thank you for your replies! how likely is it that two addresses will be used for a transaction?
That varies on the situation.
If I have a dozen addresses with funds on them in my wallet, let's say with 2.0 BTC received to each address. If I then send out a 5.0 BTC payment (call that Transaction A), then coin selection in that instance will consume (use as inputs) coins from 3 of my addresses.
So three out of twelve, in this instance, means there is a 25% chance that any two addresses would be linked together in that first transaction. In this instance, a 1.0 BTC "change" transaction will be returned to a new address in my wallet, but there's no way externally to know that this change was really sent to the same wallet as the remaining 2.0 BTC payments.
So that's where linking change with subsequent spends from that wallet gets difficult. Let's say the next payment I made (Transaction B) is then a 3.0 BTC payment that included the 1.0 returned as change and another of my 2.0 BTC addresses.
You might be able to say that this confirms your suspicion that a 2.0 BTC from Transaction A was from the same wallet as the 2.0 BTC spend as part of Transaction B. But you couldn't prove it because you don't know for sure that the 1.0 in change went back to the original wallet. These things all can help you to be able to point a finger, but alone they aren't enough to be considered as proof for anything.
If the two addresses happened to be used as inputs together in a transaction, then they both came from the same wallet.
Is this true? I was under the impression that you can (by protocol, if not by existing software) have a transaction with 2 inputs from different wallets by exchanging signatures without exchanging private keys. There are use cases where this would be done with addresses belonging to different people.
Heh, I wasn't aware of that or seen anything that would make that possible, but I don't know the details of the protocol at that level. If it were possible, then a service could really improve Bitcoin's anonymity by simply combining a bunch of unrelated inputs and a bunch of unrelated outputs to really disassociate the two. Interesting!