Galois Theory

The problem the quintic posed

For three centuries after Cardano published the cubic formula in 1545 and Ferrari extended it to the quartic shortly after, every algebraist with a pulse tried to crack the quintic. The pattern up to that point was clean: a degree-2 polynomial needed one square root, a degree-3 needed cube and square roots, a degree-4 needed all the way up to fourth roots. Surely the quintic just needed a more elaborate stack. Lagrange spent decades searching. Euler had ideas that didn't work. Gauss suspected it was hopeless but did not prove it.

Niels Henrik Abel published a proof of impossibility in 1824 — that the general quintic has no solution by radicals — but his argument was technical and offered no theory of why. Évariste Galois, working between 1828 and 1832, built the theory. Where Abel asked "is the quintic solvable?", Galois asked "what makes any polynomial solvable?", and answered with a structural correspondence between fields and groups that turned out to govern far more than just the quintic.

Galois died in a duel at twenty, on 30 May 1832, leaving manuscripts that the French Academy had failed to publish. His ideas survived because the night before the duel he wrote a long letter to his friend Auguste Chevalier summarising what was at stake. Joseph Liouville rescued and edited the papers in 1846. By the late nineteenth century Galois theory was a standard course; by the twentieth it had reshaped algebra, number theory, and (later) cryptography.

Splitting fields and field extensions

Take a polynomial p(x) with rational coefficients. Its roots may not be rational — x² − 2 has roots ±√2, x² + 1 has roots ±i. The splitting field of p is the smallest field K containing the rationals Q and all the roots. For x² − 2 it is Q(√2) = {a + b√2 : a, b ∈ Q}. For x² + 1 it is Q(i). For x⁴ − 2 it is Q(⁴√2, i), which contains all four complex fourth roots of 2.

The size of a field extension is measured by its degree [K:Q] — the dimension of K viewed as a vector space over Q. [Q(√2):Q] = 2 because every element is uniquely a + b√2. [Q(⁴√2, i):Q] = 8 because a basis is {1, ⁴√2, √2, ⁴√2³, i, i⁴√2, i√2, i⁴√2³}.

The splitting field is "Galois" — meaning it is normal (every irreducible polynomial over Q with one root in K has all its roots in K) and separable (those roots are all distinct, automatic in characteristic zero). For Galois extensions, automorphisms of K that fix Q form a group of order exactly [K:Q].

The Galois group

An automorphism of K fixing Q is a bijection σ: K → K that respects addition and multiplication and acts as the identity on every rational number. For Q(√2), there are exactly two such automorphisms: the identity, and the one that sends √2 ↦ −√2 (with a + b√2 ↦ a − b√2). For Q(i), they are identity and complex conjugation.

Crucially, an automorphism is forced to send roots of p to other roots of p. If σ(α) = β and α is a root of p, then 0 = σ(p(α)) = p(σ(α)) = p(β), so β is a root too. The Galois group Gal(K/Q) therefore acts on the n roots of p by permutation, embedding it as a subgroup of the symmetric group S_n.

For a "generic" irreducible polynomial of degree n — meaning one whose roots have no algebraic relations beyond what the coefficients force — the Galois group is the full symmetric group S_n. Showing this for a particular polynomial usually proceeds by counting: prove the group has order n! by exhibiting enough automorphisms, or use known facts about the cycle structure (a transitive subgroup of S_n containing a transposition and an n-cycle, for prime n, is all of S_n).

Solvable groups

A finite group G is solvable if it admits a chain G = G₀ ⊳ G₁ ⊳ G₂ ⊳ … ⊳ G_k = {e} of normal subgroups in which every quotient G_i / G_{i+1} is abelian. Equivalently, the derived series G ⊇ [G,G] ⊇ [[G,G],[G,G]] ⊇ … eventually reaches the trivial group.

Every abelian group is solvable (the chain G ⊳ {e} works). Every group of order p^k (p prime) is solvable. So is every group of order < 60. The first non-solvable group is the alternating group A₅, of order 60: it is simple (no proper non-trivial normal subgroups) and non-abelian, so the only chain starting at A₅ is A₅ ⊳ {e}, and the quotient A₅/{e} = A₅ is non-abelian.

Because A₅ ◁ S₅, the symmetric group S₅ is also non-solvable. Its derived chain stalls at S₅ ⊳ A₅ ⊳ A₅ ⊳ … — once you hit A₅ you cannot break it down further with abelian quotients.

The main theorem

Here is the punchline of Galois theory in one line:

p(x) is solvable by radicals  ⇔  Gal(splitting field / Q) is a solvable group.

