Dude. Get your asymmetric encryption algebra correct before you post.
Example for you: Alice encrypts, Bob decrypts
[ENCRYPT BY ALICE]::= Alice ENCRYPTS using BOB's PUBLIC key
[DECRYPT BY BOB]::= Bob DECRYPTS using BOB's PRIVATE key
Got it? To encrypt, Alice never uses any of her keys. And Bob needs his private key to decrypt.
There is no need for a "private key for each user to be held by a company" at all.
In this scheme, REGARDLESS OF SIGNIFICANT HUMAN FLAWS, "Alice is your device, and Bob is Apple":
- Your device ENCRYPTS your PIN using Apple's own PUBLIC encrypting key at the Secure Enclave, where your PIN is stored.
- At the vault, Apple DECRYPTS the PIN using Apple's own uber-guarded, PRIVATE decrypting key.
- As extra credit, to determine validity of the PIN, your device might sign the encrypted PIN with the device's PRIVATE signing key (stored securely in the Secure Enclave, for each device). For this extra credit validation, Apple also receives at the vault the device's PUBLIC signing key.
Yes, there are flaws -- all human. But educate yourself before you shout "fire!" with conviction.