The key broker acts as intermediary storage of keys for encrypting/decrypting a single operation. When markings are received in libmongocrypt, the key broker tracks all requested key ids and alt names. When key documents are received,  some entries are deduplicated (because a key may have been requested by both id and alt name, or multiple alt names). Due to a bug in this logic, it was possible for the key broker to lose key entries, resulting in an encryption/decryption failure due to missing key.