The forward direction: if the roots can be expressed using nested radicals, the splitting field sits inside a tower Q ⊂ Q(α₁) ⊂ Q(α₁,α₂) ⊂ … where each step adjoins an nth root. Adjoining an nth root produces a cyclic Galois group (after adjoining roots of unity); cyclic groups are abelian; abelian quotients pile up; the whole tower has a solvable Galois group. Restricting to the splitting field preserves solvability.

The reverse direction: if the Galois group is solvable, decomposing it into abelian quotients corresponds (via the Galois correspondence) to a tower of field extensions, each cyclic. Cyclic extensions are radical extensions (by Hilbert 90 / Kummer theory), so the field is built up by radicals. The roots, lying in the field, are expressible by radicals.

For the general degree-n polynomial — the polynomial whose coefficients are independent transcendentals — the Galois group over the field of coefficients is the full symmetric group S_n. S_n is solvable for n = 1, 2, 3, 4 and not solvable for n ≥ 5. So the cubic and quartic have radical formulas; the general quintic and beyond do not. This is the Abel-Ruffini theorem given a structural reason.

Worked example: x⁵ − x − 1 has Galois group S₅

To show a specific quintic is unsolvable, you need to show its Galois group is S₅ (or at least non-solvable). Here is the standard argument for p(x) = x⁵ − x − 1.

Step 1: p is irreducible over Q.
        Apply the rational root test: possible roots ±1 give p(1) = −1, p(−1) = −1.
        Reduce mod 2: x⁵ + x + 1 = (x² + x + 1)(x³ + x² + 1) — but this factors, so try mod 5.
        Mod 5: x⁵ − x − 1 ≡ x⁵ − x − 1; by Fermat's little theorem x⁵ ≡ x (mod 5),
        so p ≡ −1 (mod 5) for every x. Hence p has no roots mod 5, and a degree-5
        polynomial irreducible over F₅ implies irreducibility over Q.

Step 2: Gal(p/Q) is a transitive subgroup of S₅ containing a 5-cycle.
        Irreducibility of degree 5 forces transitivity. The 5-cycle comes from
        Frobenius: when p factors into a single irreducible of degree 5 mod some prime
        (which it does mod 5), the Galois group contains a 5-cycle.

Step 3: Gal(p/Q) contains a transposition.
        p has exactly three real roots and one pair of complex conjugate roots
        (calculus check: p′(x) = 5x⁴ − 1 has two real zeros, so p has at most three
        real roots, and the intermediate value theorem gives exactly three).
        Complex conjugation is an element of the Galois group; it fixes the three
        real roots and swaps the two complex roots — that is a transposition.

Step 4: A transitive subgroup of S₅ containing a 5-cycle and a transposition is S₅.
        (Standard group-theory fact.) Therefore Gal(p/Q) = S₅.

Step 5: S₅ is not solvable, so x⁵ − x − 1 is not solvable by radicals.

The same recipe works for many quintics. Eisenstein's criterion at p = 5 quickly proves x⁵ − 5x + 5 irreducible; counting real roots gives complex conjugation as a transposition; you are done.

The Galois correspondence

The deepest claim of the theory is a bijection between subfields and subgroups. Let K be the splitting field of p over Q and G = Gal(K/Q). Then:

Subfield F (with Q ⊆ F ⊆ K)	Subgroup H ≤ G	Relationship
Q (smallest)	G (largest)	Q is fixed by everything
K (largest)	{e} (smallest)	Only identity fixes all of K
Q(α) for some root α	Stabiliser of α in G	Of index [Q(α):Q] in G
Q(√2) inside Q(√2, √3)	{id, σ_3} fixing √2	Order 2 subgroup
F a normal extension of Q	H a normal subgroup of G	Gal(F/Q) ≅ G/H
Tower Q ⊆ F₁ ⊆ F₂ ⊆ K	Chain G ⊇ H₁ ⊇ H₂ ⊇ {e}	Order reversed
[F:Q] = degree of extension	[G:H] = index of subgroup	Always equal

The correspondence is an order-reversing bijection: bigger fields correspond to smaller subgroups. Sub-extensions of K that are themselves Galois over Q correspond exactly to normal subgroups of G. This is what allows the radical-tower question to translate into the solvable-group question.

Compass-and-straightedge constructions

Three classical Greek problems baffled geometers for two thousand years: doubling the cube (constructing a length ∛2 from a unit length), trisecting an arbitrary angle, and squaring the circle (constructing a length √π). Galois theory makes them all impossible, with proof.

The compass and straightedge perform exactly two operations beyond rational arithmetic: intersect lines with lines (rational), intersect lines with circles or circles with circles (quadratic). Each new constructed length lives in a field extension of degree at most 2 over the previously constructed field. So a constructible number x satisfies [Q(x):Q] = 2^k for some non-negative integer k.

