I feel like that is quite unlikely. Both the hash and bitwise comparisons read both files in both cases. In the not-equal case the hash reads the entirety of both files, so its slower than a start-to-end bitwise comparison, which exits at the first not-equal bit. In the equal case, both read the entirety of both files. Various other bitwise strategies can be faster than start-to-end, rdfind for example checks the start of the file first, then the end, then the rest of the file.
The hash being cryptographically secure is significant. In contrast, you could use (for example) md5 to non-cryptographically verify that the full process matched.
Sorry, the point I was making is that this isn't cryptography- it's the properties of a cryptographic hash (hard to spoof) that are useful. I don't think any verified build program uses the hash to encrypt data at any point. If I'm wrong on this point, that's fine, but please include a link.
Sure, "verified in a cryptographically secure manner" is technically not equivalent to "cryptographically verified" but the response "it's not cryptographic" is rather ambiguous at best given that it is, in fact, a cryptographically secure manner of verification. The key observation here being that an algorithm or process being "cryptographically secure" does not mean that it is "cryptographic" in nature (ie implements or uses cryptography).
The Reproducible Builds project also wrote diffoscope, which goes quite far with helping identify where differences occur and how to fix them.
https://reproducible-builds.org/ https://diffoscope.org/ https://try.diffoscope.org/