Yeah, pretty clear picture explaining U2F authentication  with relatively small errors which fail to take account of the fact that   public key goes to server's database  at the first add of the dongle to user's account. Then it is stored in database forever.

There are also differing views on who  generates "nonce" - the server or U2F dongle when registering at service. I have read somewhere that when it comes to  Google it is his responsibility to generate that random number (nonce) that triggers private-public keys creation inside U2F stick. At the same time some services say  that nonce is generated by U2F dongle. But I think it doesn't matter and arguably depends on the service.

BTW, Google has the option to add two U2F keys to  your account.