Does perfect forward secrecy work with group chats or chat history?

I think you mean Perfect forward secrecy, which WhatsApp does support in its end-to-end encryption. PFS is difficult for chat apps, because of the uncertainty in the connection, and is the reason many chat apps just ignore it.

In normal PFS (like TLS or SSH) an ongoing connection is established and the keys are recalculated every so many bytes or minutes. Chat apps cannot acknowledge a message (or any data) was received. In fact, the other end of the channel may never have sent any data your way, or was just offline the whole time. In any case, you as the sender should be able to secure the messages that you sent, regardless of the other end.

To overcome this entire problem protocols such as OTR en Axolotl use prekeys. These prekeys are pre-calculated Diffie-Hellman (or EC like Curve25519) keys. It is common to calculate a few hundred keys in advance. All of the public keys from these pre-calculated keypairs are send to the relay (chat) server, and advertised together with your public identity key (the public identity key is really your 'name' towards others). Now that the public prekeys are on the relay server, anyone who want to send you a message can just pick one of your prekeys and calculate the shared secret.

The message is then encrypted and authenticated using the shared secret and send to the receiver together with the prekey id. Once the receiver pulls the message from server, it can decrypt the message with the corresponding private prekey. A new prekeypair is generated and send to the server to take its place. This system goes on forever.

Both sender and receiver have to keep track of all their prekeys still in use. This entire algorithm is known as the Double Ratchet.

Apps using Axolotl:

  • WhatsApp
  • Google Allo
  • Facebook Messenger
  • Signal
  • Viber (claimed)

Update

The protocol is self healing because every message is encrypted with another key. This key is no longer known when the message is decrypted, and the message itself is stored in the local app database. Here comes the trick: the messages are not chained in order, so at best one prekey (one message) is compromised. This has no effect on the other messages. Every message is encrypted with another key (Perfect secrecy). The messages itself do not depend on each other and thus an attack on the last message does not give the attacker control over future communication (Future secrecy). Note: The protocol has some disadvantages as well, like messages orders, or lost messages.

Update 2: Group chat

From the protocol point of view, there is no such thing as a 'group chat'. It is just the same message send multiple times to people, like emails can be send to multiple recipients as well. Each of these messages is encrypted with the receiver's prekey. For example, if the group contains a total of 4 people, including you, then the same message is send 3 times (technically only send once, containing 3 messages) to each of the group members. Therefore it is required that each message is signed and encrypted with the shared secret between you and the receiver. Note: The latest version of the TextSecure protocol can optimize this process somewhat by encrypting the message once, and sign it multiple times. There is a proposal to introduce temporary group keys for larger groups. To my knowledge this has not made its way into WhatsApp yet.

If a new user joins the chat, there is no history for that user since chat messages are kept on the local device (obviously). See this as an advantage, every user of the group is responsible for keeping the messages private. A synchronisation solution will; 1) increase the attack surface, 2) increase complexity of the cryptosystem and 3) move ownership of messages around.