Hashing to elliptic curves of j-invariant 1728

This article generalizes the simplified Shallue-van de Woestijne-Ulas (SWU) method of a deterministic finite field mapping h : F-q -> E-a(F-q) to the case of any elliptic F-q-curve E-a : y(2) = x(3) - ax of j-invariant 1728. In comparison with the (classical) SWU method the simplified SWU method allows to avoid one quadratic residuosity test in the field Fq, which is a quite painful operation in cryptography with regard to timing attacks. More precisely, in order to derive h we obtain a rational Fq -curve C (and its explicit quite simple proper F-q -parametrization) on the Kummer surface K' associated with the direct product E-a x E'(a), where E'(a) is the quadratic F-q-twist of E-a. Our approach of finding C is based on the fact that every curve E-a has a vertical F-q2-isogeny of degree 2.