-Every peer is represented as a byte string (the client id) (it is the hash (SHA-256 ?) of the public key of the peer). (if you want to add someone you need that id (either ask that person directly or maybe through some kind of search engine?))
-Use something torrent DHT style so that peers can find the ip of the other peers when they have their id.
-Once the client has the ip of that peer they start initiating a secure connection with each other.(asymmetric encryption(RSA?) is used to encrypt the session keys for the symmetric(AES?) encryption so that they are exchanged securely)
(We can't use public key encryption for everything it's too fucking slow) man in the middle attacks are avoided because the id is the hash of the public key (the client can be sure it's legit.)
-When both peers are securely connected with AES they can securely exchange messages, initiate a video chat, send files, etc...
-Your client stores the id of the peers along with their public keys used to initiate the connection (this is your contacts list)