Classic cipher block chaining

Это простой вариант без initialization vector.

Генерируем ключ k нормальной длины;
Разбиваем plain_text на n блоков размером под длину ключа: $t_{1}, t_{2}, ..., t_{n}$;
Let’s say that you’ll encrypt a block by applying some function E(t) to it, and I’ll decrypt a block of ciphertext by applying some function D(t).
You create the first block of ciphertext, $c_{1}$, as you’d expect: $c_{1} = E(t_{1})$. But before encrypting the second block, you XOR it, bit by bit, with $c_{1}$, so that $c_{2} = E(c_{1} ⊕ t_{2})$. For the third block, you first XOR it with $c_{2}$: $c_{3} = E(c_{2} ⊕ t_{3})$. And so on, so that in general, you compute the ith block of ciphertext based on the (i-1)st block of ciphertext and the ith block of plaintext: $c_{i} = E(c_{i-1} ⊕ t_{i})$. This formula even works for computing $c_{1}$ from $t_{1}$ if you start with $c_{0}$ being all 0s.

Compute $t_{1} = D(c_{1})$
From $c_{1}$ and $c_{2}$, I can compute $c_{2}$ by first computing $D(c_{2})$, which equals $c_{1} ⊕ t_{2}$, and then XORing the result with $c_{1}$.

In general, I decrypt $c_{i}$ to determine $t_{i}$ by computing $t_{i} = D(c_{i}) ⊕ c_{i-1}$.

We still can not use one-time pad twice because Eva will get some useful information about plain_text. To solve it we can use Cipher block chaining with initialization vector.

Algorithms Unlocked - Thomas H. Cormen (2013)