u E 1 mod 2iZ[c3], and thus w = &l.
About (iii-l). First, we have to show that a + b, 2a - b, and
a - 2b are pairwise prime. If 1 divides two of these elements, 1 divides
3a = (u + b) + (au - b) and 3b = 2(u + b) - (2~ - b). But 1 divides
z-y, which is the product of these three numbers. Therefore 1 divides
x3, and thus x. Hence 1 # 3 by hypothesis. Thus, 1 divides a and
b, and by the expression of y and z in terms of a and b, 1 divides
4.2. ‘I’HE HEART OF ALGERHAIC NUMl%ER ‘I’HEOHY 11:1
both y and Z, which contradicts (b). Next, it is easy to see that

2’ # 0, Y’ # 0, 2’ # 0 and max(l4, Iv’l, Iz’l) < max(l4, Ml 14).
(iii-2) is similar to (iii-l) and we leave it to the reader. tl
This proof of Fermat’s Last Theorem in the case n = 3 is related

to elliptic curves. By setting X = &, Y = z. the equation x3 +
y” = .z~ is written as
/’
We denote this elliptic curve by E. Fermat’s Last Theorem in the case ,,,/
n = 3 is equivalent to the fact E(Q) = (0, (O,fl)}, which means
that E(Q) is a group of order 3; i.e., E(Q) z Z/32. Suppose that
we have an elment Q in E(Q) such that Q # 0, Q # (0, 51). When
we replaced (2, y, 2) by (y, 2, Z) or (z, -y, -CC) in the proof above, it
corresponds to replacing Q by (0,l) - Q or (0, -1) - Q. Finding
(z’, y’, z’) corresponds to finding P E E(Q) such that Q = 3P. The
fact max(]5’], ly’], ]z’]) < max(]z], ]y], ]z]) is reflection of the fact that
the height of 3P is far greater than that of P.
4.2. The heart of algebraic number theory
We will discuss the central facts in algebraic number theory,

namely, about the ring of integers of an algebraic number field, prime
factorization, the finiteness of class number and Dirichlet’s unit the-
orem. The last two are the two big theorems of algebraic number
theory.
(a) The ring of integers of an algebraic number field. All

the rings appeared in the previous section, ;Z[i], E:[n], Z[&], and
Z[fi] are examples of the ring of integers of an algebraic number
field.
We explain the ring of integers of an algebraic number field. Just
as the rational number field Q contains the ring of integers Z, each al-
gebraic number field K contains a subring called the “ring of integers
of K” (written OK). For example, if K = Q(&), then it is known
that
OK = z[<n] = { kai<:, 1T 10, ~,...,a, E Z}

z=o
TABLE 4.1
Algebraic number field Q Q( &) Q(a) Q(A)
Its ring of integers
The definition of OK is as follows: 0~ is the set of elements 0 in K

such that Q: satisfies the equation
an + Clck n-1 + . . + c,, 1 0
for some n 2 1 and cl,...,c,, E Z. (The point here is that the

coefficient of the highest degree (degree n) is 1.) An element in 0~ is
called an integer of K, or an algebraic integer if we want to distinguish
it from the usual integers. For example, <n satisfies (<7L)n - 1 = 0, and
thus it is an integer of Q(&). If we use the terminology of algebra,
“integral closure”, 0~ is nothing but the “integral closure of Z in
K”. See Appendix A, §A.1 for the generalities of “integral closure”.
When K is a quadratic field (degree 2 extension of Q), then 0~
is given as follows. We write K = Q(6), where m is a square free
integer different from 1. Then we have
We remark that if m E 1 mod 4, v is a solution of 1~’ - z - v;

i.e., it satisfies
(See Table 4.1; note that Q(o) is the field consisting of all numbers
obtained from Q and cy by four fundamental operations, and Z[o] is
the set of numbers cv written as a polynomial with Z coefficients.)
The ring of integers 0~ of K is isomorphic to iZ@” (n = [K : Q])
as additive group. In other words, there exist (3~1,. j Q~ E OK (n =
[K: Q]) such that each element of 0~ can be writ,ten uniquely as
Clcyl Jr. ..+CT,N,(C1,... , c, E Z). This can be shown as follows using
the general theory of integral closure. In general, if A is an integrally
closed Noetherian domain (see Appendix A, §A.l), F is the quotient
field of A, K is a finite separable extension of F, and B is the integral
closure of A in K, then it is known that B is a finitely generated
4.2. THE HEART OF ALGEBRAIC NUMBER THEORY 115
A-module. Let A = Z (and thus F = Q). Then we have B = 0~.

and 0~ is a finitely generated Z-module, that is, a finitely generated
abelian group. Since 0~ does not have an element of finite order
except for 0, the fundamental theorem of finitely generated abelian
groups implies that there exists an integer n > 0 such that 0~ E Z@“.
It is easy to see that this n is [K : Q].
QUESTION 3. Prove that the ring of integers of a quadratic field is as de-

scribed above.
(b) Failure of unique prime factorization. In the ring of

integers of an algebraic integer field, the law of unique prime factor-
ization (the condition (*) at the beginning of 54.1) may not hold,
unlike Z, Z[J--T], Z[n], Z[&], Z[Jz]. For example, in the ring of
integers Z[J?Z?] = {u + bm / a, b E Z} of Q(m), there is no
prime element dividing 3. In fact, we have
(4.4) 3” = (1-t J-26)(1 - J-26)

and even though the product of 1 + J-26 and 1 - &!% is in
3i%[q], neither is in 3Z[m]. Thus 3 is not a prime element
in Z[J-26]. If a: were a prime element of Z[a] dividing 3, the
argument of Proposition 4.1 and the fact that 3 is not a prime element
would impliy that 3 = ~3. If we write Q = IC + y&% (2, y E Z),
we have 3 = x2 + 26y2, but it is easy to see that there are not such
x and y. As this argument shows, the prime factorization does not
work well with Z[&QG]. Thus, we cannot apply Lemma 4.2 to (4.4).
In fact, 1 + &??6 and 1 - m are not cubes in Z[m].
(c) Decomposition into prime ideals. As is explained in the

previous paragraph, the prime factorization law may not hold for the
ring of integers of an algebraic number field. However, the ring of
intergers of algebraic number field has the “decomposition in prime
ideals” instead. We now explain “ideals” and “prime ideals”.
DEFINITION 4.3. Let A be a commutative ring. A subset a of A
is called an ideal in A if it satisfies conditions (i) and (ii).
(i) a is a subgroup of the additive group A (i.e., we have 0 E a
and “a,bEa =+ a+b,a-bEa”).
(ii) a E A, b E a implies ab E a.
EXAMPLE 4.4. (1) For elements ~1,. , cy,, in A the set {uIcyl +
. . + anan / ai, . . , a, E A} is an ideal of A. We call it the ideal
of A generated by ~1,. , cy,, and we denote it by (~1,. . , a,,). In
particular, for an elment o in A we have (a) = cuA. An ideal of the

form (0) is called a principal ideal.
We abbreviate (0) = (0) to 0 in what follows.
(2) All the ideals of Z are principal ideals (n), n integer. In fact,
if a is a nonzero ideal of Z, it is easy to show that a = (n), where n
is a element of a whose absolute value is the smallest.
An integral domain such that all of its ideals are principal ideals,
such as Z, is called a principal ideal domain. We often abbreviate
principal ideal domain to PID. Z[i], Z[J-2], Z[&] and Z[Jz] are
principal ideal domains (for Z[i], Z[G] and Z[&] see $4.3).
DEFINITION 4.5. Let A be a commutative ring. An ideal p in A

is a prime ideal if (i) and (ii) hold.
(i) If a,b E A, ab E p, then a E p or b E p.
(ii) 1 6 A (this is equivalent to p # A).
EXAMPLE 4.6. (1) If A is an integral domain and o is a nonzero

element of A, then we have
(cy) is a prime ideal ++ a is a prime element
(2) All the prime ideals of Z are (p), where p is a prime number,
and 0.
DEFINITION 4.7. For ideals a, b in a commutative ring A define

the product ab as the set of elements of the form Cy=“=,azbi (n >
1, ui E a, b, E 6). ab is an ideal of A.
THEOREM 4.8. Let K be an algebraic number field and a an ideal

of the ring of integers OK of K. Then a can be decomposed into the
product of prime ideals of the form
a=pl...p, (r 2 0, pl,...,b are nonzero prime ideals in OK),
and this decomposition is unique in the following sense. If a admits

another decomposition
a=p\...pb (~20, pi,.. . , pb are nonzero prime ideals in OK),
then we have r = s, and by renumbering pi,. . . , pb suitably, we have

p:=pz foralli=l,...,r.
The above decomposition of a is called the prime decomposition

of a. Among pi,. . . ,pT, we regroup the same prime ideals and we
4.2. THE HEART OF ALGEBRAIC NIJMBEH THEORY 117
often write
a=pyl. .pp
(g > 0, pi are distinct nonzero prime ideals of 0~ eZ 2 1).

i;
Thi theorem is a result of the fact that 0~ is a Dedekind domain
(see AppL dix A, sA.1). Though it is an important theorem, we
consider it to be~patimmof- the general theory of algebra, instead of
number theory. Thus, we do not give a proof here. We give a summary
of the theory of the Dedekind domain in Appendix A. We recommend
that the reader look up any booki of ring theory for detail. The
argument goes roughly as follows. The ring Z is a principal ideal
domain (see Example 4.4), and a principal ideal domain is a Dedekind
domain. Thus, Z is a Dedekind domain, and OK, the integral closure
of Z in K, is also a Dedekind domain (see Appendix A, sA.1; the
integral closure of a Dedekind domain in a finite extension of its field
of fraction is once again a Dedekind domain).
In a Dedekind domain any nonzero ideal admits a unique decom-
position into prime ideals (see Appendix A, 5A.2)
An ideal of a Dedekind domain can be written as (~1,. . . , a,)
with a finite number of elements (~1,. . . , cy, (see Appendix A, sA.1).
However, a Dedekind domain is not necessarily a principal ideal do-
main, and an ideal may not be written as (a).
EXAMPLE 4.9. Let K = Q(m). Consider an ideal
a = (3, 1+ J?%), b = (3,1- GZ)
in 01~ = Z[JZ%]. The ideals a, b are prime ideals which are not
principal. We have
(3) = l-lb, (1 + J-26) = 113, (1- J-26) = 6”.
Both sides of (4.4) cannot be factored further, but as an ideal it
decomposes as
(3”) = a”b” = ((1-t J-26)(1 - J-26)).
Theorem 4.8 can be generalized to Theorem 4.12 below, which

is a theorem concerning “the decomposition of fractional ideals into
prime ideals”.
-
‘See, for example, M. Atiyah and I. G. MacDonald, Introduction to Com-
mutatzwe Algebra, Addison-Wesley, Reading, Mass., or Chapter 7 of N. Bourbaki
Algibre Commutatzve, Herman, Paris.
DEFINITION 4.10. Let K be an algebraic number field. A subset

a of K is a fractional ideal of 0~ if one of the following two equivalent
conditions holds.
an element c in 0~ such that ca is a nonzero
finitely generated OK-submodule of K.

