[Nursie]

> First of all, we are talking about on-device decryption, so there is no difference in terms of security whether people extract a symmetric secret key or an asymmetric secret key.

Sure, but we might (potentially) be interested in the encryption part later on too, and having a symmetric key will make that easier (though of course it won't get you past any signature checks.

I've never come across those more exotic protocols, but I'm familiar with symmetric kex under public/private encryption.