Public / Private key encryption requires that the private key is never revealed - the owner must keep it secret.
Message and transaction signing is done with the private key and verified with the associated public key. So the private key is never revealed to the blockchain. Note that public key here refers to the the full ECC public key, and not a Bitcoin address - which is a hashed and transformed representation of the public key. The public key can only be derived from a Bitcoin address if the SHA256 and ripeMD-160 hashing algorithms are ever broken. This question explores the challenge.
To answer your question: Yes, each new signature produced by a private key may bring an attacker, who already knows the associated public key, closer to discovering the private key.
Comments to this answer have informed an updated position:
Although there is no provable security for ECDSA, it is commonly assumed that, even with knowledge of multiple signatures produced by a particular key, an attacker will not have improved odds at deriving the associated private key or forging its signature.
It is an almost impossible task to discover a Bitcoin private key from its public key. An answer to this question illustrates the challenge mathematically.
Some people advise an attitude of "better safe than sorry" - that public keys should not be revealed, where possible. Yet, caution should not discourage practical utility - as pointed out in the comments below.
Best practice, as you say, is to frequently change keys and to preferably use a new address for every receive transaction. If you want someone to be able to verify a signature they will, of course, need your public key.
As far as I'm aware, the only Bitcoin transaction type that reveals public keys is Pay-To-Public-Key-Hash (P2PKH) which contains the full public key in its script.
Thank you for your answer. I guess I will pass up on that Stellar Lumens giveaway that requires signing message. Better be safe than sorry. – Dorky – 2017-06-24T05:08:07.880
1I think "better safe than sorry" here is misleading. Attacks based on knowing the public key are purely theoretical and I know of no reason to think they will become practical in the foreseeable future. Yes, you might as well avoid revealing the public key if there is no reason to do so. But if, as in your case, there is something to be gained by doing it, then that probably outweighs the negligible risks. – Nate Eldredge – 2017-06-24T15:08:45.783
1While ECDSA does not technically have a security proof, it is commonly assumed that an attacker is allowed to see an arbitrarily large number of signatures with a certain key, on messages he chooses, and would still be unable to derive the private key or otherwise forge a signature. I believe this answer is incorrect for that reason. – Pieter Wuille – 2017-06-24T18:37:42.730
answer updated with respect to comments by Nate Eldredge and @PieterWuille . – venzen – 2017-06-25T05:50:59.903
Indeed an attack is almost impossible to hack for the private key after an address is used in a transaction, theoretically speaking. Just as theoretically speaking it's impossible to have collision but the Large Bitcoin Collider project has so far collided more than 50 addresses. So much for being theoretical that doesn't work in practice. So why are people recommending to use a new address with every new transaction if the hack is impossible? To suggest using new address with every new transaction while saying its impossible to hack the private key sounds very much self-contradicting. – Dorky – 2017-06-25T06:12:02.617
LBC only found keys that were generated with broken random number generators. The reason to not reuse addresses is privacy first and foremost. In the unlikely event of an EC crypto break, it may offer some extra protection as long as miners don't have access to a means of breaking EC. – Pieter Wuille – 2017-06-25T16:26:59.733