This paper addresses the foundational challenge of establishing provable security for public-key quantum fire—a cryptographic primitive resistant to quantum cloning—under the classical oracle model. It further introduces quantum key-fire, a stronger notion wherein cloned states securely realize key functionalities. Method: Leveraging the group-action assumption and post-quantum one-way functions, the construction integrates quantum information theory with rigorous security reductions to achieve unconditional security proofs in the classical oracle model. Contributions: (1) The first efficient public-key quantum fire scheme that is cloneable yet classically non-extractable; (2) The first cryptographically sound quantum key-fire paradigm; (3) A bounded-leakage-resilient public-key encryption scheme based on cloneable keys, achieving unbounded leakage resilience; (4) The first separation in the classical oracle model between quantum no-cloning and no-telegraphing principles—two fundamental quantum information-theoretic constraints.

Quantum fire was recently formalized by Bostanci, Nehoran and Zhandry (STOC 25). This notion considers a distribution of quantum states that can be efficiently cloned, but cannot be converted into a classical string. Previously, work of Nehoran and Zhandry (ITCS 24) showed how to construct quantum fire relative to an inefficient unitary oracle. Later, the work of Bostanci, Nehoran, Zhandry gave a candidate construction based on group action assumptions, and proved the correctness of their scheme; however, even in the classical oracle model they only conjectured the security, and no security proof was given. In this work, we give the first construction of public-key quantum fire relative to a classical oracle, and prove its security unconditionally. This gives the first classical oracle seperation between the two fundamental principles of quantum mechanics that are equivalent in the information-theoretic setting: no-cloning and no-telegraphing. Going further, we introduce a stronger notion called quantum key-fire where the clonable fire states can be used to run a functionality (such as a signing or decryption key), and prove a secure construction relative to a classical oracle. As an application of this notion, we get the first public-key encryption scheme whose secret key is clonable but satisfies unbounded leakage-resilience (Cakan, Goyal, Liu-Zhang, Ribeiro [TCC 24]), relative to a classical oracle. Unbounded leakage-resilience is closely related to, and can be seen as a generalization of the notion of no-telegraphing. For all of our constructions, the oracles can be made efficient (i.e. polynomial time), assuming the existence of post-quantum one-way functions.