Perhaps the most obvious difference between private-key and public-key encryption is that the former assumes complete secrecy of all cryptographic keys，whereas the latter requires secrecy for only the private key.Although this may seem like a minor distinction，the ramifications are huge：in the private-key setting the communicating parties must somehow be able to share the （ ） key without allowing any third party to learn it，whereas in the public-key setting the （ ） key can be sent from one party to the other over a public channel without compromising security.For parties shouting across a room or，more realistically，communicating over a public network like a phone line or the Internet，public-key encryption is the only option.

Another important distinction is that private-key encryption schemes use the （ ） key for both encryption and decryption，whereas public-key encryption schemes use （ ） keys for each operation.That is，public-key encryption is inherently asymmetric.This asymmetry in the public-key setting means that the roles of sender and receiver are not interchangeable as they are in the private-key setting；a single key-pair allows communication in one direction only.(Bidirectional communication can be achieved in a number of ways；the point is that a single invocation of a public-key encryption scheme forces a distinction between one user who acts as a receiver and other users who act as senders.)In addition，a single instance of a （ ） encryption scheme enables multiple senders to communicate privately with a single receiver，in contrast to the private-key case where a secret key shared between two parties enables private communication only between those two parties.