Is it possible to have a Hierarchical Deterministic KD for ECC with child key leak not impacting parent key?

From what I understand, in BIP 32, the knowledge of the parent public key and the child private key provides the parent private key, in a non-hardened path. Indeed, it's only a matter of substracting the part provides by the current path from the child's key to get back the parent's key.

I have an application in which I would like:

• the people to be able to derive the public key of a given ID ("child public key"), based on a parent public key
• not revealing the parent private key if a child private key is known

For instance, I would like to generate a key pair for "John Doe" with the path ROOT_ORG / ORG1 / JohnDoe and give it to him; and have externals people able to generate the corresponding public key from the public key of ROOT_ORG or ROOT_ORG / ORG1.

I'm using the Curve25519, but I'm interested in the general ECC case.

From what I understand, I'm looking to a $f$ and $g$ function such that:

• $f(kG, input) = k'G$ (public key derivation)
• $h(k, input) = k'$ (private key derivation)
• $k' \not\rightarrow k$ (hiding: knowing $k'$ do not reveal $k$)

Does such a scheme exists?