This article generalizes the simplified Shallue–van de Woestijne–Ulas (SWU) method of a deterministic finite field mapping \(h\!: \mathbb {F}_{q} \to E_{a}(\mathbb {F}_{q})\) to the case of any elliptic \(\mathbb {F}_{q}\)-curve E_a : y² = x³ − ax of j-invariant 1728. In comparison with the (classical) SWU method the simplified SWU method allows to avoid one quadratic residuosity test in the field \(\mathbb {F}_{q}\), which is a quite painful operation in cryptography with regard to timing attacks. More precisely, in order to derive h we obtain a rational \(\mathbb {F}_{q}\)-curve C (and its explicit quite simple proper \(\mathbb {F}_{q}\)-parametrization) on the Kummer surface \(K^{\prime }\) associated with the direct product \({E_{a}} \times {E_{a}^{\prime }}\), where \(E_{a}^{\prime }\) is the quadratic \(\mathbb {F}_{q}\)-twist of E_a. Our approach of finding C is based on the fact that every curve E_a has a vertical \(\mathbb {F}_{q^{2}}\)-isogeny of degree 2.

本文概括了确定性有限域映射的简化 Shallue-van de Woestijne-Ulas (SWU) 方法\(h\!: \mathbb {F}_{q} \to E_{a}(\mathbb {F}_ {q})\)到任何椭圆\(\mathbb {F}_{q}\) -curve E _a : y ² = x ³ − a x of j -invariant 1728 的情况。 ) SWU 方法 简化的 SWU 方法允许避免场\(\mathbb {F}_{q}\)中的二次残差测试，这是密码学中关于定时攻击的非常痛苦的操作。更准确地说，为了推导出h，我们获得了一个有理数\(\mathbb {F}_{q}\) - Kummer 表面上的曲线C（及其明确的非常简单的正确\(\mathbb {F}_{q}\) -参数化）\(K^{\prime }\)与直接乘积\({E_{a}} \times {E_{a}^{\prime }}\) 相关联，其中\(E_{a}^{\prime }\)是二次方\ (\mathbb {F}_{q}\) - E _{a 的}扭曲。我们找到C 的方法是基于这样一个事实，即每条曲线E _a都有一个垂直的\(\mathbb {F}_{q^{2}}\) - 2 次同构。