I see what you mean now. 

I don't understand qhy we don't just use some kind of waterfall HD keys like in bitcoin. 

Master nsec--> derive multiple nsec 

When you see a key with a higher derivation number you consider all previous keys compromised and mark the messages with those keys as compromised.