The tweak idea is interesting, but is there a way to identify whether pubkeys are related to the same root key without fetching a bunch of events from the network? It seems to me that a requirement of a key rotation system is going to be validation of keys without additional network requests (and checking invalidation, but that's actually impossible to do without extra data).