Address reviews

- be more explicit about what hardware was used to the generate the cached data

- explain why the find_zs_and_us computation fails only negligibly

halo2_gadgets/data/README.md

@@ -4,4 +4,4 @@ The various `*fixed_point*.json` files are used to test fixed-base scalar multip
 
     cargo test -p halo2_gadgets cache_to_disk --features cache-test-data
 
-Warning: the full generation process took 17.5 hours on my laptop!
+Warning: the full generation process is very slow, and took 17.5 hours on a 4 core Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz with 16GB memory.

halo2_gadgets/src/ecc/chip/constants.rs

@@ -118,11 +118,20 @@ pub fn find_zs_and_us<C: CurveAffine>(
             .iter()
             .map(|point| *point.coordinates().unwrap().y())
             .collect();
-        // This search should take 2^16 iterations on average: half the points
-        // in the field are squares, and assuming the `ys = {y_i}_i` are uniform
-        // random, each `y_i + z` and `-y_i + z` has a 1/2 chance of being a
-        // square. Pretending these are indep, we get 1/2^16 chance that all
-        // `y_i + z` are squares while no `-y_i + z` are squares.
+        // This search should take `2^(2*H)` iterations on average: half the
+        // points in the field are squares, and assuming the `ys = {y_i}_i` are
+        // uniform random, each `y_i + z` and `-y_i + z` has a 1/2 chance of
+        // being a square. Pretending these are indep, and noting there are `H`
+        // points `y_i`, we get a `1/2^(2*H)` chance that all `y_i + z` are
+        // squares while at the same time no `-y_i + z` are squares. So, on
+        // average we will succeed after `2^(2*H)` iterations.
+        //
+        // The probability of failure after `1000*(2^(2*H))` iterations here is
+        // negligible, less than `(1/e)^1000`, using the bound
+        //
+        //     (1 - x) \le 1/e^x,
+        //
+        // which is true for all non-negative `x`.
         (0..(1000 * (1 << (2 * H)))).find_map(|z| {
             ys.iter()
                 .map(|&y| {
@@ -395,8 +404,9 @@ proceed with generation.",
     /// This code is only ever expected to be run once, unless/until more curves
     /// are added in the future.
     ///
-    /// On my laptop this generation process takes about 17.5 hours, and on the
-    /// beefier CI machines 8 or 9 hours IIRC.
+    /// On a 4 core Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz with 16GB memory
+    /// this generation process took about 17.5 hours, and on the beefier CI
+    /// machines 8 or 9 hours.
     #[cfg(feature = "cache-test-data")]
     mod cache_to_disk {
         use super::*;