In short

To prove "no quantum algorithm can solve problem X in fewer than f(n) oracle queries," you need a general technique — one that rules out every possible quantum circuit, not just the ones we have invented. Two such techniques dominate the field.

The polynomial method (Beals, Buhrman, Cleve, Mosca, de Wolf, 2001). Show that after T queries to an oracle, the success probability of any quantum algorithm is a polynomial of degree at most 2T in the oracle's bits. If the problem's yes-no structure forces any acceptance polynomial to have degree \geq D, you get T \geq D/2. Grover's \Omega(\sqrt N) drops out: distinguishing "zero marked inputs" from "one marked input" needs a polynomial of degree \Omega(\sqrt N).

The adversary method (Ambainis, 2000). Define a relation R pairing yes-inputs with no-inputs. Bound the total amplitude that a single oracle query can transport between paired inputs. Lower-bound the total amount of amplitude transport needed. Divide. You get T \geq \Omega(\sqrt{\text{something}}) where the "something" depends on the pair structure of the problem. The adversary method gives \Omega(N^{2/3}) for element distinctness (Ambainis, 2004) and \Omega(N^{1/3}) for collision finding (Aaronson-Shi, 2004). Later refinements — the negative-weight adversary method (Høyer-Lee-Špalek 2007) and span programs — make the adversary method tight for every Boolean query problem.

Together, these methods are how quantum computer science knows where the ceiling is. They are the proofs that keep the "quantum solves everything" hype grounded, and they are the tools a quantum algorithm designer uses to know when to stop trying.

Grover's algorithm finds a marked input among N in O(\sqrt N) queries. BBBV tells you \Omega(\sqrt N) is a hard floor — no faster quantum algorithm exists. That single lower bound explains why you will never find unstructured search algorithms doing better than square root.

But BBBV is one lower bound on one problem. The universe of "problems a quantum computer might solve quickly" is larger. For element distinctness — given N numbers, are any two equal? — Ambainis (2004) gave a quantum algorithm running in O(N^{2/3}) queries. Is this the best you can do, or is there a hidden O(\sqrt N) or even O(\log N) algorithm we have not discovered?

These are the questions of quantum query lower bounds. They ask not "what is the fastest algorithm we know?" — an upper-bound question — but "what is the fastest algorithm that could possibly exist?" — a lower-bound question, and fundamentally harder to prove.

Upper bounds you can get by cleverness; you just need to invent a good algorithm. Lower bounds require an argument that rules out every algorithm, including ones no one has thought of yet. This chapter is about the two techniques that dominate the field: the polynomial method and the adversary method. By the end, you will see why Grover is optimal, why element distinctness is \Theta(N^{2/3}), and why the tools behind these proofs matter beyond the specific problems.

Why lower bounds are hard

Before the techniques, see the shape of the difficulty. A quantum query algorithm is a sequence of T unitary gates interleaved with T applications of the oracle O_f. The oracle O_f depends on the input f: \{0,1\}^n \to \{0,1\} (or more general input). After T queries plus post-processing unitaries, the algorithm measures and outputs a bit.

To prove a lower bound, you need to argue: for every possible sequence of unitaries and every measurement, the algorithm fails to distinguish yes-inputs from no-inputs unless T is big enough.

The space of possible algorithms is infinite-dimensional. The search for an obstacle has to be structural — some invariant of quantum computation that any T-query algorithm must respect, bounding its distinguishing power.

The two techniques below each identify such an invariant:

Both turn the problem of "bound every algorithm" into "bound a specific quantity that any algorithm induces."

Why quantum lower bounds are hardSchematic showing the difference between upper and lower bound arguments. Top row: upper bound — a specific algorithm (box) acts on input and produces a success probability. Bottom row: lower bound — a universe of infinitely many possible algorithms, arguments must rule all of them out. Arrow from "adversary method" and "polynomial method" labelled "structural obstructions" pointing into the universe of algorithms.upper bounds: show one algorithm. lower bounds: rule out all of them.UPPER BOUND (e.g. Grover):inputone specificalgorithmanswerp ≥ 2/3LOWER BOUND:inputuniverse ofall T-query algorithmsanswerp ≥ 2/3 (claimed)polynomial methodadversary methodstructural obstructions
The asymmetry: an upper bound is one algorithm, a lower bound is a statement about every possible algorithm. The polynomial and adversary methods are the two structural obstructions we use to bound the whole universe of algorithms at once.

