I'd prefer sticking with curve25519 for messages.
The public keys are already in the protocol, so you don't need to transamit new ones, it's save, it's easy because you have all the dependencies already there, and it fits the problem perfectly...
I'd like to remind that each session should use a unique key-pair to avoid known-plaintext attacks.
This is not trival task, sending a public key every time over the network for every message should be enough protected against MITM + protection against PRIVACY LOOKUP ANALYSIS (PROFILING) + many other things.