We've considered two routes:

* giving a conversation key to the client; so clients receive the private key needed to decode on a per-conversation basis

* making nip-46 signers act as proxies, so that the client directly receives the decrypted payloads