The polynomial method — success as a polynomial

Here is the core idea. An oracle O_f for a Boolean function f on N-bit inputs can be described as a list of N oracle bits x_1, x_2, \ldots, x_N (each x_i \in \{0, 1\}). The oracle itself is a unitary:

O_f |i\rangle|b\rangle = |i\rangle|b \oplus x_i\rangle.

Every gate in a quantum circuit depends on the oracle only through its query. Consider the amplitude of each basis state in the final quantum state. This amplitude is a function of the oracle bits (x_1, \ldots, x_N). A one-qubit phase oracle O_f |i\rangle = (-1)^{x_i}|i\rangle contributes a factor of (-1)^{x_i} = 1 - 2 x_i (linear in x_i) to the amplitude. A bit-flip oracle contributes terms like x_i or (1 - x_i) — also linear.

The key observation (BBCMdW 2001). After T queries, each amplitude in the final state is a polynomial of degree at most T in the variables x_1, \ldots, x_N. Therefore the probability of any measurement outcome — which is |\text{amplitude}|^2 — is a polynomial of degree at most 2T in the same variables.

The polynomial method

Let \mathcal A be a quantum algorithm making T queries to an oracle whose input is a binary string x = (x_1, \ldots, x_N) \in \{0,1\}^N. Define P(x) = \Pr[\mathcal A(x) \text{ outputs } 1]. Then P, viewed as a multilinear function of x_1, \ldots, x_N, has degree at most 2T.

Consequence: if a problem forces the acceptance probability to be any polynomial of degree at least D, then T \geq D/2.

Why this matters: it reduces the problem of bounding quantum algorithms to a problem about polynomials — a classical mathematical object with a huge arsenal of tools (approximation theory, Markov's inequality, Jackson's theorem). You no longer have to think about quantum states or unitaries; you have to think about low-degree polynomials that have to approximate a given \{0, 1\}-valued function.

Grover's bound via polynomial method

The OR function: \mathrm{OR}(x_1, \ldots, x_N) = 1 iff some x_i = 1. A quantum algorithm for unstructured search must distinguish "all zeros" (OR = 0) from "some x_i = 1" (OR = 1). So the acceptance probability polynomial P must satisfy:

A classical result from approximation theory (Nisan-Szegedy 1994 lower bound on approximate polynomial degree of OR) says: any polynomial P with these properties has degree at least \Omega(\sqrt N). Therefore 2T \geq \Omega(\sqrt N), so T \geq \Omega(\sqrt N).

This is the polynomial-method proof of Grover's lower bound. It is cleaner and more general than BBBV's hybrid argument, and it extends to many other problems.

The majority function

\mathrm{MAJ}(x_1, \ldots, x_N) = 1 iff more than half of the x_i are 1. The approximate degree of MAJ is \Omega(N) — you need a polynomial of degree at least N to approximate the majority to constant error. Consequence: any quantum algorithm for majority uses \Omega(N) queries. No quantum speedup over classical O(N) — majority is fundamentally sequential even with quantum resources.

Polynomial method — the general recipe

To prove a quantum lower bound of \Omega(D) for problem P using the polynomial method:

  1. Characterise P as a Boolean function f: \{0, 1\}^N \to \{0, 1\}.
  2. Show that any polynomial p with p(x) \leq 1/3 for x with f(x) = 0 and p(x) \geq 2/3 for x with f(x) = 1 has degree \geq D.
  3. Conclude: any quantum algorithm uses \geq D/2 queries.

The hardest step is (2) — the approximation-theory lower bound on polynomial degree. For OR, MAJ, PARITY, symmetric functions, and many others, these bounds are known.

The polynomial method in one pictureTwo panels side by side. Left panel: a quantum algorithm box with T oracle queries indicated by arrows, and an output circle labelled p(x). Right panel: the polynomial p(x) has degree at most 2T. Below, a blue line sketch shows p rising from below 1/3 at x=0 to above 2/3 at x with OR=1. The shaded gap between 1/3 and 2/3 is labelled "forbidden band — polynomial must have degree Ω(√N)".the polynomial method: algorithm ↔ polynomialquantum algorithmU₁O_fU₂O_f… T oracle queries interleaved with unitariesmeasurePr[accept] = P(x₁, …, xₙ)P is a polynomial of degree ≤ 2Tx12/31/30forbidden bandP(0⃗)≤1/3P(x)≥2/3 if OR=1
The polynomial method translates a $T$-query quantum algorithm into a degree-$2T$ multilinear polynomial in the oracle bits. Distinguishing $x = \vec 0$ from any $x$ with OR$(x) = 1$ forces the polynomial to cross the forbidden band between probabilities $1/3$ and $2/3$, which by approximation theory requires degree $\Omega(\sqrt N)$. This gives Grover's lower bound cleanly.

