Let $E$ be a secure elliptic curve, and $G$ is the basepoint with order $\ell$.
$(n,n)$ scheme:
$n$ key holders each randomly pick a private key $x_i$, compute a public key $X_i = [x_i]G$ and a hash commitment $H(X_i)$.
The key holders first exchange hash commitments, and only when all hash commitments have been shared do they then share their public keys with each other.
The secret is then encrypted using ECIES with the joint public key $\sum_{i=1}^n X_i$.
The secret can then only be decrypted if all key holders get together to combine their private keys to establish the joint private key $$\sum_{i=1}^n x_i \bmod \ell$$ corresponding to the joint public key.
If anyone leaks their private key, it can easily be observed which public key that private key correlates to.
$(n,k)$, $k$-threshold scheme:
For each possible choice of $k$ of $n$ private keys (the number of total possibilities will be the binomial coefficient$\binom{n}{k}$), encrypt the secret with a joint public key formed by the summation of that combination of public keys.
A coordinator can be used in order to reduce the number of communications required between parties. All messages sent to the coordinator need to be signed by each private key holder's well-established general communications public key (this is not the same public key as the one generated for each private key holder during this scheme). Relayed information (such as relayed commitments and relayed public keys) will retain the signature of the party that produced it, so that recipients do not have to trust the coordinator.
The key agreement stage of the protocol would require a total of $5n$ communications as follows:
The coordinator generates a message $m$ containing a nonce which identifies this particular invocation of the protocol, and sends $m$ to each private key holder. All communications transmitted by any party after this point must include $m$ so that communications cannot be mixed and matched between invocations of the protocol. All private key holders must remember each nonce used, in order to avoid providing two different responses for the same nonce value (at the same stage of the protocol).
All private key holders send their commitments to the coordinator
The coordinator transmits the collection of commitments to each private key holder
Each private key holder transmits their public key to the coordinator
The coordinator transmits the collection of public keys to each private key holder.
When the secret holder is ready to encrypt a secret, it will be encrypted with the joint public key and transmitted to all $n$ private key holders, thus requiring a further $n$ communications. As with all prior steps, the message $m$ containing the nonce is included in order to bind this communication to this particular invocation of the protocol.