Since the public key is used to encrypt the message and the private key is used to decrypt the message, then how is it possible for the private key and the public key to be compatible with each other? How can a green key unlock a red-locked door?
This is my way of thinking:
Hello is encrypted by the public key, becomes %/))=. The private key then decrypts the message. But since the keys are different, the resulting message may become different from what has been sent - &#(($, for example.
Of course, I know the encryption/decryption algorithm used in real life is different, but the question is comprehensible. How are the keys made such that one can only encrypt, and the other can only decrypt, while both having enough information so that they are compatible with each other? Is it the algorithm that handles this?
Public-key cryptography was first described by W. Diffie and M. Hellman in their groundbreaking paper "New Directions in Cryptography" (1976), in which they suggested that such system would be based on a trapdoor function. Such hypothetical function would be easy to calculate, but computing the inverse of it efficiently would require extra information, which would be the private key. (The paper is quite short and is worth reading in its entirety, rarely an 11-page paper contributes this much to its field.)
As mentioned in the other answer, one example of such function can be based on integer factorization problem: it's easy to multiply two primes, but there's no efficient (classical) algorithm to find the factorization of the product. Later, Rivest, Shamir and Adleman invented the first public-key algorithm based on that assumption (which is not proven, though quite plausible).
In short, you can take a pair of (e, N) to be a public key, where
e is small prime number (quite often 65537)N is a product of two very large different primes p and q, such that gcd(e, φ(N))=1, where φ(N) = (p-1)*(q-1).Then you can find d, such that:
cipher = plaintext ^ e mod N
plaintext = cipher ^ d mod N
This d is the private key. The trick here is that in order to find such d, it's necessary to know the factorization of N, i.e. p and q. (As @kelalaka pointed out in the comments and his post, the factorization may be not necessary to recover the plain text without a key, but nobody has found a way around it yet, so this is yet another assumption.) You can read more details in the RSA link above.