The adversary method — bounding amplitude transport

The polynomial method is powerful but sometimes loose. For problems with a richer structure — like element distinctness or graph problems — the polynomial bound gives only \Omega(\sqrt N) when the true answer is higher. Enter the adversary method, invented by Ambainis (2000).

The idea

Pair up yes-inputs and no-inputs: let R \subseteq X \times Y where X is the set of yes-instances and Y is the set of no-instances. Each (x, y) \in R is a "hard pair" — x and y differ somewhere, but the algorithm must output different answers on them.

A quantum algorithm's state on input x and on input y must become "far apart" by the end — otherwise the measurement cannot distinguish them. Each oracle query changes the state only at indices where x and y differ (other indices don't affect the query response). Bound how much two states can separate per query, sum over queries, and compare to the required final separation.

This gives a lower bound on T of the form:

T \geq \Omega\left( \sqrt{\frac{|R|^2 / (|X| |Y|)}{\max_i \text{local disagreement at bit } i}} \right).

The exact quantity in the denominator — called the "adversary ratio" — depends on the relation R and the structure of the function.

The adversary method (simplified form)

For a decision problem with yes-inputs X and no-inputs Y, choose a relation R \subseteq X \times Y. Define:

  • m = \min_{x \in X} |\{y : (x, y) \in R\}| — minimum number of partners for any yes-input.
  • m' = \min_{y \in Y} |\{x : (x, y) \in R\}| — minimum partners for any no-input.
  • \ell_{x,i} = |\{y : (x, y) \in R, x_i \neq y_i\}| — number of partners of x that disagree at bit i.
  • \ell'_{y,i} = |\{x : (x, y) \in R, x_i \neq y_i\}| — similarly for y.
  • \ell_{\max} = \max_{x, y, i} (\ell_{x,i} \cdot \ell'_{y,i} / (m \cdot m')) — maximum "local bias."

Then the quantum query complexity of the problem is at least:

T = \Omega\left( \sqrt{\frac{1}{\ell_{\max}}} \right).

The formulation is technical; the intuition is the one from the start: each query can only move amplitude across pairs that differ at the queried bit, and the bound \ell_{\max} quantifies how concentrated this movement can be. If the relation is "spread out" — most bits appear in roughly the same number of pairs — you get strong lower bounds.

The adversary method for search

For Grover-style search, take X = \{e_1, e_2, \ldots, e_N\} (single-marked inputs) and Y = \{\vec 0\} (all-zeros). Relate every e_i to \vec 0. Analysis gives \ell_{\max} = 1/N, so T = \Omega(\sqrt N). Same as polynomial method; consistent with BBBV.

Element distinctness

The problem. Given N values y_1, \ldots, y_N (each in a large alphabet), decide whether any two are equal.

Best upper bound (Ambainis 2004): O(N^{2/3}) queries, using a quantum walk on the Johnson graph.

Best lower bound (Aaronson-Shi 2004, using the polynomial method; and a tight adversary-method proof later): \Omega(N^{2/3}).

The adversary method proof defines X = "inputs with a collision at positions (i, j)" and Y = "injective inputs." The relation pairs a collision-at-(i, j) input with its corresponding injective input (where we "resolve" the collision). Local bias analysis gives \ell_{\max} = O(N^{-4/3}), so T = \Omega(N^{2/3}).

The adversary method: pair yes-inputs with no-inputsDiagram showing two sets — yes-inputs X on the left and no-inputs Y on the right. Lines (the relation R) connect specific pairs between X and Y. Each pair is labelled with the bit index they differ at. A small arrow above shows that each oracle query can only change amplitude across pairs that differ at the queried bit, with bounded rate.the adversary method: hard pairs and amplitude transportX (yes-inputs)x₁x₂x₃x₄Y (no-inputs)y₁y₂y₃y₄(x₁, y₁) ∈ R, differ at bit 3(x₂, y₃) ∈ R, differ at bit 5(x₃, y₂) ∈ R, differ at bit 1(x₄, y₄) ∈ R, differ at bit 7each oracle query moves amplitude only across pairs disagreeing at that bit
The adversary method sets up a relation $R$ pairing yes-inputs with no-inputs. Each pair $(x, y)$ is "hard" — the algorithm must output different answers on them. Each oracle query to bit $i$ can move amplitude only across pairs where $x_i \neq y_i$, and the rate of movement per query is bounded by the pair structure. Summing gives the lower bound.