For an elementninKX1Ye denote by (0) the fractional ideal
@OK. A fractional ideal of the form (cr) (o E KX) is called a principal
fractional ideal.
DEFINITION 4.11. Let K be an algebraic number field. For frac-

tional ideals a, b in K we define the product ab as the set of all ele-
ments of the form Cy=“_, aibi (n 2 1, ai E a, b, E 6). ab is a fractional
ideal of OK.
THEOREM 4.12. Let K be an algebraic numberfield, and a a frac-

tional ideal of OK. Then a is written as
a= Jp,
P
where p runs all nonzero prime ideals of OK, ep E Z and ep = 0

except for a finite number of p. The set of all fractional ideals of 0~
is a group under the multiplication defined in Definition 4.11; 0~ is
its identity element and the inverse of a is given by
a -’ = {x E K / xa c OK}
This theorem, too, follows from the theory of the Dedekind do-
main since 0~ is a Dedekind domain (see Appendix A, ljA.2)
It was Kummer who first showed, around 1845, that the law of
prime factorization fails for the ring Z[&] (n > l), but the law of
prime decomposition of ideals holds. To be precise, Kummer in-
troduced the notion of “ideal numbers” instead of ideals. It was
Dedekind who, around 1863, defined the ring of integers of an al-
gebraic number field and the notion of ideal, and proved the law
of unique prime decomposition for the ideals. The notion of ideals,
which was born in number theory, became quite important in all
areas of mathematics such as algebraic geometry (see, for example,
D. Eisenbud and J. Harris, Schemes-The Language of Modern Al-
gebraic Geometry).
4.2.THE HEART OF ALGEBRAIC NUMBER THEORY 119
(d) Ideal class group and unit’ group. It is considered that

the ideal class group is the most impbrtant group appearing in alge-
braic number theory, and the unit group is the second.
DEFINITION 4.13. Let K be an algebraic number field.

(1) The ideal class group of K is the quotient ot the group of
fractional ideals of 0~ (Theorem 4.12) by the subgroup con-
sisting of principal fractional ideals (Definition 4.10). We
denote it by Cl(K) or C1(0~).
(2) The unit group of K is the group Og, the group that consists
all the units in OK.
LEMMA 4.14. Let K be an algebraic number field. Then, condi-

tions (i), (ii) and (iii) are equivalent.
(i) The ideal class group Cl(K) is reduced to the identity ele-
ment.
(ii) The integer ring 0~ is a principal ideal domain.
(iii) Every nonzero element in 0~ can be factored into the product
of prime elements, and the factorization is unique in the sense
of $4.1.
PROOF. The proof is left to the reader. 0
EXAMPLE 4.15. If K = Q, Cl(Q) consists of only one element,

and the unit group of Q is Zx = {il}.
We discuss the meaning and importance of the ideal class group

and the unit group.
We can say that the ideal class group and the unit group measure
the difference between “numbers and ideals”. The ideal class group is
the cokernel of the homomorphism from Kx to the group of fractional
ideals given by cy H (a), while the unit group is its kernel. The
sizes of the kernel and the cokernel indicate how this homomorphism
differs from an isomorphism. Also, Lemma 4.14 shows that the ideal
class group measures the “failure of the prime factorization law”. For
example, consider the prime factorization of 7 in the ring Z[J2]. We
have
(4.5) 7=(3+&?)(3-Jz)=(5+3Jz)(5-3Jz)
= (27 + 19&)(27 - 19fi) = ...
As we can see from the identity 3 + &’ = (5 - 3&)(1 + a)“, many

different prime factorizations of 7 shown in (4.5) are obtained by
multiplying by a unit in a(&) such as (1 + a)“. Thus, the prime

factorization of 7 is unique in the sense of §4.1(*). But, since there are
infinitely many units in Q(a), the situation of prime factorization in
Z[fi] seems somewhat different from that of Z, as we can see in (4.5).
Fermat did not arrive at the notion of the ring Z[Jz] or the units
thereof, but he realized that “the equation 7 = x2 - 2y2 has infinitely
many solutions suchas 7 = 32-2x12 = 52-2~32 = 27”-2x1g2 = ...
because the equation 1 = x2 - 2y2 has many solutions”, and he began
to study Pell’s equation in Proposition 0.6
As this shows, the ideal class group and the unit gr of K
indicate how the law of prime factorization in 0~ is different r
that of Z. If we understand how different the properties are, w
expect that we can understand K well (even if, for example, the 1 w
of prime factorization, which played an essential role in $4.1,3 not
hold). For this purpose it is important to know the ideal class group
and the unit group. As we will see later, the ideal class group and
the unit group play some mysterious roles, as they are related to zeta
functions and class field theory.
(e) Two main theorems in algebraic number theory. Here

we introduce two important theorems, Theorems 4.16 and 4.21, con-
cerning the ideal class group and the unit group. Proofs of these
theorems will be given in Chapter 6, 56.4 in Volume 2.
THEOREM 4.16. The ideal class group of an algebraic number

field is a jinite group.
DEFINITION 4.17. The order of the ideal class group of an alge-

braic number field is called the class number of the algebraic number
field.
EXAMPLE 4.18. Consider K = Q(m). We will see in 54.3

that the class number of K is 6. Setting a = (3,l + &%), c =
(2, v’?%?I), we have
a3 = (1+ pi%), c2 = (2),
and we have
Z/32 CE Z/2Z 3 Cl(Q(J-26));
(m,n) H (class of a)nL(class of c)”
In order to state Theorem 4.21 we define the notion of real places

and imaginary places.
1.2. THE HEAItT OF ALGEBRAIC NUMBER ?'HEORY 121
DEFINITION 4.19. Let K be an algebraic number field.

(1) A real place of K is a homomorphism from K to IR.
(2) An imaginary place of K is a homomorphism 0 from K to @
such that u does not satisfy a(K) c R. We regard 0 and its
conjugate a : K + @; 5 H g(z) as the same place.
PROPOSITION 4.20. Let r1 be the number of real places and r2
the number of imaginary places. Then, we have
[K: Q] =rl +27-z.
PROOF. We know from field theory that there are [K: Q,] homo-
morphisms from K to C. Among those there are r1 homomorphisms
whose image is contained in IR, and 2~ whose image is not in If& 0
THEOREM 4.21 (Dirichlet’s unit theorem). The unit group of an

algebraic number field K is a finitely genera.ted abelian group. More -,,’
precisely, if r1 is the number of real places, r2 is the number of imag-
inary places and r = r1 + r2 - 1, then we have
0; ” i%” @ (finite cyclic group).
The finite cyclic group above is the group formed by all the roots
of unities in K.
EXAMPLE 4.22. For K = Q(a) we have ri = 2, r2 = 0, and
o;r{f(l+JZ)n 1 nEZ}“Z@z/22.
In general, for a real quadratic field K (a quadratic field Q(Jm)
with positive m) we have ri = 2, r2 = 0, and K does not contain
roots of unity except for *l. Thus, there is an element E in 0: such
that
0; = {*En 1 n E 25).
Such a unit E is called a fundamental unit in K. For example 1 + fi
is a fundamental unit in Q(a).
EXAMPLE 4.23. If K = Q(fi), we have ri = 1, rz = 1 and
0; ” {*(l - q-5)“; n E Z} rzC3z/2z.
EXAMPLE 4.24. We have ri + r2 - 1 = 0 only when K = Q or

K is a quadratic imaginary field (i.e., K = Q(Jm), m a negative
integer; in this case we have r1 = 0, r2 = 1). Therefore,
OKx is a finite group

M K = Q or K is an imaginary quadratic field.
122 4.ALGEBRAIC NUMBER THEORY
EXAMPLE 4.25. Let c7 be a primitive 7-th root of unity. If K =

Q(<T), then ~1 = 0 and r2 = 3.
EXAMPLE 4.26. If K = Q(cT + C;l), then we have r1 = 3 and
We will explain below only Example 4.22. Examples 4.25 and

4.26 are parts of Iwasawa theory. They are also related to 54.4.
Let us use Dirichlet’s unit theorem to prove a statement related ’ ’
to Pell’s equation (§0.4), in particular Fermat’s Proposition 0.6.
PROPOSITION 4.27. Let N be a natural number that is not a

square. Define
PN = {(x, y) E Z x Z ) x2 - Ny2 = H},

p& = {(x,!/) E PN 1 32 > 1, !/ > 1).
(1) There is a bijection 0: PN + Z[m]‘; (x,y) H 2 + yfl

between the multiplicative group Z[fl] x consisting of all the
units in Z[JN] and the set PN.
(2) Let (XO,YO) b e an elem,ent of Pf, whose x-coordinate is the
smallest. Then, (x0, yo) is an element of PA whose y-coordi-
nate is also the smallest, and we have
Z[Jlvl” = {&(x0 + yoJNy 1 n E Z},

Q(Ph) = ((x0 + y0JN)” 1 n 2 l}.
From Proposition 4.27(2) we see that Z[filx = {k(l + fi)lL 1

n E Z}, since both z- and y-coordinates of (1,l) E Pi are clearly
minimal in Pk.
PROOF OF PROPOSITION 4.27. We show (1). The map
f:Z[v%]+Z; x+yv%-+(x+yv%)(x-ym)=x”-Ny”,
4.2. THE HEART OF ALGEBRAIC NUMBER THEORY 123
(z, y E Z) preserves multiplication. Thus, it maps the units in ;Z[fi]

to the units in Z, namely, fl. Therefore, we have
x + yv% E I+‘%]’ M x2 - Ny2 = zkl
for any 2, y E Z. (1) follows from this.

