"The authenticity of this encrypted message can't be guaranteed on this device."
ie: the key has been forwarded, or retrieved from an insecure backup.
The (deprecated) sender_key field in the event does not match the Ed25519 key of the device that sent us the decryption keys.
An unknown reason from the crypto library (if you see this, it is a bug in matrix-js-sdk).
"Encrypted by an unknown or deleted device."
"Encrypted by a device not verified by its owner."
"Encrypted by an unverified user."
Reason codes for EventEncryptionInfo#shieldReason.