Question
Design an end-to-end encrypted messaging system for 200M users supporting 1:1 and large group chats, multi-device per user, offline delivery, and the property that the server can never read message content. Requirements: forward secrecy and post-compromise security (a stolen key shouldn't expose past or all future messages), asynchronous delivery (recipient offline), and message history sync to a new device. Threat model: a fully-compromised/malicious server, a stolen device, and a man-in-the-middle on key exchange. Cover the key-exchange/ratchet, group messaging, multi-device, and history sync.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.