COCO’s security is based on the TLS protocol that is widely used over HTTP, but with the added simplification of removing cipher negotiation and instead of using a very strong cipher suite, using the Chacha-Poly1305 authenticated encryption algorithm, with Ed25519 signatures and ephemeral Diffie-Hellman for the key exchange.