This is basically an optimisation — asymmetric encryption is more resource-intensive. But for relatively short, fire-and-forget type messages (e.g. GPG-encrypted email), encrypting directly with the public key is fairly common.
The mention of GPG-encrypted email in my above comment is actually wrong: even GPG generates a symmetric key, encrypts that with the public key of each recipient, and encrypts the actual message content with the symmetric key.
As well as improving performance, it makes it possible for each recipient that a message was encrypted to, to be sure that the other recipients received the same message.
I'm not a crypto geek, but that isn't my understanding. I think that the challenge is key distribution. The balloon will have been loaded with a database of keys. Perhaps they will have relatively few keys and will just rotate them, or even just use one key per mission. Better would be one key to be used for each message, or one to be used for each hour of the mission - but each key that is used will be discarded/deleted properly in the hardware of the balloon so that even if the USA gets the hardware they won't be able to find the keys for old messages.
Using the keys to encrypt/decrypt is easy - no more computationally intensive than using RSA keys for sure. If you don't have the key and the scheme is vaguely sensible.... and the keys are generated in a secure way then I really really doubt that they are at all crackable. The encrypt/decrypt scheme is more or less arbitrary (just a sequence of transforms using the message and the key known to each side), the keys are vast random strings.
In civi life the challenge is distribution. Keys are literally carried from place to place in briefcases to enable high speed super secure exchanges of information, but the bag carriers can be paid off and threatened, the folks at each end of the exchange can be paid off and threatened. If the GRU, CIA, Mossad want to have these keys you will really have to spend big to stop them. If you are the Chinese military you have guns and the death penalty to prevent the CIA from getting your keys.
There is a lot of interest in Quantum Key Distribution where it's possible to tell if the "bag" (a sequence of photons) has been "opened" (read) due to quantum effects (you can tell if it's been measured I think - but my physics is shaky here). This has the advantage of being very very fast and cheap per message - but a special infrastructure is required to do the transmission, which is not cheap. I am out of touch with this now but I think that you need a dedicated loop of fiber and special repeaters at 50km intervals. Most problematic is that the compromise vulnerabilities are still there. If the GRU/MI6/Mossad can interfere with with the folks putting the keys onto the system, or reading them off the system then they still have your keys.
> I'm not a crypto geek, but that isn't my understanding. I think that the challenge is key distribution. The balloon will have been loaded with a database of keys. Perhaps they will have relatively few keys and will just rotate them, or even just use one key per mission. Better would be one key to be used for each message, or one to be used for each hour of the mission - but each key that is used will be discarded/deleted properly in the hardware of the balloon so that even if the USA gets the hardware they won't be able to find the keys for old messages.
If asymmetric encryption is used, it doesn't matter much in this context if the USA gets the keys; they can only use them to encrypt new messages, not to decrypt old messages. This applies whether the keys are used directly to encrypt messages, or if the keys are used to encrypt ephemeral symmetric keys that are themselves used to encrypt messages and then discarded.
Although I think getting the keys and understanding the schemes would be interesting and damaging for China - I think they would (at the least) have to review their approaches to be sure that no useful insight had been leaked.
