Suppose Alice publishes a book with a public key in it, and later wants to prove that she wrote the book. She could sign challenge messages with her private key, and others could verify those signed messages. Alice is proving she knows a private key without revealing anything about it.
Is this an example of an interactive zero knowledge proof?
Or does this example somehow not apply to zero knowledge proofs?
This is not zero knowledge. In particular, you give away information in the form of signatures on challenges. This is something that the verifier doesn't have and so it is something that is "learned".
This can be meaningful for two reasons. Let's say that I want to prove to YOU that I wrote the book, but I don't want you to be able to convince anyone else that you interacted with the person who wrote the book. With this protocol, it's possible to prove that you interacted with the book author, but this isn't possible with real ZK. Another issue is that the challenge may actually be generated maliciously so that it provides a meaningful signature.
Your digital signature method is not zero knowledge because Alice just revealed that she knows the private key. Even if she didn't reveal what the private key is.
A common explanation of zero knowledge is the story of the Ali Baba cave. The paper goes in depth, starting in the "Jealous Reporter" section, to highlight that not only is the secret hidden, but also the knowledge that someone could have the secret is also hidden.
Responding to @pg1989, this has a practical implication. If you know a valuable secret like the key to unlock 100 BTC, you don't want anyone to know you have that key. If people find out, then a malicious actor may put you in a hostage / ransom situation to force you to reveal the key.
I dare disagreeing with the approved answer.
Semantics makes the question difficult to answer.
Cryptographic signatures are absolutely forms of zk-proofs.
Why?
Because by providing a signature, the signer reveals absolutely nothing, not a pico part of clue, of what it knows. Yet absolutely proved, without a pico chance of error, that he knows.
Granted the scheme is secure. But it is implied in the question. Plus, zk-proof systens could as easily have flaws that reveal what is known if exploited, so the "private key could be reconstructed by other parties" argument is moot. And granted that we accept all messsages can only be of the size and format of a private key. And granted we assume that such constraints giving away the size of the secret doesn't qualify as giving away information about the message. That is all messages shared using the system are always ever and forever of the same length.
Cryptographic signing is however an incomplete and unwise illustration of zk proof. Serves different purpose. Designed to guarantee entirely different properties.
Are cars forms of trains? Yes they are. Because they can be. If they can fit on rails they would accomplish about the same thing. They are a sort of train, and poor at that. But they aren't trains.
