What happens if you reuse a One-Time Pad key for two different messages?
Reusing a OTP key completely destroys its security — an attacker can XOR the two ciphertexts together to eliminate the key and obtain the XOR of the two plaintexts.
* Reuse the pad and the key cancels: C1⊕C2 = M1⊕M2, recoverable by crib-dragging. *
The attack:
C1 = M1 ⊕ K
C2 = M2 ⊕ K
C1 ⊕ C2 = (M1 ⊕ K) ⊕ (M2 ⊕ K) = M1 ⊕ M2
The key K cancels out! Now the attacker has M1 ⊕ M2, and using frequency analysis and known-plaintext techniques (known as "crib dragging"), they can often recover both messages.
Real-world failure: The VENONA project — the NSA broke Soviet spy communications because some OTP key pages were reused. This shows that even the theoretically perfect cipher fails catastrophically with key reuse.
Tip: This same principle applies to all stream ciphers — never reuse a keystream, whether it's from an OTP or a PRNG-based stream cipher.
Go deeper:
VENONA project (Wikipedia) — how reused Soviet one-time-pad pages were broken.