Or what about auto generating a new npub for the DM, then destroying when DM chat deleted.
1) new npub spun up
2) only each others personal relay (self-hosted, Citrine) is shared with new npub with friend, or immediately be in DM with friend, who also has a new npub [messaging "connected"]
3) "connected" message could be signature from original npub; verifible confirmation it's them
4) chat encrypted and pseudonymously
5) when chat is deleted, auto delete npub and contents on relay (be cool to spin up and destroy relays quickly)