Here, we are in a different world.
Before, it was possible to achieve any desired level of security merely by piling complication on top of complication.
Here, we are dealing with techniques that will not work at all for their intended purpose unless left in their pristine simplicity.
The only way to increase security is to use larger-sized numbers as keys. And all the security depends on the difficulty of a specific mathematical problem.
On top of that, these techniques seem only to offer a method of doing something that is useless and dangerous. They let you encrypt a document, so that its secrets are protected, which you are able now to send...to a complete stranger. Why else couldn't you have exchanged a secret key?
It is mainly the slowness of these techniques, and not any security considerations, that lead to them only being used when they are necessary. But there seem to be good security reasons to only use public-key methods when all else fails as well.
There are important benefits to public-key cryptography, however.
In the next chapter, it will be noted that in a military environment, if the various parties that will be communicating with each other are issued "black boxes" that generate public and secret key pairs, but only divulge the public keys, keeping the secret keys for internal use, then there are no keys available to betray. Thus, PKC has strengths that complement those of other forms of encryption and other security measures (such as tamper-resistant hardware). This will be discussed further in the section entitled Military Key Management.
A commonly cited advantage of public-key cryptography is that, with N users, only N keys are required for any pair of these users to communicate privately, while N(N-1)/2 keys (of the order of N^2) are required without public-key cryptography.
This does point to a real advantage of public-key cryptography, but the statement as commonly encountered needs some amplification to make this clear.
If N people are actively communicating with each other, each one needs to keep on file the keys of the other N-1 people. This is true whether they are agreed-upon secret keys, or public keys. But without the use of public-key methods, each person needs to have keys for communicating with everyone else at the start. With public-key methods, if each site simply has its own key, plus a certificate with which to demonstrate the authenticity of its public key, any two sites can later begin secure communications. If one site acts as a key server, even using conventional secret key methods, each site would only need initially a secret key to communicate with the key server; however, in that case, any two sites not having previously communicated would be dependent on the availability of the server to establish secure communications. It is in this that the advantage of having fewer keys to contend with actually consists.
Note, therefore, that no significant practical disadvantage is incurred if two sites, after establishing communications by public-key methods, generate a conventional key to be used in all future communications, since, unless maintaining a key ring is entirely avoided, and each site obtains the other site's public key for every transmission, a list of sites with their keys is already being maintained. Maintaining such a secret key, in addition to one's own private key, does pose a slight additional security risk, as its compromise allows both, rather than one, side of communications between oneself and other parties to be read.
In principle, the information needed to encrypt something in a public-key system is equivalent to the information needed to decrypt it. Only the relative intractability of the mathematical problem that separates the private key from the public key makes a public-key method secure.
This created understandable nervousness on the part of the British authorities, who feared that a "magic screw" could be uncovered which, once turned, would cause the whole system to fall apart, or, in other words, would vitiate the security of their communications if they were to base them upon a public key method. Also, in the time between the original discovery of those methods and their open discovery, while the microprocessor revolution was in its early stages, the computing equipment required for handling large-number arithmetic would still have been bulky and expensive.