• Doubling the cube requires ∛2, which has minimal polynomial x³ − 2 over Q, so [Q(∛2):Q] = 3. Three is not a power of two — impossible.
• Trisecting 60° requires cos(20°), a root of 8x³ − 6x − 1 = 0 (irreducible), so [Q(cos 20°):Q] = 3 — impossible.
• Squaring the circle requires √π. By Lindemann's 1882 theorem π is transcendental, so [Q(π):Q] = ∞ — impossible.

For comparison, the regular 17-gon is constructible. Gauss showed at age 19 that cos(2π/17) sits in a tower of quadratic extensions of Q — [Q(cos 2π/17):Q] = 8 = 2³. He gave the explicit nested square-root expression and considered it the proudest result of his life.

Variants and extensions

• Inverse Galois problem. Given a finite group G, does some polynomial over Q have G as its Galois group? Open in general. Solved for solvable groups (Shafarevich, 1954) and for many simple groups. The status of every finite group remains one of the major open questions in arithmetic algebra.
• Differential Galois theory. Replace polynomial equations with linear ODEs and asks when solutions are expressible in closed form (Liouville functions). The role of S_n is played by an algebraic group; "solvable in elementary functions" corresponds to a solvable algebraic group.
• Galois cohomology. A homological refinement that classifies twisted forms of algebraic objects. Foundational for class field theory and Tate's thesis.
• Étale fundamental group. Grothendieck's algebraic-geometry version: replaces Gal(K_sep / K) with a profinite group governing étale covers of a scheme. Reduces to the classical Galois group when the scheme is Spec(K).
• Galois representations. Continuous homomorphisms Gal(Q̄/Q) → GL_n(Q_ℓ). The Langlands program is mostly about how these match up with automorphic forms; Wiles's proof of Fermat's Last Theorem went through Galois representations attached to elliptic curves.

Where Galois theory shows up

• Reed-Solomon error-correcting codes. CD audio, QR codes, deep-space probes (Voyager, Mars rovers), and storage RAID-6 all use Reed-Solomon over GF(2⁸) or GF(2¹⁶). The codes are evaluations of polynomials over a finite field; their distance properties come from polynomial-root arithmetic Galois theory pins down. A QR code can lose 30 % of its area and still decode because of these guarantees.
• AES block cipher. The AES S-box maps each byte to its multiplicative inverse in GF(2⁸), then applies an affine transformation. The inverse exists for every nonzero byte because GF(2⁸)* is a cyclic group of order 255. The non-linearity that gives AES its security comes from the field structure.
• Elliptic-curve cryptography. Curves are defined over finite fields F_p or F_{2^m}; the group of points on the curve is studied via Galois action. ECDSA signatures (Bitcoin, TLS 1.3) and key exchange (Curve25519) all live here. A 256-bit ECC key is roughly as strong as a 3072-bit RSA key.
• Computer algebra systems. Mathematica, SageMath, Magma compute Galois groups of polynomials up to degree 30 or so. Standard pipeline: factor mod primes to get cycle types, intersect possible groups, run resolvent computations to disambiguate. Used inside symbolic integration to detect when an integral has no closed form.
• Number theory and Fermat's Last Theorem. The proof that x^n + y^n = z^n has no positive integer solutions for n ≥ 3 (Wiles, 1995) goes through Galois representations attached to a hypothetical solution's Frey curve. Galois theory is the dictionary that lets the proof translate elliptic curves into modular forms.

Common pitfalls

• Confusing "solvable polynomial" with "polynomial that has solutions". Every polynomial of positive degree over C has roots — the fundamental theorem of algebra. "Solvable by radicals" means those roots have a closed-form expression in radicals. The quintic has five complex roots; you just cannot write them with √, ∛, ⁴√, ⁵√.
• Assuming the Galois group is always S_n. Specific polynomials often have smaller Galois groups. x⁵ − 1 has cyclic Galois group of order 4 over Q (it is a cyclotomic extension); x⁴ + 1 has Galois group (Z/2)² over Q, not S₄. Computing the Galois group of a given polynomial is a non-trivial algorithmic problem.
• Forgetting that solvability depends on the base field. x⁵ − 2 is not solvable by radicals over Q only if you mean "by radicals starting from Q". Over Q(ζ₅, ⁵√2) the roots are already there. The theorem refers to a fixed ground field.
• Mis-stating the constructibility criterion. [Q(x):Q] = 2^k is necessary but not sufficient for x to be compass-and-straightedge constructible — you also need x to lie in a tower of quadratic extensions of Q. There exist algebraic numbers of degree 4 that are not constructible because their splitting field has Galois group D₄ rather than (Z/2)².
• Reading "no general formula" as "no formula for any quintic". Specific quintics are solvable: x⁵ − 32 has root 2; x⁵ − 5x⁴ + 5x³ − 1 has Galois group Z/5 and is solvable. Galois's theorem says no single formula handles every quintic.