Secure permutation of $E(\mathbb{F}_q)$ as a set for an elliptic curve $E$ over a finite field $\mathbb{F}_q$

Let $E$ be an elliptic curve over a finite field $\mathbb{F}_q$. For simplicity, let the group $E(\mathbb{F}_q)$ be of prime order.

Assume that I know how to construct an efficiently computable permutation of $E(\mathbb{F}_q)$ as a set, that is, just a bijective map $\phi: E(\mathbb{F}_q) \to E(\mathbb{F}_q)$ rather than a group homomorphism. Moreover, $\phi$ satisfies the property that for every non-zero point $P \in E(\mathbb{F}_q)$ nobody knows the discrete logarithm $\log_{\phi(P)}(P)$. Finally, $\phi$ is supposed to be different from the translation map $P \mapsto P + P_0$ with respect to a fixed point $P_0 \in E(\mathbb{F}_q)$.

I encounter the given primitive in CryptoNote white paper (page 17) and in Monero documentation in their signature deployed on the curve Ed25519.

Do you know other cryptographic protocols in which the permutation $\phi$ is used ? What other properties must $\phi$ have to be secure ? Is there a technology, which applies $\phi$ on an elliptic curve of $j$-invariant $0$ ?

Thank you in advance for an answer!