Cipher systems are generally a lot more sophisticated than the XOR system you have described. In fact, XORing only really works if you have a key that has at least as many bits as the plain text message, and you only ever use the key to encrypt one message. This is called “one time pad” encryption.

In most crypto systems, the key is not directly combined with the plain text. Rather it controls the transformation performed by the crypto algorithm. Ideally, the transformation performed by the algorithm is too complicated to reverse without knowing or guessing the key. Thus, in the ideal situation, the number of bits in the key determines the average number of guesses needed to crack by “brute force”.

In practice however, a cryptologist can glean clues from the cipher text (i.e. the encrypted message) that can reduce the search space, so that a larger number of bits need to be used. This is particularly true for the public key encryption systems that we normally use. These systems are based on mathematical calculations that are hard to reverse (e.g. multiplication of pairs of large prime numbers) and the number of bits determines the “problem” size of performing the reverse calculation (e.g. factorization of the product of two large primes).

You are interested in how the key is “applied” to the plain text. The answer to that is that it varies from one crypto system to another, and that the process is typically rather complicated. The question is not amenable to a general answer.