Update ERC-2333: Move to Review

ERCS/erc-2333.md

@@ -1,15 +1,15 @@
 ---
 eip: 2333
 title: BLS12-381 Key Generation
-author: Carl Beekhuizen (@CarlBeek) <carl@ethereum.org>
-discussions-to: https://github.com/ethereum/EIPs/issues/2337
-status: Stagnant
+author: Carl Beekhuizen (@CarlBeek) <carl@ethereum.org>, Mamy Ratsimbazafy (@mratsim) <mamy@numforge.co>
+discussions-to: https://ethereum-magicians.org/t/erc-2333-erc-2334-erc-2335-bls12-381-key-generation-deterministic-account-hierarchy-keystore/19566
+status: Review
 type: Standards Track
 category: ERC
 created: 2019-09-30
 ---
 
 ## Simple Summary
 
 This EIP is a method based on a tree structure for deriving BLS private keys from a single source of entropy while providing a post-quantum cryptographic fallback for each key.
 
@@ -21,13 +21,13 @@
 
 ## A note on purpose
 
 This specification is designed not only to be an Ethereum 2.0 standard, but one that is adopted by the wider community who have adopted [BLS signatures over BLS12-381](https://datatracker.ietf.org/doc/draft-irtf-cfrg-bls-signature/). It is therefore important also to consider the needs of the wider industry along with those specific to Ethereum. As a part of these considerations, it is the intention of the author that this standard eventually migrate to a more neutral repository in the future.
 
 ## Motivation
 
 ### Deficiencies of the existing mechanism
 
 The curve BLS12-381 used for BLS signatures within Ethereum 2.0 (alongside many other projects) mandates a new key derivation scheme. The most commonly used scheme for key derivation within Ethereum 1.x is [BIP32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki) (also known as HD derivation) which deems keys greater than the curve order invalid. Based on the order of the private key subgroup of BLS12-381 and the size of the entropy utilised, more than 54% of keys generated by BIP32 would be invalid. (secp256k1 keys derived by BIP32 are invalid with probability less than 1 in 2<sup>-127</sup>.)
 
 ### Establishing a multi-chain standard early on
 
@@ -78,8 +78,8 @@
 
 ##### Definitions
 
 * `HKDF-Extract` is as defined in [RFC5869](https://tools.ietf.org/html/rfc5869), instantiated with SHA256
 * `HKDF-Expand` is as defined in [RFC5869](https://tools.ietf.org/html/rfc5869), instantiated with SHA256
 * `K = 32` is the digest size (in octets) of the hash function (SHA256)
 * `L = K * 255` is the HKDF output size (in octets)
 * `""` is the empty string
@@ -107,7 +107,7 @@
 
 ##### Definitions
 
 * `I2OSP` is as defined in [RFC3447](https://ietf.org/rfc/rfc3447.txt) (Big endian decoding)
 * `flip_bits` is a function that returns the bitwise negation of its input
 * `""` is the empty string
 * `a | b` is the concatenation of `a` with `b`
@@ -150,9 +150,9 @@
 * `HKDF-Expand` is as defined in RFC5869, instantiated with hash H.
 * `L` is the integer given by `ceil((3 * ceil(log2(r))) / 16)`.(`L=48`)
 * `"BLS-SIG-KEYGEN-SALT-"` is an ASCII string comprising 20 octets.
 * `OS2IP` is as defined in [RFC3447](https://ietf.org/rfc/rfc3447.txt) (Big endian encoding)
 * `I2OSP` is as defined in [RFC3447](https://ietf.org/rfc/rfc3447.txt) (Big endian decoding)
 * `r` is the order of the BLS 12-381 curve defined in [the v4 draft IETF BLS signature scheme standard](https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04) `r=52435875175126190479447740508185965837690552500527637822603658699938581184513`
 
 ##### Procedure
 
@@ -190,7 +190,7 @@
 
 ### `derive_master_SK`
 
 The child key derivation function takes in the parent's private key and the index of the child and returns the child private key. The seed should ideally be derived from a mnemonic, with the intention being that [BIP39 mnemonics](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki), with the associated [mnemonic_to_seed method](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#from-mnemonic-to-seed) be used.
 
 ##### Inputs