One or more public keys are made public at the point of "spending" funds - this is still no real risk as the private key is never seen (except by yourself) although if any weakness is found with ECDSA (or some future quantum computer is built to discover private keys from public ones) then potentially any remaining funds at that address could be at risk.
It is for this reason that you are advised never to re-use an address.
So if I have 20 Bitcoins at my address and spend 5 of them, I should immediately or ASAP send the remaining 15 to a different address in my wallet?
That depends on how concerned you are that cryptographic functions that have been secure for nearly 30 years and are widely recognized as reliable and trustworthy might suddenly be broken to the extent that someone can quickly calculate a private key if they know the public key.
At the moment, there is no known way to determine a private key if given a public key. As such, your bitcoins are safe at the address they were originally received at, and will continue to be so unless sometime in the future weaknesses are discovered in the ECDSA algorithm.
It is however considered a "best practice" to never re-use a bitcoin address. It is recommended that you generate a brand new address for every transaction. In this way, you will never have any bitcoins stored at an address that has had it's public key revealed.
The way bitcoin works, a transaction has to either not spend or completely spend any previous transaction received.
So, if you receive two separate transactions at one address, one for 3 BTC and the other for 7 BTC, and you then create a transaction to send 1 BTC somewhere, the transaction will either:
- spend all 10 BTC in a transaction, sending 1 BTC to the intended address, and sending 9 BTC back to an address in your wallet as "change"
- spend the 3 BTC in a transaction, sending 1 BTC to the intended address, sending 2 BTC back to an address in your wallet as "change", and leaving the 7 BTC alone at the address where it was initially received
- spend the 7 BTC in a transaction, sending 1 BTC to the intended address, sending 6 BTC back to an address in your wallet as "change", and leaving the 3 BTC alone at the address where it was initially received
Note that in two of those scenarios there is value still associated with the address where the bitcoins were initially received, and the public key will be known since it was used to spend the other transaction that was sent to the same address.
On the other hand, if you receive those two separate transactions at two different addresses, then the unspent transaction will be at a different address than the one being spent. Therefore, the public key associated with that unspent transaction won't have been made public.
You'll have to decide for yourself if the small amount of added security is worth the hassle of using a new address for every transaction.[/list]