To prove (2) we note that if u = ~7:+ yfi E Z[filx (2, y E Z),
we have
{&IL, &u-l} = {x + y&v, x-yyJN,-x+yJN,-x-y&v). \
Therefore, if u # 61, one and only one of fu and fu-’ belongs to

0(%).
We prove (2) using Dirichlet’s unit theorem. First we show that
the group Z[&V] x is an infinite group. Let K = Q(m). We have
Z[&V] C OK, and it is easy to see that there exists a natural number
m such that mOK c Z[fi]. By Dirchlet’s unit theorem 0; has an
element u of infinite order. We prove that un E ZIJNlx for a certain
n > 1. Since (O,/mO,)X is a group of finite order, there exists
n > 1 such that the image of un in (O,/mOK)’ is 1. Thus, both
n - 1 and U-~ - 1 belong to mOK, and both un and uAn belong to
;,fi]. H ence we obtain un E Z[V%]’ .
Therefore, Z[fi] ’ is an infinite subgroup of 02 E Z@iZ/2Z, and
it contains fl. Thus there exists E E Z[&Vlx such that Z[fi]’ =
{ztzn / R E Z}. By replacing E by 3~ or fe-’ if necessary, we may
assume that E E d(Pf,i). Let E = XI+ ylv’% (21, y1 natural numbers).
Then for n > 2, we have
(Xl + y1 JN)” = 2’ + y’fi, x’, y’ E z, 5’ > Xl, y’ > y1.
This means that (21, yi) is an element in PA whose z-coordiante and

y-coordinate are minimal. Hence we have @(PA) = ((51 + ylfi)” )
n 2 l}. 0
Finally, we prove Fermat’s Proposition 0.6.
PROOF OF PROPOSITION 0.6. Ifo E Z[v’8]‘, we have f(o”) =

f(a)” = (11)2 = 1, where f is the map defined above. Therefore,
elements (z> y) in the subset of P,TJ that corresponds to the infinite set
{cy” 1 a E Z[&V]x} through Proposition 4.27(l) satisfy the equation
x2 - Ny2 = 1. Therfore, this equation admits an infinitely many
soulutions. cl
4.3. The class number formula

for imaginary quadratic fields
In order to study the arithmetic of an algebraic number field, it

is important to know its class number. In this section we explain how
the class number of an imaginary quadratic field is related to a value
of a < function, and how it can be computed using this relation.
Let K be an imaginary quadratic field (a quadratic field that
cannot be in R). We have K = Q(e), where m is a square free
integer satisfying m < 0. Define
ifmcl mod4,
N= I;“‘,
m if m E 2,3 mod 4.
i
By computing y using the quadratic reciprocity law, we see that

( )
there is a unique Dirichlet character
x: (Z/NZ)X + {il} c Cx
such that for any prime number p not dividing m we have

m
(4.6) = x(p mod N)
(-1 P
(see Question 4 in Chapter 2). The character x can be expressed

explicitly as follows. For an integer a relatively prime to N we have
x(u mod N) = (n (:)) O(U),

I
where 1 runs all odd prime numbers dividing m, and e(a) is defined
as follows.
(1) If m E 1 mod 4, then 19(a) = 1.
(2) If m E 3 mod 4 and a E 1 mod 4, then 6(u) = 1; if m E 3
mod 4 and a E 3 mod 4, then e(u) = -1.
(3) If m is even, then 19(u) = 1 for a E 1, 1 - m mod 8 and
0(u) = -1, otherwise.
The above definition of x may seem complicated. It is possible
to define it in a simpler way using the material in Chapter 5, $5.2 of
Volume 2 as follows. Since K c Q(<N) (<N is a primitive N-th root
of unity), we define x using Galois theory as follows:
(Z/NZ)X ” Gal(Q(C,v)/Q) ir) Gal(K/Q) ” {*l} c cx.

4.3. THE CLASS NUMBER FORMULA 125
(We will explain the first isomorphism in Chapter 5 in Volume 2. (*)

is the restriction of an automorphism of Q(&) to K.)
THEOREM 4.28. Let K be an imaginary quadratic field and m,

N, and x as above. Let hK be the class number of K, and wK the
number of roots of unity contained in h’. Then we have
WKfi
hK = yL(o,X) = FL&X).
Theorem 4.28 will be proved in Chapter 7, 57.5 in Volume 2.
QUESTION 4. Show that WK = 4 if K = (@(J-l), WK = 6 if K = Q(&3),

and UJK = 2 for any other quadratic imaginary field K.
By Corollary 3.21 we have
COROLLARY 4.29. Let K, m, and N be as above. We have
hK = -$c ax(a).
a=1
Theorem 4.28 or Corollary 4.29 is called the class number formula

for the imaginary quadratic fields. Let us compute the class number
of some examples using the class number formula.
EXAMPLE 4.30. K = Q(a). Then, we have WK = 4, N = 4,

and x : (iZ/4Z)’ + Cx is given by x(1 mod 4) = 1, x(3 mod 4) =
-1. By Corollary 4.29 we have
hK = -& eax(a) = -i(l - 3) = 1.

a=1
Note that using Theorem 4.28, we have
wKV@ 4x2
hK = FL&X) = 7 . L(l, x) = ; . L(l> x) .
Therefore, Leibniz’s formula
L(l,x)=l-~+:-:+~-lll+...--a
shows that hK = 1.
It seems rather mysterious that Leibniz’s formula is related to the
fact that the class number of Q(n) is 1. This is the entrance to
the “third mystery of the C function”.
126 4. ALGEBRAIC NUMBER 'THEORY
EXAMPLE 4.31. K = Q(a). Then, we have WK = 6, N = 3,

and x : (Z/S@’ + cx is given by x(1 mod 3) = 1, x(2 mod 3) =
-1. By Corollary 4.29 we have
hK=-- 2 z 3 -&zx(u) = -(l - 2) = 1.

a=1
Using Theorem 4.28 once again, we have
h =sxa
K ~.
27r
L(l,x) =
7T
Thus, Euler’s formula L(l,x) = & expresses the fact that the
class number of Q(a) is 1.
Note that even if we do not know that the exact value of L(1, x)
is &, we may be able to obtain hK = 1 from the formula hK =
@7r . L(1, x). For, the formula
L(l,x) = 1 - ; + ; - ; +. . . < 1
implies
hK = *. L(l,x) < !+ < 2,

T 7r
and hK = 1 follows from this inequality number. since hK is a natural
As we can see from this example, we may be able to compute hK from
the class number formula hK = eL(l,y), together with some
approximate value of L( 1, x) .
EXAMPLE 4.32. K = Q(m). We have WK = 2 and N =

4 x 26 = 104. In the proof of Proposition 2.8(3), we calculated (fi)
for an integer a relatively prime to 104. Using this, we see that
x(u) = 1 if and only if a mod 104 is one of the following:
1, 3, 5, 7, 9, 15, 17, 21, 25, 27, 31, 35, 37,
43, 45, 47, 49, 51, 63, 71, 75, 81, 85, 93.
It follows from this that Cp!i UX(U) = -624, and thus we have
hK = - & x (-624) = 6.
QUESTION 5. Using the class number formula for the imaginary quadratic
fields, find the class number of the following fields: Q( J??), Q(JT), Q(Jq)
and Q(J-10).
4.4. FERMAT’S LAST THEOREM AND KUMMER 127
Baker and Stark proved in 1967 that the only imaginary quadratic
fields whose class number is 1 are the following nine fields:
Q(J-i), Q(J--2), Qw-1, Q(v-3, Q(J-il),

Q(m), Q(m), Q(d=@), Q(d=%).
Gauss conjectured that there are infinitely many real quadratic fields
whose class number is 1, but this assertion has not been proved to
this date.
4.4. Fermat’s Last Theorem and Kummer

In order to show Fermat’s Last Theorem:
If n 2 3 and (z, y, Z) is an integer solution to x7L + yTL = zn,
then zyz = 0,
it is sufficient to show this assertion when n = 4 and when n is an
odd prime number. For, if Fermat’s Last Theorem holds for m and
n = m . I-, the equation xn + yn = 2” implies xyz = 0 because we
have (z~)~~ + (y”)” = (z’)~.
We proved the case n = 4 in Chapter 1, 51.1 and the case n = 3
in Chapter 4, $4.1. We consider the case where n is an odd prime
number greater than or equal to 5. Following Kummer, we divide
this into two cases: the case where none of x, y, z is divisible by p
(the first case), and the case where one of 5, y; z is divisible by p
(the second case). Kummer proved Fermat’s Last Theorem in the
case n = p under the assumption that the class number of Q(&,) is
not divisible by p. In the following we discuss Kummer’s proof in the
first case.
(a) Proof of the first case.

