Public-key cryptosystems are based on (presumed) trap-door one-way
functions. The public key gives information about the particular
instance of the function; the private key gives information about the
trap door. Whoever knows the trap door can perform the function easily
in both directions, but anyone lacking the trap door can perform the
function only in the forward direction. The forward direction is used
for encryption and signature verification; the inverse direction is
used for decryption and signature generation.

In almost all public-key systems, the size of the key corresponds to
the size of the inputs to the one-way function; the larger the key, the
greater the difference between the efforts necessary to compute the
function in the forward and inverse directions (for someone lacking the
trap door). For a digital signature to be secure for years, for
example, it is necessary to use a trap-door one-way function with
inputs large enough that someone without the trap door would need many
years to compute the inverse function.

All practical public-key cryptosystems are based on functions that are believed to be one-way, but have not been proven to be so. This means that it is theoretically possible that an algorithm will be discovered that can compute the inverse function easily without a trap door; this development would render any cryptosystem based on that one-way function insecure and useless.