Collision finding

The problem. Given a function f: \{1, \ldots, N\} \to \{1, \ldots, N\} (promised to be either one-to-one or two-to-one), decide which. If two-to-one, find a collision.

Best upper bound (Brassard-Høyer-Tapp 1997): O(N^{1/3}) queries, using amplitude estimation on a small sample.

Best lower bound (Aaronson 2002, sharpened by Aaronson-Shi 2004, Kutin 2005): \Omega(N^{1/3}). The lower-bound proof uses the polynomial method with a careful symmetrisation argument — the adversary method gives only \Omega(N^{1/4}) naively.

Recent refinements

The basic adversary method has been extended several times:

These results mean: modulo SDP solvability, quantum query complexity for Boolean functions is now exactly characterised. The adversary method is not just a tool; it is the right concept.

A table of tight bounds

To anchor the abstractions, here are the headline query complexity results — all now known tight (upper bound matched by lower bound).

Problem Classical queries Quantum queries Lower-bound tool
Unstructured search (OR) \Theta(N) \Theta(\sqrt N) BBBV / polynomial / adversary
Parity (XOR of N bits) \Theta(N) \Theta(N) polynomial method
Majority \Theta(N) \Theta(N) polynomial method
Element distinctness \Theta(N \log N) (sorting) \Theta(N^{2/3}) polynomial + adversary
Collision (2-to-1 vs 1-to-1) \Theta(\sqrt N) \Theta(N^{1/3}) polynomial (symmetrisation)
Triangle finding in graphs \Theta(N^2) \tilde O(N^{5/4}) span programs
OR of n \times n matrix \Theta(n^2) \Theta(n) adversary
Sorting N numbers \Theta(N \log N) \Theta(N \log N) (no speedup) polynomial (symmetric functions)

The column of note is the last one: for each quantum lower bound, the tool that proves it. The polynomial and adversary methods together cover essentially every known quantum query lower bound.

Example 1: The polynomial-method proof of Grover's $\Omega(\sqrt N)$

The cleanest illustration of the polynomial method.

The problem. Given oracle access to N bits x_1, \ldots, x_N \in \{0, 1\}, decide OR(x) = x_1 \vee x_2 \vee \ldots \vee x_N.

Step 1. A quantum algorithm with T queries has acceptance probability P(x_1, \ldots, x_N) that is a polynomial of degree at most 2T in the x_i.

Step 2. Since each x_i \in \{0, 1\}, x_i^2 = x_i, so we can assume P is multilinear: each variable appears to degree at most 1.

Step 3. The algorithm must satisfy:

  • P(\vec 0) \leq 1/3 (reject when all zeros).
  • P(x) \geq 2/3 for every x with at least one x_i = 1.

Step 4. By symmetry (the OR function is symmetric in its inputs), we can symmetrise P: replace P(x) with its average over all permutations of the x_i. This gives a polynomial \tilde P depending only on the Hamming weight |x| = x_1 + \ldots + x_N, and still of degree at most 2T. Specifically, \tilde P is a polynomial in the single variable s = |x| of degree at most 2T.

Step 5. The conditions become:

  • \tilde P(0) \leq 1/3.
  • \tilde P(s) \geq 2/3 for s = 1, 2, \ldots, N.

Why this symmetrisation works: Grover's problem depends only on whether |x| > 0, not which specific bits are 1. Any quantum algorithm's acceptance polynomial, averaged over the x_i's symmetric group, gives a polynomial that depends only on the Hamming weight, and with the same degree.

Step 6. Invoke Nisan-Szegedy 1994: any polynomial p of degree d with |p(0) - p(1)| \geq 1/3 and |p(s)| \leq 1 for s = 1, \ldots, N satisfies d \geq \Omega(\sqrt N). This is a classical approximation-theory result based on the Chebyshev polynomial.

Step 7. Apply to our \tilde P: we have |\tilde P(0) - \tilde P(1)| \geq 2/3 - 1/3 = 1/3, so \deg \tilde P \geq \Omega(\sqrt N). Since \deg \tilde P \leq 2T, we get T = \Omega(\sqrt N).

