Is the One Time Pad (OTP) considered a cryptographic hash function?

Question

As the title states, would the One Time Pad (OTP) be considered a cryptographic hash function?

Answer 1

No, OTP would not be considered a cryptographical hash function.

• OTP takes a key; cryptographical hash functions don't

• It's generally expected that the output of a hash function be of fixed length, independent of input length. The output of OTP is the same length as the input.

• Hash functions are deterministic (that is, if you give the same input twice, you get the same output); if your hash-like OTP function uses a new portion of the keystream for every message, than the exact same input will yield different outputs if you call it repeatedly.

Answer 2

No.

First, lets agree on what an OTP is. It's a character-by-character replacement function that relies on one key character per cleartext character. An OTP that reuses key material even one time can be broken (see Venona). While it may seem obvious from the name, it's an absolute requirement that the key material be used one and only one time.

Next, let's agree on the properties of a cryptographic hash. A message that is hashed must yield a digest value. It must be infeasible to recover the cleartext value of the message knowing only the digest, it must be infeasible to select a cleartext message that produces a specific digest, and it must be infeasible to produce two cleartext messages that yield the same digest. And, most importantly for this discussion, the algorithm must be deterministic, meaning hashing the same message must yield the same digest value each time it is run given the same message. If this were not true, message digests could not be used for comparing two messages, and hybrid cryptographic functions such as digital signatures would not work.

Therefore, a cryptographic hash function needs to be run more than once to meet its requirements. Yet we know there are security risks running an OTP more than once. Either you reuse the key material for each digest produced and risk compromising the key, or you use new key material for each message hashed and destroy the valuable property of determinism. Because neither of these choices is viable, an OTP is unsuitable for use as a cryptographic hash.

Answer 3

OTP is reversible, and so it's useless as a cryptographic hash function. The answer really is that simple.

Answer 4

Unlike what poncho says, cryptographic hash functions can take keys. And, the cryptographic hash functions' output is not constant (it depends on the security parameter or the size of the key). In many practical examples like SHA-1 or SHA-256, keys are implicit with their sizes fixed and the output size is fixed.

In any case, OTP is an encryption system with perfect secrecy. And it's not possible to realize this in practice (because it requires keys to of same length as message that you are encrypting). However there are schemes that are essentially OTP but use pseudorandom number generators to generate the key that is used to encrypt the message. Those encryption schemes are semantically secure.

One can definitely build a collision-resistent hash function starting from any semantically secure encryption. Look at an introduction to cryptography book for such constructions.