Comment by jstanley
They're not my arbitrary requirements, see https://en.wikipedia.org/wiki/Zero-knowledge_proof
Specifically:
> In light of the fact that one should be able to generate a proof of some statement only when in possession of certain secret information connected to the statement, the verifier, even after having become convinced of the statement's truth by means of a zero-knowledge proof, should nonetheless remain unable to prove the statement to further third parties.
I’m not sure that requirement is violated here; the interactive nature of a challenge-response protocol is required to prove that someone knows the private key. Without an interactive process, the prover could have just found the signatures lying around somewhere and reused them without knowing the private key at all. This means that the verifier would not be able to prove anything beyond “the private key X signed these messages”.