Authentication can be achieved when both the sender and receiver have the same shared secret. However, this does not provides non-repudiation as the receiver can use the shared secret to forge a message and claim that it was sent by the sender.

To achieve non-repudiation, the receiver should only be able to verify that the message is sent by the sender but cannot generate the message themselves.