Just to add a little bit of technical detail and history, here’s a brief explanation about how iMessages works (prior to Messages in iCloud being introduced or when Messages in iCloud is off):
User A and User B have 1 or more devices.
Each device registered itself with Apple’s servers when you log into and enable iMessages. Every installation of an OS = a “device”. So if User A has:
1 iPhone
1 iPad
1 Mac with two OSs
they have 4 devices (lets assume they log into iMessages on each of those devices). Each device handshakes with Apple’s servers and is assigned a unique set of encryption keys, so each device has its own encryption key that is private to that device.
Lets say User B has a simpler setup:
1 iPhone
1 Mac.
So two devices. Each of those devices registered with Apple’s servers and is each assigned its own set of encryption keys.
When iMessages are sent, they leave the sender’s device and hit Apple’s servers where they are forwarded to the recipient. The message will live on Apple’s servers until every one of the user’s registered devices acknowledges receipt of the message, or 2 weeks (I think?) has passed, whichever is sooner. When one of those conditions is met, the messages are purged.
Now, because each user’s device has its own set of encryption keys, you cannot just send one message encrypted one way. You have to make as many copies as there are devices, and encrypt each copy once for every device.
So if User A is sending User B a message, the message is actually duplicated, one is encrypted using the keys for User B’s iPhone, and the other is encrypted with the keys for User B’s Mac. BOTH encrypted copies are sent to Apple’s servers and (hopefully) distributed to the appropriate devices.
Likewise, if User B replies, User B’s message is actually copied and individually encrypted 4 times prior to hitting Apple’s servers.
But this device-level setting of keys is why (again, assuming Messages in iCloud is OFF) when you buy a new device and set it up as new, there is no iMessage history. There is no history on a server that can be drawn from, and even if there were, the new device has its own set of encryption keys that couldn’t decrypt messages that were encrypted for the other device.
So devices owned by the same person effectively cannot read messages on that user’s other devices because they all have unique encryption key pairs that aren’t shared between devices. Unless the message had been specifically encrypted for a device, it cannot be read. When a new devices is registered with Apple’s servers, then subsequent messages will be copied an extra time and encrypted with that new set of keys.
If you backed up your iOS devices to iCloud, then your entire iMessage history is stored there in those backups, encrypted on a per-device basis (restoring from an iCloud backup effectively restores onto the device it’s device-level encryption keys, so even if it’s a new physical device, it’s adopting the identity of the previous device, and is one reason why you can’t set up a phone as new but ONLY restore the messages history.
If Messages in iCloud is enabled, then rather than purging messages when all devices acknowledge receipt or 14 days have elapsed, they are stored indefinitely. The encryption system in this instances of course has to be different and these changes are new enough that I don’t actually know how the new system works – I imagine it’s moved to a user-level encryption along the lines of your iCloud and Health data, but basically if Messages in iCloud is enabled then the majority of what I wrote above doesn’t directly apply.