for 4th point I think the User registration you can do via NFTs simply and use those to verify user authentication in the main smart contract.
for 5th add something utilising those nft tokens that users can participate in something

can you do it without using nfts?

like using a simple token maybe?

yeah , nfts are also tokens

so depends on the contract you make ultimately

Like alternatively it can just be a string or num or hash based identifier for reg's like insta ids or anything you like , instead of nfts replace with a mapping of struct with address, and userset id vars ...when registering user it just save the data to the mappings , then add a getter to check if user registered. then Implement other points needed accordingly

do you know how to implement the public key encryption?

I think it says that you can't do public key encryption in the contract itself

there is no need for pubKey encryption methods on this simple implementation , it can be a simple address=>string mapping for user registration part , or address => struct and struct {string id , string email , uint regNonce } etc

The paper says to use pub key

For data privacy, etc

what exactly do you mean, I mean how do you envision it to work

Idk what the paper is trying to say. But i think its saying to encrypt the data so that others can't access it in any way

Blockchain data is accessible anyways... but you can make the variables internal and getter funtions restricted

It is just a database afterall, will depend how you setup the data..
for eg to make it inaccessible but still be usable you'll need the help of zk circuits