PROPOSITION 4.33. Let p be a prime number greater than or
equal to 5. Suppose that the class number of Q(&) is not divisible
by p. If none of x, y, z E Z is divisible by p, then x, y, z do not
satisfy
xp + yp = 2.
Unlike Q(&), which we considered in relation to the equation

x3 + y3 = z3 in $4.1, the law of unique prime factorization in Q(&,)
often fails. This is where the difficulty lies. (In fact, it is known that
the class number of Q(6) is not 1 if p is greater than or equal to 23.)
In the proof of Proposition 4.33 below we overcome this difficulty
128 4.ALGEBRAIC NUMBER THEORY
by studying the ideal class group and the unit group. The ideal
class group appears in Proposition 4.33 under the form of the “class
number”, and the unit group plays an important role in the proof
of Proposition 4.33 (see Lemma 4.36 below). The following lemma
replaces Lemma 4.2, which was proved in 54.1 using the unique prime
factorization.
LEMMA 4.34. Let K be an algebraic number field, al,. , a, and

b nonzero ideals of OK, k a natural n,umber and al . . . aT = 6”. Fur-
thermore, if i # j, we suppose that a, and a3 are relatively prime (i.e.,
there is no prime ideal dividing a, and a3 simultaneously). Then for
each i there is a nonzero ideal bi in 0~ such that ai = 6:.
This lemma can be proved by considering how many times each

prime ideal of OK appears in the prime ideal decomposition of
al,..., a,. and 6. This is similar to the proofs of Lemmas 1.7 and
4.2, where we used the unique prime factorization of numbers.
We will prove the following Lemma 4.35 in Chapter 6, 56.3(e) in
Volume 2.
LEMMA 4.35. Let p be a prime number. We denote cP by <, and

Q(c) by A for simplicity. Then we have:
(1) A = WI.
(2) [Q(c): Q] = p - 1 (left-h an d sz.d e is the degree of jield ezten-
sion).
(3) The only roots of unity in Q(c) are of the form *(p-th root
of unity) .
(4) The ideal (1 - <) zs a p rzme ideal of A, and (p) = (1 - 0P-l
is the prime ideal decomposition of the ideal (p) in A.
(5) For 1 < i 2 p - 1, we have (1 - <) = (1 - <“).
PROOF OF PROPOSITION 4.33. We keep the notation < and A of

Lemma 4.35. We suppose (z, y, 2) is an integer solution of zp+y” = 9
satisfying p { xyz, and we derive a contradiction. By dividing by t,he
greatest common divisor of (x, y, z), we may assume that the greatest
common divisor of (2, y, 2) is 1. Because of the equation XP + yp = 9,
a prime factor of any two of x, y, z divides the third. Thus, x, y, z are
pairwise relatively prime. Moving y” to right-hand side and factoring
the equation in A = Z[<], we have
(4.7)
1.4. FERhlA’l”S L4S’I’ THEOIIE~l AN13 KU~IIVE:H 129
Using the fact that p does not divide the class number, we show that
there exist a unit u in A and an element a in A such that
(4.8) z - <y = u. ap.
To do so, we first show that the ideals (Z -<‘y) (0 < i < p- l), which
appear in the right-hand side of (4.7), are pairwise relatively prime.
Let 0 < i < j 5 p - 1 and let p be a nonzero prime ideal that
divides both (Z - <“y) and (z - <J y). It follows from the fact z -
<“y, z - CJy E p that (C’ - <J)y/, (<” - <J)z E p. Thus, we have
cc1 - PHY, 2) c P. s ince y and z are relat)ively prime: we have
(y,z) = (1). By Lemma 4.35(5), we have (1 - <I-“) = (1 - <). Since
(1 - <) is a prime ideal (Lemma 4.35(4)), we have (1 - <) = p. By
(4.7) we have xP E p. and t)hus we have x E p. Since p n Z = (p), we
have p 1 x, which contradicts the hypothesis p + xyz.
It follows from Lemma 4.34 that the ideal (z-<“y) (0 < i 5 p- 1)
is the pth power of an ideal 6, in A.
If we set (Z - <y) = ap, the p-th power of the class of a in Cl(A) is
the identity element. But, the order of Cl(A) does not divide p, and
thus the only element whose p-th power is the identity is the identity
itself. Therefore, a is a principal ideal. Let a be a generator of a.
Then we have (Z - <y) . aep E AX, and (4.8) is proved.
Before going further, we show that we may assume y $ --z mod p.
If y E --z mod p? then we use the substitution xi = -2, zi = -x.
Then we have ~7 + y” = z:. It suffices to show that y $ -21 mod p.
If not, we have IC E y E -Z mod p, and thus we see 2s” E -xv mod p
by substituting in xp + yP = zP. S’mce p # 3, we have x 3 0 mod p,
which is a contradiction.
In order to derive a corkradiction from (4.8) we use the following
Lemmas 4.36 and 4.37.
LEMMA 4.36. Let p be an odd prime number, and let < und A be
the same as in Lemma 4.35. Let r : Q(() + Q(c) be the complex
conjugution, and let B = {a E A 1 T(Q) = a}. If p,, = {CL 1 0 < i <
p - l}, then we have
AX = pP x BX.
We will prove Lemma 4.36 later using Dirichlet’s unit theorem.
LEMMA 4.37. We denote also by r the automorphzsm of 2 =
A/pA mduced by 7. Let 2 = {a E A ( ~(01) = 0~). Then we have the
following:
(1) ,4 basis of 2 over IF, is given by {Cl 1 1 ( % 2 p - l}.
(2) A basis of B ower IF, is given by {<’ + CPi 1 1 < i < q}.
(3) xp = {a” E 2 ) c-u E A} is equal to IF,, and it is contained
in B.
Let us show that (4.8) induces a contradiction once we admit

Lemmas 4.36 and 4.37. First, it follows from Lemma 4.36 that there
exist <’ E pp and u E BX such that u = <‘u. We have u mod pA E B,
and from Lemma 4.37 we have ap mod pA E B. Thus, we have
<‘-l (z - <y) mod pA = uap mod pA E B. We divide into cases ac-
cording to C’. In the following we omit “mod PA” for simplicity.
(a) If <’ = 1, then z - <y E B. Since z E B, we have y< E B. It
follows from Lemma 4.37(l) and (2) that y = 0 mod p, which
contradicts the assumption.
(b) If C’ = <, then z . C-l - y E B. Since y E B, we have
z C-l E B. It follows from Lemma 4.37(l) and (2) that
z E 0 mod p, which is a contradiction.
(c) If I’ # 1, <, then z. C’-’ - y<<‘-l E B. By Lemma 4.37(l)
and (2) we have C’ = <<‘-l and y z -z mod p. This also
contradicts the assumption.
Therefore, if we admit Lemmas 4.36 and 4.37, we have finished
the proof of Proposition 4.33.
We now prove Lemmas 4.36 and 4.37. We first prove Lemma 4.37.
PROOF OF LEMMA 4.37. From Lemma 4.35(l), (2) and the fact
1+ < + ‘. . + p-1 T 0, we can take {<” 1 1 5 i < p - l} as a basis of
A over Z. Thus, {<” 1 1 < i < p- l} is a basis for 2 = A/pA over IF,.
This shows (1). Since 7 sends <” to <-“, (2) follows easily from (1).
Let us show (3). Take cy = CrI; aici E 3, a, E F,. In a ring,
such as A, in which p equals 0, the p-th power map preserves addition
and multiplication. Thus, we have ap = CTil aL E F,. Therefore,
we have A” = F,. The other assertion is clear. 0
PROOF OF LEMMA 4.36. It suffices to show that the canonical

map pup + AX/B x is an isomorphism. Consider the homomorphism
of groups f : Ax + AX given by f(a) = Q/~(Q). The kernel of this
homomorphism is given by (0 E AX I (u = T(D)} and it equals Bx
Thus the image f(AX) is isomorphic t,o AX /BX. On the other hand,
the restriction of f to pp is the square map pp + pp, and it, is an
isomorphism onto pp. Thus, it suffices to show that the image f(AX)
equals fbp) = Pp.
4.4. FERMAT’S LAST THEOREM AND KUMMER 131
First we show that f(AX) is finite. It suffices to show that BX

has finite index in AX; i.e., the ranks of AX and BX as finitely
generated abelian groups are the same. (An T such that ” 2ZBr @
(finite abelian group) is called the rank.) Let
K = {cl E a$(() I T(Q) = a} = Q!(( + <-I).

The ring B is the ring of integers of K. We compute the rank of AX
and of BX using Dirichlet’s unit theorem. First Q(c) does not have a
real place and the number of the complex places is $ [Q(C) : Q] = q.
Thus, by Dirichlet’s unit theorem, the rank of AX is &$ - 1. Next,
K does not have a complex place and the number of the real places
is[K:Q]=%$. Th us, by Dirichlet’s unit theorem the rank of BX
is also &$ - 1. Thus the finiteness of f(AX) g Ax/B’ is proved.
Therefore, the image f(AX) consists of roots of unity in Q(&).
It follows from Lemma 4.35(3) that the set of all the roots of unity
in Q(c) equals {+$ 1 0 5 i 5 p - 1). We have already seen that
pLp c f(AX), and thus it suffices to show -1 @ f(A”) in order to prove
,+ = f(AX). It suffices to derive a contradiction assuming cy E AX
and T(Q) = --(Y. It follows from Lemma 4.35(5) that 7 preserves the
ideal (< - 1). S’mce A/(< - 1) g IF,, the action of 7 on A/(< - 1) is
trivial. This contradicts the fact T(Q) E -a~ mod (< - 1). 0
(b) Kummer’s criterion. For which prime number p does

Kummer’s assumption, “p divides the class number of a(&)“, hold?
Kummer proved the following theorem, which relates this question to
the values of the < function. The following theorem is called Kum-
mer’s criterion.
THEOREM 4.38. Let p be a prime number. Then the conditions