Polynomial-method proof of Grover's lower boundA plot showing a Chebyshev-like polynomial rising sharply from below 1/3 at s=0 to above 2/3 at s=1 and remaining above 2/3 through s=N. The degree of such a polynomial is proven to be at least Ω(√N). Horizontal axis: Hamming weight s from 0 to N. Vertical axis: polynomial value from 0 to 1, with a shaded forbidden band between 1/3 and 2/3.the acceptance polynomial P̃(s) must jump at s=0 → s=1s (Hamming weight)P̃(s)12/31/30012Nforbidden band (1/3, 2/3)P̃(0) ≤ 1/3P̃(1) ≥ 2/3P̃(N) ≥ 2/3
The symmetrised polynomial $\tilde P(s)$ must be $\leq 1/3$ at $s = 0$ and $\geq 2/3$ at $s = 1, 2, \ldots, N$. Nisan-Szegedy's approximation-theory theorem forces any polynomial with these properties to have degree at least $\Omega(\sqrt N)$, and the degree bound $2T$ on the quantum algorithm's acceptance polynomial gives $T = \Omega(\sqrt N)$.

Result. No quantum algorithm solves unstructured search in fewer than \Omega(\sqrt N) oracle queries. This is a sharper restatement of Grover's BBBV-based optimality, derived using the polynomial method. The method generalises to every problem whose yes-no structure has a similar "jump" between nearby Hamming weights.

Example 2: The adversary-method sketch for element distinctness $\Omega(N^{2/3})$

The adversary method applied to a non-trivial problem.

The problem. Element distinctness. Given y_1, \ldots, y_N \in [M] with M = \mathrm{poly}(N), decide whether all y_i are distinct.

Step 1. Define the yes and no sets:

  • X = inputs with exactly one collision — one pair (i, j) with y_i = y_j and all other values distinct.
  • Y = injective inputs — all y_i distinct.

Step 2. Define the relation R: (x, y) \in R iff they agree on all coordinates except one, where x has a collision with another coordinate and y has a "resolved" value. Specifically, x \in X has a collision at (i, j), and y \in Y is obtained from x by changing y_i or y_j to a fresh unused value.

Step 3. Count the relationships:

  • Each x \in X has a collision at one of \binom{N}{2} = \Theta(N^2) pairs. For each of the 2 collision members, we can resolve to any of M - N remaining values. So |R|/|X| \approx M.
  • Each y \in Y can be converted to a collision by picking one of its N values and changing it to match another — \Theta(N) choices. So |R|/|Y| \approx N.

Step 4. Local bias \ell_{x, i} — how many of x's partners differ at index i. Only the two collision indices can differ to reach a partner in Y. So \ell_{x, i} is nonzero for exactly 2 indices out of N. Similarly \ell'_{y, i} is bounded.

Step 5. The adversary bound becomes (after the technical analysis):

T = \Omega\left( \sqrt{\frac{|R|^2}{|X| |Y| \cdot \ell_{\max}}} \right) = \Omega(N^{2/3}).

Why the N^{2/3} comes out: the adversary quantity balances the size of R against the concentration of disagreement at individual bits. With |R| \approx M N^2 \cdot (M-N) / |X| and \ell_{\max} \approx 1/N, the square-root formula yields N^{2/3} after careful cancellation.

Step 6. This matches Ambainis's O(N^{2/3}) upper bound. Element distinctness quantum query complexity is \Theta(N^{2/3}).

Adversary pairing for element distinctnessTwo panels side by side. Left panel labelled "collision input x": a horizontal row of boxes showing values y1=3, y2=7, y3=2, y4=7 (collision at positions 2, 4 shown in accent). Right panel labelled "injective input y": same but y4 changed to 5. Arrow between them labelled "differ at bit 4 only". Below, the formula showing T ≥ Ω(N^(2/3)) from the adversary ratio.element distinctness: adversary pair (x, y) differ at one coordinatecollision input x (∈ X)3y₁7y₂2y₃7y₄collision at (2, 4)(x, y) ∈ Rdiffer at index 4injective input y (∈ Y)3y₁7y₂2y₃5y₄all distinctT ≥ Ω(√(|R|² / (|X||Y| · ℓ_max))) = Ω(N^(2/3))matched by Ambainis's O(N^(2/3)) upper bound via quantum walk on Johnson graph
The adversary relation for element distinctness. A collision input $x$ with collision at $(2, 4)$ is paired with an injective input $y$ differing only at index $4$ (the collision is "resolved"). A quantum query at index $4$ is the only way to distinguish the pair — and the counting of such pairs with local bias analysis gives $\Omega(N^{2/3})$.

Result. The quantum query complexity of element distinctness is \Theta(N^{2/3}). This tight bound is one of the most-cited quantum lower bounds and a cornerstone of quantum algorithm design: it says quantum walks on Johnson-graph-like structures achieve the optimal speedup for this problem.

