This paper presents the first security evaluation of the Rijndael cipher with block sizes larger than 128 bits. We describe new higher-order multiset distinguishers for such large-block instances of Rijndael. Both Rijndael and the AES were designed to resist differential and linear cryptanalysis, which is indicated by the number of active S-boxes (minimum of 25 for 4-round AES) for the best differential and linear distinguishers, for which the probability and correlation values are estimated as 2–150 and 2–75. All of these Rijndael variants have been formally defined by their designers as extensions of the AES. We describe new 5-round distinguishers for Rijndael with 160 up to 256-bit blocks, all holding with certainty, and with many more than 25 active S-boxes. Keywords: Rijndael, higher-order multiset attacks, cryptanalysis.