Private keys don't verify that an NFT was authorized by the owners of the painting. You're still relying on real-world trust and claims that the NFT you're buying was the "real" NFT.
If the owners of the Banksy came out a few days later and claimed that someone else sold a fake Banksy NFT, but they're now going to sell the real NFT, the private keys won't help.
I am not sure why I got down votes here. If you are buying a NFT for an artwork that is not confirmed to have been created by the author of that artwork then surely you are just stupid?
Only Banksy can mint an NFT for his artwork for it to be of ANY value. The same way that only Banksy can create Banksy art.
Public-private key encryption is how you verify that something was signed by the original author.
It's the same problem that always comes into play for crypto: either people have to accept the crypto as currency (which almost no institution that must buy things and pay taxes can do; the IRS doesn't accept bitcoin...) or there have to be gatekeepers to interact with the blockchain.
This can either be a crypto exchange (regulated on conversion to fiat, lest they get shut down by some SEC thing) or on those "vote on the blockchain" or "verified supply chain on the blockchain" things: eventually some non-blockchain entity has to be trusted enough to set state on the blockchain (e.g. "party A did indeed fulfill the contract to party B. please fulfill this smart contract", or "your food ingredient was prepared in accordance to your green/bio label's requirements").
If the owners of the Banksy came out a few days later and claimed that someone else sold a fake Banksy NFT, but they're now going to sell the real NFT, the private keys won't help.