Designing cryptography that protects against all the threats seen in deployment can be surprisingly hard to do. This frequently translates into mitigations which offload important security decisions onto practitioners or even end users. The end result is subtle vulnerabilities in our most important cryptographic protocols. This dissertation examines two major areas on designing cryptography for real-world applications that targets security by default: (1) symmetric encryption and (2) key transparency for end-to-end encrypted systems. This work approaches these areas by understanding real-world threats to provide robust, principled defenses with strong assurance against these threats in practice. This dissertation includes introducing a new class of attacks exploiting symmetric encryption in applications, developing new theory to act as guidance in building better schemes, and designing practical cryptographic protocols. This work has seen impact through updates in popular encryption tools and IETF draft standards and through the development of protocols under consideration for deployment.