A Zero-Native-Dependency Post-Quantum Cryptographic Toolkit for Node.js: HPKE, LSH-256, and BB84 QKD

Post-quantum cryptographic libraries for JavaScript/Node.js typically rely on native C/C addons or WebAssembly modules, introducing supply-chain risk and cross-platform compilation challenges. We present a zero-native-dependency post-quantum cryptographic toolkit implemented entirely using Node.js built-in crypto primitives (OpenSSL-backed). The toolkit includes: (1) a complete HPKE implementation (RFC 9180) supporting Base, PSK, Auth, and AuthPSK modes with DHKEM(X25519), HKDF-SHA256, and AES-256-GCM or ChaCha20-Poly1305; (2) LSH-256-256 (KS X 3262), a Korean standard hash function with 128-bit post-quantum collision resistance; and (3) a BB84 quantum key distribution simulation with basis reconciliation, eavesdrop detection, and privacy amplification. We describe the implementation approach, verify correctness against reference test vectors, and discuss the design principle of maximizing quantum resistance while minimizing dependency surface.