Lai and Massey designed IDEA in 1991 when Lai-Massey scheme was first used in the algorithm. Vaudenay in 1999 added a function σ which has the orthomorphic or α-almost orthomorphic property in Lai-Massey scheme, and proved that this construction could make Lai-Massey scheme satisfy the Luby-Rackoff theorem. In this paper, the provable security of Lai-Massey scheme against differential and linear cryptanalysis is investigated. Firstly, the infimum of the number of differentially active F-functions in Lai-Massey scheme is given no matter if F is an orthomorphism or not. Secondly, the results in this paper indicate that when F is an orthomorphism, the infimum of the number of differentially active F-functions is the same as that of Feistel scheme. Finally, a dual model is introduced to study the duality between the differential characteristic chains and linear approximation chains in Lai-Massey scheme, which can be used to obtain similar results of linear cryptanalysis for Lai-Massey scheme directly.