Common confusions

Going deeper

You have seen the polynomial method (degree of the acceptance polynomial) and the adversary method (amplitude transport between paired inputs), applied to Grover's \Omega(\sqrt N) and element distinctness's \Omega(N^{2/3}). The rest of this section goes into specific quantum circuits as polynomials, the semidefinite programme for the adversary method, span programs, and the role of lower bounds beyond unstructured search.

Why the polynomial bound is 2T and not T

The oracle O_f acts as either a bit-flip or a phase-kickback. In the phase-kickback form, O_f |i\rangle = (-1)^{x_i}|i\rangle. In the bit-flip form, it writes to an ancilla qubit. Either way, the state after one oracle call is a linear combination of basis states where each amplitude contains x_i linearly or not at all — so amplitudes become degree-1 polynomials in the x_i. After T queries, amplitudes are degree-T polynomials.

But the measurement probability is |\text{amplitude}|^2, which squares the polynomial, giving degree 2T. For general measurement outcomes, \Pr[\text{outcome} = y] is a linear combination of such squared polynomials — still degree \leq 2T.

Span programs — a deep equivalence

A span program is a specific computational primitive: a collection of vectors v_1, \ldots, v_n in a Hilbert space (one per input bit), and a target vector t. The span program "computes" a Boolean function by saying: on input x, look at the vectors v_i for i where x_i = 1; f(x) = 1 iff t is in their span.

Reichardt (2011) proved: every Boolean function f has a span program whose complexity (a specific measure) equals the quantum query complexity of f. And there is a matching quantum algorithm that runs the span program. This is a striking "complexity equals complexity" result: quantum query complexity is fully characterised by a classical combinatorial object.

The SDP formulation of the adversary method

Høyer, Lee, and Špalek (2007) expressed the negative-weight adversary bound as the optimal value of a semidefinite programme:

\text{ADV}^\pm(f) = \max_{\Gamma} \frac{\|\Gamma\|}{\max_i \|\Gamma \circ D_i\|}

where \Gamma is a matrix indexed by inputs, \|\cdot\| is the spectral norm, D_i is the Hamming-weight-disagreement matrix at bit i, and \circ is entrywise product.

The key property: \text{ADV}^\pm(f) = Q(f) exactly — the negative-weight adversary bound equals the quantum query complexity. This makes query complexity computationally well-defined (modulo SDP solvability).

Lower bounds beyond unstructured search

The polynomial and adversary methods extend beyond query problems in the unstructured sense:

Relation to classical query complexity

Classical decision trees have their own lower-bound theory. For monotone functions, the sensitivity conjecture (Huang 2019) relates classical randomised query complexity to combinatorial properties of the input. The quantum polynomial method has no direct classical analogue, but the adversary method is related to classical techniques like the approximate degree (the same tool used in the polynomial method) for randomised algorithms.

Indian context — theoretical quantum computing in India

The Indian Institute of Science (IISc) Bangalore has a strong theoretical CS tradition that includes work on quantum query complexity. Researchers at the Tata Institute of Fundamental Research (TIFR) Mumbai have contributed to communication-complexity lower bounds using related techniques. The Chennai Mathematical Institute and the Institute of Mathematical Sciences (both in Chennai) host theoretical computer scientists working on complexity-theoretic lower bounds. The National Quantum Mission funds some of this theoretical work, recognising that understanding fundamental limits of quantum computing is as important as engineering the hardware.

Where this leads next

References

  1. Robert Beals, Harry Buhrman, Richard Cleve, Michele Mosca, Ronald de Wolf, Quantum Lower Bounds by Polynomials (1998, 2001) — the founding paper on the polynomial method. arXiv:quant-ph/9802049.
  2. Andris Ambainis, Quantum Lower Bounds by Quantum Arguments (2000) — the original adversary method. arXiv:quant-ph/0002066.
  3. Andris Ambainis, Quantum Walk Algorithm for Element Distinctness (2004) — the O(N^{2/3}) upper bound. arXiv:quant-ph/0311001.
  4. Peter Høyer, Troy Lee, Robert Špalek, Negative Weights Make Adversaries Stronger (2007) — the tight-adversary SDP formulation. arXiv:quant-ph/0611054.
  5. Harry Buhrman and Ronald de Wolf, Complexity Measures and Decision Tree Complexity: A Survey (2002) — classical/quantum query complexity survey. link.
  6. Wikipedia, Quantum query complexity.