When I sign a message with a private key, and I get a message signature, how is it that I'm able to - using the corresponding public key - verify that that message/transaction signature must have been produced by the person holding the private key behind the relevant public key?
My understanding is that with private/public key pairs, the point of the technology is that you cannot reverse engineer the private key from the public key. So how is it possible to do that?
Essentially, what is the difference between reverse engineering a private key from a public key, and verifying that someone must have the private key to produce a message signature that corresponds to a public key? How is one possible but not the other?