Alice wants to send Bob a confidential message. The only channel available to her is insecure. She wants to protect the message by encrypting it using a key.

The **key distribution problem** arises when Bob does not
have the key necessary to decrypt the message. How does Alice
ensure Bob, and nobody else, gets the key, when the only channel
available is insecure?

PublicKeyEncryption solves this problem: The PublicKey can be distributed via an insecure channel. Another problem arises, however: How do you make sure that the PublicKey you receive actually belongs to the person it claims to belong to? See PublicKeyInfrastructure for possible ways of dealing with this.

- With Diffie-Hellman, you're not dealing with the advantages of the public key, but instead following the advantages of reversable cryptography. The canonical explanation of Diffie-Hellman is this: Alice is on one island, Bob's on the other, and Eve's Pirate Ship and Delivery Service serves to transfer stuff in boxes between them. But Eve will take everything unlocked. How could Alice get some gold to Bob? Alice locks her box with the gold inside, sends it to Bob. Bob places another lock on the box, and sends it back to Alice. Alice removes her lock and sends it back, leaving only Bob's lock on it. Finally, Bob removes his lock to retrieve the gold.

- Alice needs no key from Bob, and Bob needs no key from Alice. The thing is, just as you need a box with a locking mechanism big enough to hold 2 padlocks for this to work in the physical world, you need an encryptiion scheme that allows Alice to encrypt, Bob to encrypt, then Alice to decrypt, then have something other than digital mush for Bob to decrypt. Standard symmetric cyphers do not allow that. If there was one that did, you wouldn't need PKI. As is, RSA does this. I think El Gamal does this. You cannot really prove, from the above model, that Eve didn't just take her boat to True Value and get her own padlock, and bring the box back to Alice claiming it went to Bob. This brings issues of the Public Key, into HierarchicalTrust and WebOfTrust and all that, but in the original solution of the KeyDistributionProblem?, the Diffie-Hellman solution, it isn't the public key nature of PublicKeyCryptography that solves it.

And it should be noted that the KeyDistribution is actually the distribution of symmetric keys. While it is good and important to have PublicKeyCryptography, SymmetricKeyCryptography? is 1000x faster, so if you want to have a secure shell communication, a secure file transfer, a secure media stream, or whatever, SymmetricKeyCryptography? is better. --DaveJacoby

In practice people use Public Key Cryptology to exchange the keys needed for Symmetric Key Cryptography. Eg PGP does this. The content of a PGP message is encyphered with a symmetric algorithm, using a random password. This password is then encyphered with a public key and included with the message. When the password is smaller than the content, this is faster than using an asymmetric algorithm on the whole thing. (It creates some potential weaknesses, though.) -- DaveHarris