Submarine swaps are not a new idea, but I've been thinking:

Considering that the biggest problem with on-chain privacy is change addresses (they are the biggest element of clustering analysis), how about:

Service S offers to do a swap any time you make a payment: you give them your change in the payment transaction and they swap it out to you via Lightning.

P payer, S service provider, merchant M.

P gets receiving address for payment from M, and change pubkey C and hash H from S.

S sets up route to pay P using H's preimage.

P pays out the change to address which is HTLC((H,C) or to-self with delay). The usual.

While it won't be applicable in all circumstances (e.g. very large change output), it'd be really cool for a high powered LN+onchain wallet to have this seamlessly built in, minimising onchain tracing and also for rebalancing perhaps.

But, let's be a bit more ambitious 😉

Remember the model of the old greenaddress wallet: 2 of 2 or 2 of 3 between user and wallet service normally, with a fallback key for the user after a long time as a get-out clause, so that it's still trustless. As long as you accept a "wallet service" being involved at all, this is a very cool and high security model to use.

Now, imagine it uses taproot and imagine it also has LN built in. You can get the same as the traditional submarine swap, but more private and powerful: S gives an adaptor on their co-sign of your spend out to (merchant destination address, change address owned by S), such that when you give your sig and they co-sign the 2 of 2, you get the preimage for your LN payment. Same effect but no on-chain HTLC footprint. (note: this *only* works when spending a multisig).