Then, why storing public keys in the blockchain is needed if they can be safely skipped and calculated from signature and address?
It requires a couple bits of auxiliary data to do this, it slows down validation (by about 20%), it's incompatible with batch validation (ECDSA itself is too, but if you were going to add aux data you could batch validate and get a 2x speedup instead of a 20% slowdown), and there is a patent claim on the technique.
It also only saves 12 bytes compared to just using the public key, and that 12 byte savings comes from using a 160-bit hash instead of a 256-bit hash which reduces security to only 80-bits in cases where collision attacks matter (e.g. when multiple parties collaborate to generate a key). If you use a 256-bit address hash to preserve ~128-bit security then there is no space savings at all vs using the public key directly.
I asked a similar question in the past, and got a similar response from gmaxwell. I've been searching for that response for 3 days so that I could link to it. Looks like now I won't have to.