(i), (ii), and (iii) are equivalent.
(i) The prime number p does not divide the class number of
Q,(G).
(ii) For any negative odd number m the numerator of ((m) is not
divisible by p.
(iii) For any negative odd number m satisfying Irnl < p - 4, the
denominator of C(m) is not divisible by p.
Thanks to the relation between c(m) and ((1 -m) shown in 53.3,
condition (iii) is equivalent to the following condition (iii)‘.
(iii)’ For all positive even numbers f less than or equal to p - 3,
the numerator of <(r)r?’ is not divisible by p.
132 4. AI,GEUI~AI( NUMBER THEORY
Using Example 3.23, we see (iii). The above theorem implies that
all the prime numbers p less than or equal to 17 satisfy the condition,
“p does not divide the class number of Q(&)“, but 691 divides the
class number of Q(&i).
We discuss Kummer’s criterion at the beginning of Chat,per 10 in
Volume 3.
Summary
4.1. A finite extension of the rational number field is called an

algebraic number field. Algebraic number theory is a poweful theory
that studies algebraic number fields.
4.2. Just as we have the ring of integers in the rational number
field, an algebraic number field K contains a ring called the ring of
integers of K and it is denoted by 01~. In 0~ each element may
not be factored uniquely into the product of prime elements, but
any ideal may be factored uniquely into the product of prime ideals.
4.3. For an algebraic number field two important groups, the
ideal class group and the unit group, are defined. These groups
measure the difference between numbers and ideals. There are two
important theorems: finiteness of the ideal class group and Dirch-
let’s unit theorem.
4.4. These groups are related to { functions. In this chapter the
relation between the ideal class groups of quadratic number fields
and C functions (the class group formula for the quadratic number
fields) is discussed.
Exercises
4.1. Let p be a prime number. Show that the following two

properties (i) and (ii) are equivalent, using the fact, that the class
number of Q(n) is 1.
(i) There exist integers z and y satisfying p = x2 + zy + 2y2.
(ii) p E 1,2,4 mod 7 or p = 2,7.
4.2. Let n be a natural number. Show t,hat, the following t,wo
properties (i) and (ii) are equivalent.
(i) There exist integers z and y satisfying n = 2’ + y2.
EXERC‘ISES 1x3
(ii) ord,(n) is even for any prime number p congruent to 3 mod-

ulo 4.
4.3. Let p be a prime number congruent t,o 1 modulo 4 and let
n be a natural number. Show that there exists a unique triangle
with integer sides such that the length of the hypotenuse is p” and
the greatest of common divisor of the length of three sides is 1.
4.4. Show that the unit group of Q(d) is {~t(2+&)” 1 rl E Z}.
4.5. Let a and b be fractiona. ideals of a Dedekind domain A
(see Appendix A. 5h.2). Suppose that
a= rJPQ> b = npb,
P P
are prime factorizations of a and 6. (Here p runs tjhrough all the

nonzero prime ideals of A: and up and b, are integers that are
nonzero only for a finitely many p’s) Define cP = max(aZp, bp)
and d, = min(ap, hp). Show that the prime factorization of t)wo
fractional ideals of A, a n b and a + b = (2: + y 1 z E a. y E 6) are
given by
(see Appendix A, 9A.2):

4.6. Using t,he fact that the class number of Q(a) is 2. and
thus it is not divisible by 3, show that (2, ;y) = (6,14) is the only
natural number solution of y2 = 2” - 20. (In 54.4 we used t,he fact
that the class number Q(&) is not divisible by p to prove Fermat‘s
Last Theorem in the first case. Use a similar method.)
APPENDIX A
Rudiments on Dedekind domains
In this appendix we give a summary on the fundamentals on

Dedekind domains. In what follows a ring means a commutative
ring.
A.l. Definition of a Dedekind domain
A ring A is a Dedekind domain if A satisfies the following condi-

tions:
(1) A is a Noether ring.
(2) A is an integrally closed domain.
(3) Any nonzero prime ideal of A is maximal.
Let us explain the terminology that appears in the above defini-
tion. A ring A is a Noether ring if A satisfies the following condition:
(1) Any ideal of A is finitely generated.
This condition is equivalent to any of the following conditions:
(2) If ai c a2 c a3 c . . is an ascending chain of ideals of A,
then there exists N such that aN = aN+i = a&7+2 = .
(3) If Q is a nonempty set of ideals of A, then there exists an
ideal a in Q satisfying the condition: If b E 9 and b > a,
then b = a.
(4) Any submodule of a finitely generated A-module is again
finitely generated.
A ring A is a domain if A is different from (0) and if it satisfies
the condition:
for a, b E A ab = 0 implies a = 0 or b = 0.
If A is a subring of B, an element z in B is said to be integral

over A if x satisfies an equation with coefficients in A:
xn + UlX n-1 +. + (Jr2= 0 (a, E A, n is a natural number ).
13 :,
The set {X E B 1 J: is integral over A} is a subring of B. This
subring is called the inte.qml closure of A in B. If A is a domain,
the integral closure of A in its field of fractions is called the integral
closure of A. If the integral closure of A equals A itself, then A is
said to be integrally closed.
An ideal a in A is a prime ideal if the quotient ring A/a is a
domain. This is equivalent to (1) and (2) below:
(1) If ab E a, then a E a or b E a.
(2) 1$ a.
An ideal a in A is called a maximal ideal if the quotient ring .4/a is
a field. This is equivalent to (1) and (2) below:
(1) An ideal of A containing a is eit,her A or a.
(2) I@ a.
A maximal ideal is a prime ideal, but the converse does not, hold in
general. For example, the zero ideal of Z is a prime ideal but not a
maximal ideal.
EXAMPLE A.1 (Dedekind domain). (1) A principal domain (see
Example 4.4) is a Dedekind domain.
(2) Let A be a Dedekind domain, and K its field of fractions. If
L is a finite extension of K and B is the integral closure of A in L,
then B is a Dedekind domain.
A.2. Fractional ideal
Let, A be a domain. A fractional ideal of A is a nonzero finitely

generated A-submodule in the field of fractions K of A. For a nonzero
element a E KX , the set (a) = {ab 1 b E A} c K is a fractional ideal
of A. Such a fractional ideal is called a principal fractional ideal.
For fractional ideals a and b of A we define the product a. b as the
A-submodule of K generated by a. b (a E a, b E 6). If for a fractional
ideal a of A there exists a fractional ideal b satisfying a. b = A, a is
said to be invertible. Since (a) . (a-‘) = A, any principal fractional
ideal is invertible.
The set D(A) consisting of all invertible fractional ideals of A is
an abelian group under the multiplication defined above. The ideal
A is the identity element, and the inverse of a E D(A) is given by
a-‘={bEK/bacA}. ThemapKX ----f D(A) given by a H (a) is
a homomorphism of groups, and its kernel equals AX.
THEOREM A.2. Let A be a Dedekind domain and 5’~ the set of
all nonzero prime ideals of A. Then
R.2. FRACTIONAI> InEAL I37
(1) Any fractional ideal of A is in,vertible.

(2) Let Z(‘.l) be the free abelian group generated by S.4. Then
the natural map
Z(““) + D(A); (eP)PESa H n p’p

PESA
is an isomorphism of groups.
(3) For a = n p’p an,{1 b = n p”; , a c b is equivalent to the fact
that for any p we have ep > eb.
For a Dedekind domain A the cokernel of the natural map KX +

D(A) is called the ideal class group of A and written Cl(A). We
have Cl(A) = {fractional ideals}/{p rincipal fractional ideals}. A is a
principal ideal domain if and only if Cl(A) = 0.
Answers to Questions
In what follows we write ord,(a) to indicate which power of the prime

number p divides the integer a (see 51.3 and 52.4).
Chapter 1
1.1. Suppose that a is the square of a rational number T. For any

prime number p we have ord,(a) = 2ord,(r). Since ord,(a) 1 0, we have
ord,(r) 2 0. The number T is an integer since we have ord,(r) 2 0 for all
prime numbers p.
1.2. Suppose that p is a prime factor of a,. By hypothesis we have

ord,(a,) = 0 for all j different from i. Thus, we have ord,(ar . ..a.) =
ord,(a,). On the other hand, since ai a, is a k-th power, ord,(ur a,)
is a multiple of k. Thus, for any prime number p, ord,(a,) is a multiple of
k. This implies that a, is the product of integers of the form pkn’ (m is a
natural number), and thus u7. is a k-th power.
1.3. Let (~,y) be the coordinates of the nonzero element P in E(K).

Then, the coordinates of -P are (2, -y). The condition 2P = 0 is equiva-
lent to the condition P = -P. Thus, it is equivalent to y = -y, i.e., y = 0.
If K is an algebraically closed field, there are three nonzero elements P
in E(K) whose y-coordinate is 0. Therefore, {P E E(K) 1 2P = 0} is a
group of order 4. Since twice of every element in the group E(K) is 0, we
see that E(K) is isomorphic to Z/22 G? Z/22.
1.4. The first part is easy. As for the second part, take A = Q. Then,
we have A/2A = {0}, but A is not finitely generated.
Chapter 2
2.1. For example, (y, g). Th’ is is the point of intersection between the
circle and the line with slope -3 passing through (2,l).
2.2. It suffices to find a rational point on the circle r2 + yi = 1 that
is very close to the rational point The slope of the line joining
(h55).
C-1,0) and (&, &) is fi - 1 = 0.414 , while the slope of the line
joining (-1,0) and ($$. =) is & = 0.416’.., as we have seen in the text.
Thus, it suffices to take the line passing through (0, -1) whose slope is 0.415
and to find the other point of intersection with the circle. A calculation
shows tha.t the coordinate of the other point of intersection is given by
(&cug), and we see that
33111’ + 33200’ = 46889’.
2.3. (@ = ($) (;) = (1’, (;)(-1,“” = (5).

