Multi-factor authentication using quantum communication

We claim: 1. A method of multi-factor authentication that uses quantum communication with a computer system that implements a trusted authority, the method comprising, with a user device: receiving, from the trusted authority, measuring bases specifying polarization bases that the trusted authority used to measure quantum signals received from the user device in a quantum communication session between the user device and the trusted authority, wherein the measuring bases have been obscured by device factor information associated with the user device and user factor information, wherein the device factor information is information for a hash function and the user factor information is a user password; recovering the measuring bases using the device factor information and the user factor information; and deriving secret bits that are shared between the user device and the trusted authority using the recovered measuring bases. 2. The method of claim 1 , the method further comprising, with the user device: retrieving, from the memory of the user device, an encrypted version of the user password and the device factor information; and as part of the multi-factor authentication, transmitting the encrypted version of the user password for use by the trusted authority to recover the user password. 3. The method of claim 1 wherein the multi-factor authentication includes: transmitting pulses of photons; receiving a message signed by the trusted authority; retrieving verification information from the memory of the user device; verifying the trusted authority using the verification information and the signed message. 4. The method of claim 1 wherein the recovering the measuring bases comprises: applying the hash function to the user password; and computing an exclusive-OR of the obscured measuring bases received from the trusted authority and results of applying the hash function to the user password. 5. The method of claim 1 wherein the multi-factor authentication further comprises: exchanging information for two hash functions with the trusted authority; applying one of the two hash functions to shared secret bits resulting from quantum communication and the other of the two hash functions to a user password for the user factor information to produce a verification value; transmitting the verification value; and receiving an indication of success or failure of the multi-factor authentication. 6. A computer system that implements a trusted authority, wherein the computer system is adapted to perform a method of multi-factor authentication that uses quantum communication, the computer system comprising: at least one communication connection configured to receive, from a user device, user factor information associated with a user; at least one memory; and at least one processing unit configured to: retrieve, from the memory of the computer system, device factor information associated with the user device, wherein the device factor information is information for a hash function; apply the hash function to a user password derived from the user factor information; obscure, based on the device factor information and the user factor information, measuring bases specifying polarization bases that the computer system used to measure quantum signals received from the user device in a quantum communication session with the user device, wherein the measuring bases are obscured based on results of applying the hash function to the user password; send the obscured measuring bases to the user device; and derive secret bits that are shared between the computer system and the user device using the measuring bases, wherein the secret bits are derived based on a received indication of which of the measuring bases match sending bases for the quantum communication session. 7. The computer system of claim 6 wherein the user factor information is an encrypted version of a user password, and wherein the at least one processing unit is further configured to: recover the user password from the encrypted version of the user password using a secret encryption key of the trusted authority. 8. The computer system of claim 6 wherein the at least one processing unit is configured to obscure the measuring bases based on an exclusive-OR of information indicating the measuring bases and the results of applying the hash function to the user password. 9. The computer system of claim 6 wherein the at least one processing unit is further configured to: exchange information for two hash functions with the user device; apply one of the two hash functions to the shared secret bits resulting from quantum communication and apply the other of the two hash functions to a user password derived from the user factor information to produce a comparison value; receive a verification value; compare the verification value to the comparison value; and transmit an indication of success or failure of the multi-factor authentication. 10. The computer system of claim 6 wherein functions of the trusted authority are distributed across two or more physical nodes using quantum secret sharing, and wherein the quantum communication with the user device includes quantum secret sharing between the user device and the two or more physical nodes constituting the trusted authority.