P = p·Gtaproot internal public keyp = a·btaproot internal private key
Alice and Bob reveal each other their pubkey for the session, and then both can generate the same address.
A = a·GAlice (buyer of UTXO)B = b·GBob (seller of UTXO)P = A·b = a·BDH key exchange
Bob can use hardened derivation to generate a one-time use private-public keypair for each session.
An LN invoice is created by Bob with b used as secret and H(b) as the hash lock. Alice upon paying the invoice learns the internal taproot private key and can spend unilaterally.
There is no way to prove the relationship between B = b·G and H(b), but that is why you have the HTLC as a fallback.
On the happy path if Bob is playing honestly Alice can spend without revealing this was a swap. It just looks like a taproot keyspend. if not, then it falls back to an HTLC on script path.