2.4. Factor m as rn = 11 lk .T, where 11, , lk are odd prime numbers
and T E {&2” / n. > O}. If n, is odd, we have T E {fl}, and
(F) =(~)...($)(k)
=G).~4> x (number determined by p mod 4).
Similarly, if rrt is even, we have
(;) =C)...(%> x (number determined by p mod 8).
2.5. The fact that the circle gr’ - &y2 = 1 does not have a rational
point can be seen from the fact that (g, -$)P = (15, -l)P = -1 if p = 2
or p = 3.
2.6. ord,(C:l,,c’ - &) = ord,, (-K) > n + 1.
2.7. The equation (2.9) is equivalent to c,“=,, 6 x (-5)’ = 1 (5-addically).

The latter shows that we have Crl,, 6 x (-5)’ c 1 mod 5” when ?TL is
sufficiently large.
2.8. Wehave~=~=1-3+32-33"+3'-3~++3"-...=61-33;'+
3” - Therefore, 61 is the inverse of i.
2.9. If N is a natural number greater than 1, then the N-adic expansion

of a real number cy is to express cy as
cY= 2 a,3 ‘I, a,,~{O,l,..., N-l}.

Il=nL
On the other hand, the p-adic expansion of a p-adic number is of the form
c,TTV=,, a7&. The difference is that in the p-adic expansion of a real number,
the terms p7’ with negative n may appear infinitely many times and the
terms p” with positive n appear only finitely many times, whereas in the
p-adic expansion of a gadic number the terms p” with negative n may
ANSLVERY ‘I‘0 QUES’l’IONS 141
appear only finitely many times and the terms P’~ with positive n appear
infinitely many times.
2.10. The existence of a square root of a follows from Proposition 2.18

and the fact that &1 are squares in IF5
2.11. If p # 2, it follows from Proposition 2.18 that
Q, has a square root of -1 u Fp has a square root of -1
If p = 2, it follows from Proposition 2.18 and the fact -1 $ 1 mod 8 that

@ does not have a square root of -1.
2.12. It follows from field theory that any quadratic extension of a field
K of characteristic different from 2 is of the form K(A), (u E K, J71 @ K),
and
K( \/;;) = K(A) u ab5 ’ is a square in K
Thus, the correspondence that associates a mod (KX)” (u E K, fi 6 K)

to K( ,,6) is a one-to-one correspondence between the quadratic extensions
of K and the elements of KX/(KX)* different from the identity. If p # 2,
then the order of Q,” /(Qc)” is 4 (Proposition 2.19(l)). Thus, the number of
quadratic extensions of Qj is 4 - 1 = 3. Furthermore, the group Qc /(at )”
consists of classes of 1, 2, 5 and 10, and thus Q5 (A), Q5 (A) and Q, ( fl)
are all the quadratic extensions of QR.
Chapter 3
3.1. By Proposition 3.3(l) we have
h,(i)= -1.1
2 27~iCC ,,FE
-fP
i + n
1
2-n
1
=&~A&
>
On the other hand, we have hr (i) = - & ,‘~~~~~~~~~~.
3.2. Use the formula
1 1 1
(n2 : 1)” = -q&p - 4(i ~ n)” 4i i+n +&
+ >
3.3. The image of x is the set of all the n-th roots of unity {C:; 1 1 <
T < n} for some rt > 2. Let k be the order of the kernel of x. For each
‘r satisfying 1 < T < n, x takes the value <ii on I; different elements in G.
Thus, C,ec; x(a) = x;:-, k. C,‘; = 0.
142 ANSWERS 7’0 QUESTIONS
3.4. We have
Thus, we have
-c (%g) +c(s)) =;li~2-2”)c(s4+2+;
= !@IG(s - l)C(s)+ 2 + g
= ; - 21og(2).
Here, we used lim,,r(s - l)<(s) = 1 (Proposition 3.15(2)) to prove the last

equality.
3.5. By Proposition 3.24(l), a prime factor of the denominator of C(m)

satisfiesmzlmodp-1. Sincep-ldividesl-m,wehavep-121-m.
Hence p 5 2 - m.
Chapter 4
4.1. Factor the equation as x3 = (y+i)(y-i), and use a similar argument

as in Proposition 0.11 to obtain
y+i=(a+bi)“, U,bEZ
Comparing the imaginary parts of both sides, we obtain 1 = 3a2b - b” =

(3~’ - b’)b. Thus, we have b = 51. The rest is easy.
4.2. Factor the equation as z3 = (y + &ii)(y - &ii), and use a

similar argument as in Proposition 0.10 to obtain
y+&ii= (a+b1+y)3, a,b E Z.
(Here, we used the fact that the only common prime factors of y + a
and y - &ii are *&ii and A2.) Comparing the imaginary parts of
both sides, we obtain 1 = 3 (a + $)’ $ - 11 (g)“. From this we.obtain
(3a2 + 3ab - 2b2)b = 2. Thus, we have b E {fl, ~t2}. The rest is easy.
ANSWERS TO QUESTIONS 143
4.3. Let m be an integer that is not divisible by any square except for 1.
LetK=Q(J\/m) ,o=z+y&(x,y~Q) andcr’=z-ye.
(i) First we show that LY E 0~ is equivalent to the fact that the rational
numbers 01 + o’ = 2s and cro = x2 - my2 both belong Z If o E OK.,
then by replacing (Y by o’ in the equation on + crcrnpl + ‘. + cn = 0
(n > 1, ~1,. , cn E Z), we see that 01’ E OK. Therefore, we have 01 + cy’,
eta’ E OK. Thus, these numbers belong to 0~ n Q = Z. Conversely, if we
have cx + CY’, cycv’ E Z, then LY satisfies the equation o2 + crcy + cs = 0 with
cl = -(o + o’) and c2 = oo’. This implies that cy belongs to OK.
(ii) By (i) it suffices to show the following: For x, y E Q
2x,x2-my2EZ I x,yEZ,
ifmE2,3mod4,and
2z,z2-my2EZ u 2x,2yEZandx-yEZ,
if m E 1 mod 4.
(iii) Show first that if x, y E Q satisfies 2x, x2 - my2 E Z, then we
have 2y E Z. If 1 is an odd prime number, it follows from ordl(x) 2 0
and x2 - my’ E Z that ordi(m) + 2ordl(y) > 0. Since ordl(m) < 1, we
have 2ordl(y) > -1. Thus we have ordl(y) > 0. Since ordz(x) 2 -1 and
x2 - my” E $ we have ords(m) + 2ords(y) 2 -2. Since ordn(m) < 1, we
have 2ord2(y) 2 -3. Thus, we have ords(y) > -1. Summing it all up, we
see that 2y E Z.
(iv) To show the equivalence in (ii), we may assume 2x, 2y E Z because
of (iii). Suppose 2x = u and 2y = v (u, u E Z). If m E 2,3 mod 4, it suffices
to show
u 2 -mv2=0 mod4 u UEUEO mod2,
and if m E 1 mod 4, it suffices to show

2
u -mv2s0 mod4 I UEZI mod2
These are easy to show.

4.4. Similar to the proof or Proposition 4.1(5)
4.5. The answers are 1, 2, 2 and 2, respectively. As an example, we treat

the case Q(&2). We have WK = 2 and N = 8, and x : (Z/8Z)’ + Cx is
given by
x(1 mod 8) = x(3 mod 8) = 1, x(5 mod 8) = x(7 mod 8) = -1.
ByCorollary4.29wehavehK = -Y&C”,=, x(a)a = -$(1+3-5-7) = 1.

Answers to Exercises
Chapter 0
0.1. Suppose that the n-th root of 5 is a rational number and that
it factors as fpP1 .. .psT (~1,. ,P,. distinct primes, e, integers satisfying
e, # 0). Taking the n-th power, we have 5 = py” .‘.pF”“. This is a
contradiction to the uniqueness of prime factorization since n 2 2.
0.2. If & + v’? is a rational number, so is 5 + 2&. Thus, & is a
rational number. But we can show that I/% is an irrational number by a
similar method as Exercise 0. 1.
0.3. 29 = 2’ + 5’, 37 = 1’ + 6’, 41 = 4’ + 52, 53 = 2’ + 72.
0.4. Combiningfactorizations 5 = (2+i)(2-i) and 13 = (3+2i)(3-2i),
we have
652 = ((2 + i)(3 + 2i))2((2 - i)(3 - 2i))”
= (-33 + 56i)(-33 - 56i) = 33’ + 56”,
652 = ((2 + i)(3 - 2i))‘((2 - i)(3 + 2i))”
= (63 - 16i)(63 + 16i) = 63” + 162.
0.5. If x and y satisfy x2 - 2y2 = 1, then we have ($-a)(;+dq =

-$. Thus, we have 0 < E - ~‘2 < &. This shows that z becomes closer
to fi as y gets bigger.
0.6. It suffices to show that infinitely many pairs of natural numbers
(2, y) satisfy iy(y + 1) = x2. Rewrite this equation as
(2y + 1)2 - 2(2x)2 = 1.
For n 2 1, define a, and b, by (1 + fi)” = an + b,&. We have
a: - 2b: = (an + b,h)(a, - b,h) = (1+ &)“(l - fi)” = (-1)‘“.
By expanding (1 + a)“, we see that a, = 1 + (even number) and b, =
n + (even number). Thus, if we take an even number as n, then we have
145
146 ANSWERS TO EXERCISES
2- 2bz = 1 with a, odd and b, even. If we set y = %$ andx= 3,

zien we have, (2y + 1)2 - 2(2~)~ = 1.
Chapter 1
1.1. Answer: The set in question consists of nine points 0, (0,&l),

(-@,*g), (-$‘%&,&a) and (-%C~,zt~), where <3 is aprim-
itive cube root of unity.
The method of finding these points: First, we see that 3P = 0 is
equivalent to 2P = -P. In general, if we denote by x(P) the x-coordinate
of P E E(C), P # 0, then we have
x(P) = x(Q) u Q = fP
for any P,Q E E(C). Thus, we have
3P= 0, P# 0 _ x(2P) =x(P) and Pf 0.

