Script updating gh-pages from 6e4b4a9. [ci skip]

draft-lucas-bkdf.html

@@ -1476,7 +1476,7 @@ <h2 id="name-the-bkdf-algorithm">
 previous = hash
 result = ByteArray(0)
 for i = 0 to reps - 1
-    previous = PRF(key, previous || LE32(counter++) || UTF8("bkdf"))
+    previous = PRF(key, previous || UTF8("bkdf") || LE32(counter++))
     result = result || previous
 
 return result.Slice(0, length)
@@ -1547,11 +1547,11 @@ <h2 id="name-the-ballooncore-function">
 pseudorandom = ByteArray(0)
 reps = (spaceCost * timeCost * 3) / (HASH_LEN / 4)
 for i = 0 to reps - 1
-    pseudorandom = pseudorandom || PRF(emptyKey, LE64(counter++) || LE32(VERSION) || personalization || LE32(spaceCost) || LE32(timeCost) || LE32(parallelism) || LE32(iteration))
+    pseudorandom = pseudorandom || PRF(emptyKey, LE32(VERSION) || personalization || LE32(spaceCost) || LE32(timeCost) || LE32(parallelism) || LE32(iteration) || LE64(counter++))
 
-buffer[0] = PRF(key, LE64(counter++) || LE32(VERSION) || LE32(spaceCost) || LE32(timeCost) || LE32(parallelism) || LE32(iteration))
+buffer[0] = PRF(key, LE32(VERSION) || LE32(spaceCost) || LE32(timeCost) || LE32(parallelism) || LE32(iteration) || LE64(counter++))
 for m = 1 to spaceCost - 1
-    buffer[m] = PRF(key, LE64(counter++) || buffer[m - 1])
+    buffer[m] = PRF(key, buffer[m - 1] || LE64(counter++))
 
 offset = 0
 previous = buffer[spaceCost - 1]
@@ -1560,7 +1560,7 @@ <h2 id="name-the-ballooncore-function">
         other1 = ReadLE32(pseudorandom.Slice(offset, 4)) % spaceCost
         other2 = ReadLE32(pseudorandom.Slice(offset + 4, 4)) % spaceCost
         other3 = ReadLE32(pseudorandom.Slice(offset + 8, 4)) % spaceCost
-        buffer[m] = PRF(key, LE64(counter++) || previous || buffer[m] || buffer[other1] || buffer[other2] || buffer[other3])
+        buffer[m] = PRF(key, previous || buffer[m] || buffer[other1] || buffer[other2] || buffer[other3] || LE64(counter++))
         previous = buffer[m]
         offset = offset + 12
 

draft-lucas-bkdf.txt

@@ -317,7 +317,7 @@ reps = Ceiling(length / HASH_LEN)
 previous = hash
 result = ByteArray(0)
 for i = 0 to reps - 1
-    previous = PRF(key, previous || LE32(counter++) || UTF8("bkdf"))
+    previous = PRF(key, previous || UTF8("bkdf") || LE32(counter++))
     result = result || previous
 
 return result.Slice(0, length)
@@ -374,11 +374,11 @@ emptyKey = ZeroPad(ByteArray(0), KEY_LEN)
 pseudorandom = ByteArray(0)
 reps = (spaceCost * timeCost * 3) / (HASH_LEN / 4)
 for i = 0 to reps - 1
-    pseudorandom = pseudorandom || PRF(emptyKey, LE64(counter++) || LE32(VERSION) || personalization || LE32(spaceCost) || LE32(timeCost) || LE32(parallelism) || LE32(iteration))
+    pseudorandom = pseudorandom || PRF(emptyKey, LE32(VERSION) || personalization || LE32(spaceCost) || LE32(timeCost) || LE32(parallelism) || LE32(iteration) || LE64(counter++))
 
-buffer[0] = PRF(key, LE64(counter++) || LE32(VERSION) || LE32(spaceCost) || LE32(timeCost) || LE32(parallelism) || LE32(iteration))
+buffer[0] = PRF(key, LE32(VERSION) || LE32(spaceCost) || LE32(timeCost) || LE32(parallelism) || LE32(iteration) || LE64(counter++))
 for m = 1 to spaceCost - 1
-    buffer[m] = PRF(key, LE64(counter++) || buffer[m - 1])
+    buffer[m] = PRF(key, buffer[m - 1] || LE64(counter++))
 
 offset = 0
 previous = buffer[spaceCost - 1]
@@ -387,7 +387,7 @@ for t = 0 to timeCost - 1
         other1 = ReadLE32(pseudorandom.Slice(offset, 4)) % spaceCost
         other2 = ReadLE32(pseudorandom.Slice(offset + 4, 4)) % spaceCost
         other3 = ReadLE32(pseudorandom.Slice(offset + 8, 4)) % spaceCost
-        buffer[m] = PRF(key, LE64(counter++) || previous || buffer[m] || buffer[other1] || buffer[other2] || buffer[other3])
+        buffer[m] = PRF(key, previous || buffer[m] || buffer[other1] || buffer[other2] || buffer[other3] || LE64(counter++))
         previous = buffer[m]
         offset = offset + 12