Unable to decrypt old message with cross device verification

[B4dM4n]

Steps to reproduce

1. Have one verified session (latest Element Android/Web/Desktop tested) open
2. Sign in a new session on another device/browser session
3. Select "verify with another device" to verify the session
4. Use the client from 1. with either QR-Code or Emoji verification

Outcome

What did you expect?

Old messages in encrypted rooms, which are already decrypted on client 1., can be derypted and read on the new session

What happened instead?

All messages show Unable to decrypt: The sender's device has not sent us the keys for this message.

Workaround

Using the security key to verify the new session allows to decrypt all messages

Operating system

NixOS

Browser information

Chromium 105.0.5195.125

URL for webapp

app.element.io

Application version

1.11.8

Homeserver

Synapse v1.68.0

Will you send logs?

Yes

[cxr6548]

I'm also running to this issue on my Dendrite 0.10.1 homeserver. Only on user is affected and they are running element on android.

When viewing source: Decrypted

{
  "type": "m.room.message",
  "content": {
    "msgtype": "m.bad.encrypted",
    "body": "** Unable to decrypt: The secure channel with the sender was corrupted. Trying to create a new secure channel and re-requesting the keys. **"
  }
}

and original event source:

{
  "content": {
    "algorithm": "m.megolm.v1.aes-sha2",
    "ciphertext": "AwgAEoABut2YGIQWLDOz3Mb9K95rlydAaWp86KrOCIE7cLkf+ddI71Jcoo8qDa0IhFYZydKQ0UQvb3oJSVbi36PWv6rw9LKTp+cL7HsGKtpaVD4zt0cgd5QRxpFUsC97JJRjvCafuzHwq6KxVSBP4p1N1daqg90mT0OYxp6RZ9g/AQ9VuhwBlSeuJPPXR3B6SWaExjL7EP7DF1pPb4SPek6DOjCAQhBPvTxAt2EiSVifE9SGj0JeWiSXKORNOgihrUPCOUy/bYFhEf6nCQA",
    "device_id": "-1AjXBS3",
    "sender_key": "Vjc9Dmjzqt70M+ED1g2KzJTmirDc2Pmv6ktKVFAchgk",
    "session_id": "hBWmDgZ/aWG5dXgH2C0ZgzPTBdhfgDD9BzTR+R67j3E"
  },
  "event_id": "$XPPOB14D2eAvwhOpCWHA7SDdTmUV-30Qg0XHIl3lD_Y",
  "origin_server_ts": 1664677271050,
  "sender": "@user:mydomain.com",
  "type": "m.room.encrypted",
  "room_id": "!Ubzd0VN5WKGQ8D5U:mydomain.com"
}

Terminating their account and giving them a new one did not help. Only this person is affected so far. I can private chat them but they cannot participate in encrypted rooms.