For any point P in E(C) satisfying 2P # 0 we have x(2P) = z~~‘c4pJfzc(l~)
(§1.2(1.4)). Therefore, x(2P) = x(P) if and only if x(P) = 0, -@, -NC3
or -@G.
1.2. Let m and n be relatively prime integers and let
A = l(m3 + 32n3)ml and B = 14(m3 - 4n3)nl.
Denote by D the greatest common divisor of A and B. In order to show

the inequality in question, it suffices to show that D is a divisor of 144.
For, if that is the case and if the x-coordinate of P is given by f (n # 0)
in lowest terms, then we have
A
H(x-coordinate of 2P) = H E = A max(A, B)
0
2 % max(m, n)4 = $H(x-coordinate of P)“.
Let p be a prime number. We have ord,(D) = min(ord,(A),ord,(B))

(since ord, indicates how many times p divides the number). If p is a prime
factor of D, then p does not divide n (since if it does, p does not divide m,
and thus p does not divide m3 + 32n3 and A). If p is a prime factor of D
and p # 2, then p does not divide m (since if p # 2 and p divides m, then
p does not divide B). Thus, if p is a prime factor of D and p # 2, then we
have
ord,(D) = min(ord,(m3 + 32n3), ord,(m” - 4n3))
5 ord, ( (m3 + 32n3) - (m3 - 4n”))
= ord,(36n3) = ord,(36).
Hence, we have p= 3 and ordy (D) < 2.

ANSWERS TO EXERCISES 147
Next, we consider ordz(D). If m is odd, then ordz(A) = 0. If m is

even, then ordz(m” - 47~‘) = 2 since n is even. Hence we have ordz(B) = 4.
Therefore, D is a divisor of 24 ~3~ = 144, and thus the inequality in question
is proved.
If T > 6, then we have the inequality &r4 > r. If a rational point
P on the elliptic curve in question satisfies H(z-coordinate of P) > 6,
then we have H(z-coordinate of P) > H(z-coordinate of 2P). Then the
height of the x-coordinate of P, 2P, 4P, 8P, 16P,. . are all different.
Thus, these points are all distinct. This means there are infinitely many
rational points on this elliptic curve. (To be more precise, we can show the
following. If integers m and n satisfy m $ 0 mod 3 or n $ 0 mod 3, then
m3 - 4n” $ 0 mod 9. This can be done by checking all the possibilities of
0 2 m 5 8, 0 5 n 5 8. Thus we see that D is a divisor of 24 x 3 = 48 and
that
48 H(z-coordinate of 2P) 2 H(z-coordinate of P)”
If T > 4, then &r” > T. Thus, if P = (5, ll), then the z-coordinates of
P, 2P, 4P, 8P, all have different heights. This implies that we see the
existence of infinitely many rational points as soon as we find one rational
point (5, ll).)
1.3. Since for (z,y) E X we have
x-y 2 +$+x2-xy+~2=-._ 4k 1
(Hx+Y (x + Y)” 3 (x+y)3’
we have (A, z) E Y. This map is bijective since the map Y + X
given by (x, y) H (g, 2) tIS the inverse. (We omit the proof of the fact
that we have (5, 2) E X for (x, y) E Y and that the compositions
X + Y + X and Y + X + Y are both identities.)
1.4. The inverse is given by (x, y) H (&, $ + :).

1.5. We omit the proof of 1.5 since each verification is straightforward,
as was the case with 1.3 and 1.4.
1.6. (i) Answer: (x, y) = (O,O), (2, f4). Reason: If (x, y) # (0,O) is
a rational point on the curve y2 = x3 + 4x, then by considering the case
k = -1 in Question 1.5, we see that g(z, y) = (2 - $, i (1 - 3)) is a
rational point on the curve y2 = x3 - x. Prom Proposition 1.2 we know
that this point is one of (O,O), (*l, 0). Therefore, we have i (1 - $2) = 0.
Hence y = 0 or x = f2.
(ii) Answer: (x, y) = (&l,O). R eason: If (x, y) is a rational point on
the curve y2 = x4 - 1, then by considering the case k = -1 in 1.4 and 1.5,
the image of (x, y) by the map X + Y 4 E(K) given by (x, y) H (x2, xy)
is a rational point on the curve y2 = x3 - x. Thus, we obtain xy = 0.
(iii) Answer: (z, y) = (0,12). R eason: Just as (ii), we see that if (z:, y)
is a rational point on the curve y2 = z4 + 4, then (x2, z:y) is a rational point
on the curve y2 = z3 + 42. Thus, it follows from (i) that (x2, zy) equals
one of (O,O), (2, *4).
Chapter 2
2.1. For example, $$ converges to 1 in 88, but it converges to 0 in QZ

The sequence $& converges to 1 in Qa (since 3” + 0), but it converges
to 1 in Ql.
2.2. Let f be an element of Horn (Z [t] /z, z [t] /z) For any n 2 1
we denote by fn the restriction of f to $Z /Z. The image of the map

( >
fn : (*q/z + Z [:I /Z is contained in the kernel &Z /Zofthe
( >
multiplication-by-p” map of Z 5 /Z ( since every element of the subgroup
[I
*Z /Z becomes 0 if it is multiplied by p”). Thus, fn is a homomorphism
( >
from (&Z) /Z to ($Z) /Z, and it coincides with the multiplication-by-
czrL map of Z/p”Z for some element a,. Thus, we obtain a ring homomor-
phism
cp : Horn (z [i] P, z [i] P) + l&Z/p”Z; p(f) = (anJn>l.

n
Conversely, we can find a ring homomorphism
1~ : lhr+Z/p”Z -+ Horn (Z [b] /z, z [ $1 /z)
as follows. Let (an)%>1 E l@,Z/p”Z. For 1c E Z

[I
b /Z there exists a pos-
itive integer n such that z E $Z /Z since Z [ ;] P = U,>l ($) /z.

( >
We obtain a homomorphism f E Horn ( Z [t] /z, z [i] /z) by defining
f(z) = a,~. Define $((a,,),ri) = f. It is easy to check that $ o cp and
cp o + are the identities of Horn (Z [i] /z, z [t ] /z) and !im n~/pn~, re-
spectively. Hence, we have
n
2.3. For n # 0 define k = orda(n). From Proposition 2.14(4) we see
the following. Since 4 belongs to 1 + 3&, but not to 1 + 9&, log(4)
belongs to 323, but not to 9Za. Thus, nlog(4) belongs to 3kf1Zs, but not
to 3k+2Z:3. Thus, 4’” = exp(nlog(4)) belongs to 1 + 3k+1Z:s, but not to
1+ 3”+“&. Thus 4” - 1 belongs to 3k+1Zs, but not to 3”+“&. Hence, we

have ords(4” - 1) = lc + 1.
2.4. First, (1) follows from Proposition 2.18 and the fact that for an odd
prime number p we have
-2
=l u pz1,3 mod8
(-> P
Next, the equation x2 + y2 = -2 in (2) can be written as -ix’ - ay” =

1. The necessary and sufficient condition for the existence of z, y E U&
satisfying the equation is (-i, - $), = 1 by Proposition 2.20. But, if p # 2,
we have (-$,-f), = 1, (-i, -i), = -1. In order to show (3), it suffices
to show the existence of elements x, y and z in @ satisfying x2 + y2 + z2 =
-2 (since if p # 2, a solution of x2 + y2 = -2 satisfies x2 + y2 +02 = -2). In
Q2, 14 is very close to -2, and we have 12+22+32 = 14. Since $!j = -7 E 1
mod 8, it follows from Proposition 2.18 that there exists a E Q,” such that
a2 = 3;. Thus, we have -2 = 2 = (i)’ + (p)” + (z)‘.
Chapter 3
3.1. (1) Consider the Dirichlet character x : (Z/8Z) x + Cx given by

x(1 mod 8) = x(3 mod 8) = 1 and x(5 mod 8) = x(7 mod 8) = -1. Then
(1) is to find L(1, x). Since x(-l) = -1, it follows from Theorem 3.4 that
L(l,x) = -F ; (hl(C8) + hl(& - h(G) - hi(C)) = 5.
(2) Consider the Dirichlet character x : (Z/8Z)x + Cx given by

x(1 mod 8) = x(7 mod 8) = 1, x(3 mod 8) = x(5 mod 8) = -1. Then
(2) is to find L(2, x). Since x(-l) = 1, it follows from Theorem 3.4 that
2 1
L(2,x) = -F z (h2(<8) - h2(&) - WC3 + h2CC87)) = $x2.
( >
3.2. (1) (1 - 2l.-“)<(s) = c;=, 5 - 2 c;& &s = 1 - +s + jk - $ +
‘-&+....
5.3
(2) lim,++r+o(s-l)<(s) = lim,+l+s &.(l - & + & - & + ‘. ‘) =
&log2=1.
3.3. By calculating sr - ss - s:, + ~7, we have
(l - G)(l - G8’)= (C8- <; - <,j+ <,7)q1,x),

-log ( (1-<;)(1-<,5) >
where x is the same character as the one in Exercise 3.1(2). We have
-log ( (1 +1Jz)2) = 2JZULX).

