How do KDFs work, and what existing implementations exist?

TLDR/End goal

I want to encrypt a tree of data/files so that anyone with the master key K can decrypt everything, key K-1 can encrypt and decrypt anything encrypted with K-1-*, and so on. However, K-2* must not be able to decrypt any of K-1*.

First ideas/initial research

To be quite frank the only way I can think of achieving this is have each key be a public-secret pair and have each child create their own keys, with the child encrypting the secret with the parent's public key

How about this? Generate (method is not important) a secure masterkey K. Use some strong hash function or KDF (lets call that function F) to generate next keys:
K-1 = F(K), K-2 = F(K-1), K-n = F(K-n-1)... and so on.

Now everyone who knows key K-x can derive all child keys just by using function F, but to find the parent key, he would have to invert that strong hash function F, which is impossible.

So, everyone needs to remember only one key.

You can use a data key and store or derive that twice given additional meta-information.

It is hard - if not impossible, at least not without a trusted third party - to do with symmetric cryptography as the parties can not have access to key $K$ for the scheme to work.

With a public scheme it is relatively easy. Encrypt a random data key with your own public or symmetric secret key and also encrypt that data key with the public key of a master key pair. Now you just have to stored two wrapped or encapsulated keys with the ciphertext. To decrypt the parties can unwrap the the data key and then continue to decrypt.

For this to work there is one important pre-condition: the party performing the encryption should trust the public key of the master key pair. There are several ways of accomplishing this but quite often it involves certificates / PKI, e.g. using X.509 certificates or PGP "public keys" (these are actually certificates as well).