Perhaps they're doing multi-recipient encryption, ie. the data is wrapped with one key, and that private key is then encrypted with the public key of each recipient, so everyone ends up using the same private key to decrypt the file data itself. This means the actual file data isn't sent 20+ times (although the data is indeed stored in everyone's Messages backups separately; if Apple is doing de-dupe based on file data+filename, they're probably benefiting from deduping group message images).