Hence, L(1, x) = -& log(1 + a).
3.4. We omit the proof of absolute convergence, and we explain the

analytic continuation and the values at nonpositive integers. For simplicity,
we denote the sum over ni, , nk > 0 just by c. We have
r(s)(‘(s, 2; cl, , ck) = e-tt"$

J-= .c 1
=J-Ce-(z+cllL1+...+ckn
0 (x + Clnl + + Cknk)’
0 U
o (1- ,plU)
=JW ."T(1-e-ck~)us~
Let a > 0. Divide the integral sow = s,” + saw. Since eeZcu approaches
very rapidly as u goes to 00, the part s,” can be analytically continued
to the entire plane as a holomorphic function in s. Take a small enough
that 1 - eeCZ” (1 5 i 5 Ic) does not have a zero in 0 < IuI 5 a. Then, in
0 < u 5 a we have
epxu
-k -g AnUn,
c1 “‘ck (1 - e-clu). (1 - e-ck”) = u n=O
where A, is a polynomial in x, cl,

aw , ck with Q coefficients.
s+n-k
Thus, we have
Q...Ck.
SC 0
=
TX=0
A,. a
s+n-k’
Therefore, [(s, xc; cl,. , ck) may be analytically continued to the entire
plane and we see that it is holomorphic outside 1,2, , k. If m is a negative
integer or 0, then we have
cl ck ((m; x, cl, . , ck)
= s-m
lim l-(s)
1. Ak-m z = z4k-m(-1)” Iml!.
Chapter 4
4.1. Sincex2+Zy+2y2= (x+yv) (x+yv),wehave
(i) u ThereexistsatZ[w] suchthat ~=a%.
Using a similar argument to the proofs of Propositions 0.2, 0.3 and 0.4 in
$4.1, we have
The above condition u
if p # 2,7.
4.2. If (ii) is satisfied, then we have n = m2 n,‘=, p,, where m is a

natural number, r 2 0, and p, is a prime number congruent to 1 modulo 4
or p, = 2. We have p, = (Y~??~, crj E Z[&i]. Writing mn5=1 oj as /? and
puttingP=z+yi (x,y~Z), wehaven=pp=x2+y2.
If (ii) is not satisfied, then there exists a prime number p = 3 mod 4
such that ord,(n) is odd. Since (-l,n), = (9) = -1, we see that there
do not exist Z, y E Q such that n = x2 + y2.
4.3. Put p = crb (o is a prime element of Z[i]), and put cr2n = z + yi.
Then we have pzn = cr2n~2n = x2 + y2. Because of the unique prime
factorization property we have x # 0, y # 0. Thus, pn is the hypotenuse
of the right triangle formed by x, y and p”. Since c?’ is not divisible p,
the greatest common divisor of the three sides is 1. We show that this
is the only triangle up to congruence. Suppose that p2” = x2 + y2 with
x, y natural numbers. We have p2” = (x + yi) (x - yi) . Consider the prime
factorization of both sides, we see that x+yi = CY~&~P, x-yi = (Y%~F, T 2
0, s > 0, T + s = 2n, p E {fl, =ti}. If T # 0, s # 0, x + yi is divisible
by p, and thus x, y,p” are all divisible by p. If r = 0 or s = 0, we have
x + yi = oyznp or x + yi = Eznp. Each gives a triangle equivalent to the
one we obtained above.
4.4. Using the notation of Proposition 4.27, we see that (2,l) E 91 is
the element in Pj whose y-coordinate is the smallest. The assertion now
follows from Proposition 4.27.
4.5. By Theorem A.2 in Appendix A, n,, pep is the largest fractional
ideal in A contained in both a and 6, and a n b has the same property.
Similarly, flp pdp is the smallest fractional ideal in A containing both a
and 6, and a + b has the same property.
4.6. We have < = (y + 2a)(y - 2&5). We show that y + 2&5
is a cube in Z[&5]. A prime ideal that contains both (y + 2J-5) and
(y-2-) contains the element (y+2-)-(y-2-) = 40. Wecan
show that the prime factorization of (2) is (2) = a’, where a = (2,1+-),
and (fl) is a prime ideal. Thus, we have
(y + 2J-5) = a”(&%)“b, (y - 2&%) = am(G)“c, m 2 0, n 2 0,
where a, (v’?), b and c are pairwise relatively prime ideals. Prom (x)” =
a2”(fl)2n bc we see that m and n are multiples of 3, and that b and c
are cubes. Thus, (y + 2G) is the cube of an idea 0. This means that the
cube of a is a principal ideal. But, since the class number is not divisible
by 3, b itself is a principal ideal by a similar argument as the one used in
s4.4. Put a = (o), cy E Z[J-51. Prom (y + a&%) = (03), -we see that
y + 2v’3 = *a” = (I&)~. Hence, y + 2fl is a cube in Z[J-51; i.e.,
y + 2J-5 = (CL+ h/T)“, a, b E Z[J-51.
Thus, we have y = a3 - 15ab2 and 2 = 3a2b - 56” = (3a2 - 5b’)b. The

latter shows that b = fl, 52. The rest is easy.
Index
algebraic number field, 103 Hilbert symbol, 53

analytic continuation, 90 Hurwitz C function, 90
arithmetic of quadratic form, 10
automorphic form, 9 ideal, 115
ideal class group, 119
Bernoulli number, 91 infinite descent, 22, 109
Bernoulli polynomial, 91 integral point, 19
inverse limit, 66
Chinese Remainder Theorem, 51
Iwasawa theory, 14
class field theory, 5
class number, 120 Kummer’s criterion, 131
class number formula, 125
completion, 64 metric space, 62
congruence, 50 module, 68
conic, 46 Mordell’s theorem. 30
cubic number, 10
n-gonal number, 8
Dedekind domain, 117
Dirichlet L function, 82 padic absolute value, 62
Dirichlet character, 82 padic expansion, 68
Dirichlet’s unit theorem, 8, 121 padic integer, 65
padic L function, 99
elliptic curve, 11, 18
padic metric, 62
padic number, 3, 58
factorization in prime elements, 13
factorization into prime ideals, 13 padic number field, 58
padic valuation, 60
Fermat’s Last Theorem, 14
First supplementary law, 52 partial Riemann C function, 89
fractional ideal, 118 Pell’s equation, 7
functional equation, 98 point at infinity, 28
fundamental theorem on prime element, 5, 104
prime number, 5
abelian groups, 30
fundamental unit, 121 principal fractional ideal, 118
principal ideal, 116
P function, 95 principal ideal domain, 116
group structure, 25 Pythagorean Theorem, 2
height, 22, 31 quadratic reciprocity law, 50, 52
153
154 INDEX
rational number field, 7

rational point, 19, 45
Riemann < function, 82
ring homomorphism, 54
ring of integers, 113
Second supplementary law, 52

square numbers, 10
triangular number, 10
unique factorization domain, 104

unique prime factorization property,
104
unit, 8
unit group, 119
weak Mordell theorem, 31
C function, 82

Kato, Kurokawa, Saito - Number Theory I. Fermat's Dream S

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Kato, Kurokawa, Saito - Number Theory I. Fermat's Dream S

Uploaded by

Copyright:

Available Formats

Translations of

American Mathematical Society

Preface to the English Edition xi

Chapter 1. Rational Points on Elliptic Curves 17

Chapter 2. Conies and padic Numbers 45

2.5. Multiplicative structure of the p-adic number field 69

Chapter 4. Algebraic Number Theory 103

Appendix A. Rudiments on Dedekind domains 135

Answers to Questions 139

Answers to Exercises 145

number theory has discoverd. We will be very happy if the reader

Kazuya Kato, Nobushige Kurokawa, Takeshi Saito

In thses books, Number Theory 1, 2, 3, we introduce core theories

We wanted to include more topics, but we had to omit many of

Throughout the book we use the following symbols:

Z the set of all integers

A ring is always assumed to have an identity element (written l),

In September 1994 Andrew Wiles proved Fermat’s Last Theorem,

0.1. Before Fermat

32 + 42 = 52, 52 + 122 = 132, 82 + 152 = 172

FIGURE 0.1. Pythagorean Theorem

(see92.1). By the Pythagorean Theorem, such a solution corresponds

of an irrational number was an error of the gods. So, he prohibited

{padic numbers} > {rational numbers} c {real numbers)

Diophantus was a mathematician of the third century, and he

In the following sections we introduce some propositions Fermat

0.2. Prime numbers and the sum of two squares

PROPOSITION 0.1. Let p be a prime number congruent to 1 mod-

PROPOSITION 0.2. If p is a prime number congruent to 1 module

For example, we have

Conversely, for a prime number p congruent to 3 module 4 there do

Propositions 0.1 and 0.2 were “preludes” to class field theory,

Z[i]={a+bi/ a,bEZ} (Z is the ring of all integers)

and it factors into the product of two numbers, such as

The numbers such as 2 + i, 2 - i a.nd 3 + 2i that appear in the above

52 = (2 + i)2(2 - i)2 = (3 + 4i)(3 - 4i) = 32 + 42,

0.3. p = x2 + 2y2, p = x2 + 3y2,. . .

acm I primes congruent to 1 or 7 modulo 8

0.4. Pell’s equations

For example, the equation x2 - 2y2 = 1 has infinitely many nat-

Through the eyes of modern mathematics Proposition 0.6 may be

0.5. Triangular numbers, quadrangular numbers,

PROPOSITION 0.7. If n > 3, any natural number can be expressed

Here, an n-gonal number is the number of dots when you draw

PROPOSITION 0.8. Let n be a natural number. Then, there exist

For example, we have

Euler, the greatest mathematician of the eighteenth century, was

0.6. Triangular numbers, squares, cubes

PROPOSITION 0.10. The only case where a square number added

PROPOSITION 0.11. The only caseswhere a square number added

Propositions 0.9, 0.10 and 0.11 concern natural number solutions

iY(Y + 1) = x3, y2+2=x3, y2+4=23.

FIGURE 0.3. The elliptic curve y2 = x3 - 2

(0.1) y2 = (polynomial of degree 3),

0.7. Right triangles and elliptic curves

PROPOSITION 0.12. Given a triangle whose sides have rational

0.8. Fermat’s Last Theorem

Statements made by Fermat have been proved by the efforts of

Fermat seldom wrote a proof of his results, but he actually wrote

can be rewritten in the product form

Xn = (2 - Y)(Z - GLY) . ‘. (2 - c,“-‘YL

where cn is the n-th primitive root of unity cos(27r/n) + isin(2r/n).